VPN for China

Express has one of the longer operational histories in China specifically — years of iterating obfuscation against an adversary that iterates back. The Lightway protocol with obfuscation handles protocol selection automatically, which matters in China because the right choice changes based on network conditions you can't see. The trade-off is the same as everywhere with Express: automatic means you're trusting the system's decisions. When the system makes the wrong call in China, you can't override it manually in the way you can with Proton. The Kape Technologies ownership is part of the context regardless of the operational record.

Visit ExpressVPN

Stealth is Proton's obfuscation protocol, designed to make VPN traffic indistinguishable from HTTPS at the packet level. It has a meaningful operational record in high-restriction environments including China. Where Proton differs from Express is in transparency: the Stealth implementation is documented, the open-source client can be inspected, and the configuration is accessible rather than hidden. Users who want to understand what their obfuscation is doing — not just trust that it's working — have more to work with here. The downside is that if Stealth doesn't connect, the troubleshooting is on you.

Visit ProtonVPN

Nord's Obfuscated Servers work for a wide range of restricted environments and for many users in China much of the time. The infrastructure scale means multiple obfuscated exit points to rotate between if one gets blocked. What Nord doesn't offer is protocol-level obfuscation depth — the obfuscation sits above the protocol rather than redesigning the traffic fingerprint from scratch. In routine conditions this is sufficient. During periods of intensified filtering, the gap between surface obfuscation and deeper disguise becomes real.

Visit NordVPN

Mullvad's Shadowsocks and bridge support give it a technically sound obfuscation layer. The no-account architecture means that even if your traffic pattern is observed, there's no account identity to associate with it. The constraint for China specifically is server coverage: Mullvad's network is smaller and more geographically concentrated than the large commercial providers. If the exit nodes closest to Hong Kong or nearby regions get blocked during a filtering surge, your options narrow quickly.

Visit Mullvad

Set up and test before you arrive. The GFW blocks VPN providers' own websites and app stores — downloading or configuring a VPN after landing is difficult and sometimes impossible. The VPN app needs to be installed, the obfuscation mode needs to be enabled, and at least one working server connection confirmed, while you're still on an unrestricted network.

Some providers work in China intermittently — connecting on some days, failing on others, failing entirely during sensitive periods. For occasional travellers who can tolerate interruption, intermittent is acceptable. For people working or living in China who depend on reliable access to foreign services, a provider with an operational track record in China specifically — not just general obfuscation credentials — is a different requirement.

The GFW intensifies around major anniversaries, national events, and legislative sessions. Providers that work reliably in ordinary conditions can become unreliable or fully blocked during these windows. The ones with the deepest obfuscation implementations, the largest IP rotation pools, and the longest operational history in China are the most likely to maintain some connectivity when the filtering ramps up. No provider guarantees it.

VPN use by foreign nationals in China exists in a legal grey area. Enforcement against tourists is rare. The legal restrictions are primarily directed at providers and at Chinese citizens using unauthorised VPNs, not at visitors using commercial services for ordinary browsing. The practical risk profile for a foreign traveller is different from the legal text — but only you can assess how much that distinction matters for your situation.