SLAPP: The “Stealthy Way” of Censorship
A take-down attempt of FreeWechat.com reveals how anti-censorship efforts are being silenced through corporate proxies outside China's borders.
When we think of China’s extraterritorial censorship efforts, what usually comes to mind are state-sponsored hackers, media manipulation, or the intimidation of dissidents living abroad.
Less discussed, however, is the use of legal frameworks to silence sources of information that Beijing prefers to keep off the global internet.
GreatFire.org is an online platform dedicated to combating Chinese government censorship both inside and outside China. One of its flagship initiatives is FreeWechat.com, a freely accessible website that archives important WeChat content before it is censored, making it accessible to a broader audience. It serves as both a repository and a newsfeed for suppressed content from China.
For everyone who has lived under a rock the past decade: WeChat is the powerful “everything” app in China that holds a Chat client, online money transfer and a ton of other micro apps that lets you operate a micro-blog, book train tickets, taxi rides, pay your utility bills and many other functions. It is also one of the most surveilled and censored online spaces.
GreatFire.org is no stranger to attacks—its infrastructure and data collection methods have long been targeted by Chinese cyber operatives, and its members have faced online harassment and slander from Beijing-aligned propagandists. But now, it appears Chinese authorities have found a new, more subtle weapon: strategic legal pressure. NetAskari was able to see some documents provided by Freewechat.com that seem to strongly suggest such a scenario.
On June 12th, GreatFire.org received a notification from Cloudflare, the well known global CDN ( Content Distribution Network ) provider managing the www.freewechat.com domain. Cloudflare had been contacted by another of its clients alleging that the anti-censorship platform was infringing on the intellectual property rights of Tencent, WeChat’s parent company and one of China's most powerful digital operators.
The complaint was submitted not by Tencent directly, but by GROUP-IB, a cybersecurity company founded in 2003 in Russia and is headed today by Dmitry Volkov, a Singapore-based Russian IT professional. Volkov has also served as an advisor to Interpol since 2016, according to his LinkedIn profile.
The company itself was in the headlines in 2021 when one if it's initial founders, Ilya Sachkov, was arrested by Russian authorities for "treason". He was convicted to 14 years in prison for sharing "state secrets with a foreign intelligence service" in 2023, after which Group-IB exited the Russian market. Apparently a year before his arrest Sachkov accused the Russian state of covering for a criminal hacker and in general critisized the Russian government's handling of cyber security issues.
Group-IB's presentation is professional, operating a Twitter/X account with 3000+ followers, several "locations” including Amsterdam, Dubai and Tashkent and being an active partner to Interpol and Europol. It is officially presented as being headquartered in Singapore.
In its complaint to Cloudflare, GROUP-IB claimed that FreeWechat.com had misused Tencent’s intellectual property—specifically, a logo resembling the official WeChat logo, the publication of content previously removed by WeChat, and a QR code enabling the download of a FreeWeChat app. All acts that in the eyes of the plaintiff were facilitating fraudulent intentions and therefore were illegal. GROUP-IB asserted it was acting on behalf of Tencent, via another intermediary, the French domain provider Gandi.net.
Eventually Cloudflare contacted the website's host VULTR who passed it on to their client, FreeWechat.com.
On the surface, this appears to be a textbook example of a SLAPP (Strategic Lawsuit Against Public Participation): legal action—or even just the threat of it—used not to win in court, but to intimidate, burden, or silence critics.
But it raises the question: Why would a cyber security firm known for chasing ransomware groups and cyber criminals take aim at an anti-censorship website? Especially one targeting an authoritarian regime that openly promotes information control and aggressive censorship against critics.
Digital Risk or Delegated Censorship?
GROUP-IB, it turns out, has more than just a cybersecurity division. Their Digital Risk Protection unit promises “all-in-one online brand protection and digital risk mitigation.” Their systems, partially automated, are designed to detect brand misuse, counterfeit sites, phishing scams, and so-called “evil twins” of legitimate websites.
The unit is led by Andrey Busargin, another Russian national who seems to be professionally focused on trademark infringements.
So, was GROUP-IB simply acting on behalf of a client without fully understanding the context of the target? Perhaps. But based on the communication between GROUP-IB and VULTR (FreeWechat.com’s hosting provider), that seems doubtful.
FreeWechat.com promptly responded to the allegations, clarifying the use of the modified logo and the function of their app in context—intended to preserve and distribute already-censored content. Asking further for detailed documentation of GROUP-IB's relation to Tencent, which according to the information received by NetAskari was not met till the time of publication of this post.
After a little back and forth in which Freewechat.com tackles every accusation with a valid legal standpoint, GROUP-IB was not deterred. They escalated their complaint to VULTR, supplying a more detailed, legalistic take down demand. Despite the accused party taking it on with equally detailed legal defense, VULTR complied, even though no legal proceedings were ever initiated against GreatFire.org or FreeWechat.com. VULTR told freewechat.com that they could not host any of their current content on their servers anymore, though did not shut down the server itself.
To us at NetAskari, this appears to be an attempt by Tencent to silence FreeWechat.com under questionable claims of trademark infringement and content misuse. Given TENCENT’s subjection to Chinese censorship, it’s not far-fetched to view this as Beijing extending its control beyond its borders—though that remains our interpretation for now. Judging by the history of Group-IB's dealing with a very censorship focused government on their own, the decision to go after freewechat.com in this manner seems slightly out of character.
At the time of having shared their issue with NetAskari, FreeWechat.com has found a new host. But this may only be temporary. If service providers continue to fold under legally ambiguous pressure, this tactic will likely become more common. Why invest resources in tightening the Great Firewall (GFW) when you can simply pressure the platforms that provide access to uncensored information?
We at NetAskari will continue monitoring GROUP-IB’s actions. According to their website they seem to expand their operations in the Kingdom of Saudi Arabia. Are they unwitting tools in a broader censorship campaign? Or are they knowingly aiding Beijing’s efforts to control global narratives—for profit?
At this point, it’s to early to tell.