Tencent, the $700 billion Chinese tech giant, wanted to silence a website that documents censorship on WeChat. The site, FreeWeChat, is run by GreatFire.org and archives posts that disappear from WeChat’s public platform, which means over 700,000 censored posts preserved for journalists and researchers.
One problem: FreeWeChat was hosted on infrastructure outside China so Tencent couldn’t just order it gone.
Instead, they laundered the censorship request, in what we should classify as an integrity breach of the GreatFire hosting provider.
The Attack Chain
Tencent to Gandi (France) to Group IB (Singapore) to Vultr (America).
Vultr’s Trust & Safety team looked at a trademark dispute letter, but Group IB actually said the quiet part out loud:
[FreeWeChat] is displaying articles which are censored/blocked by WeChat official channels.
That’s a data integrity attack.
There was no legal violation.
There was only journalism about censorship.
The complaint that GreatFire was doing its job was dressed up to fool Americans into enabling foreign state censorship.
Vultr Breach
Vultr suspended GreatFire’s servers within days. Then stonewalled for five months. Ignored detailed legal rebuttals. Ignored a letter from 17 human rights organizations. Ignored inquiries from NYU’s Technology Law & Policy Clinic.
On November 28, 2025, they terminated the account “without cause”, a betrayal of trust.
If Vultr believed the trademark claims had merit, they’d have terminated for cause and cited them. Instead they used a generic ToS provision that doesn’t require them to articulate a reason.
Their ToS Section 9(b) gives them the power to terminate with cause for IP violations: “(ii) have infringed or violated any intellectual property right.” If Tencent’s claims had merit, they could have used 9(b). They didn’t. They used 9(a) instead, “no reason”.
It’s a backdoor, it’s a safety gap, designed to foreclose moral accounting. They chose not to choose, which is itself a choice, and the most cowardly one available.
Vultr had leverage over GreatFire’s mission; that leverage came with trust and safety obligations they refused.
Untrustworthy Infrastructure
This is all about infrastructure resilience, data availability.
Authoritarian norms spread not by conquest but by exploiting vulnerabilities. Foreign states see now that American corporate compliance systems are vulnerable, not protective. Send a threatening letter dressed in IP language, and companies are easily breached. The Americans wither and run rather than defend a small customer against attack.
It’s censorship laundering, a targeted integrity breach.
The request gets cleaned through enough intermediaries and legal-sounding language that a Florida tech company processing it claims that censorship is policy and knocks their own customer offline.
The historical parallel isn’t subtle.
Authoritarian regimes have always sought extraterritorial reach by demanding that other countries return dissidents, suppress publications, enforce their speech rules beyond their borders. This cloud-native version just routes through Terms of Service instead of treaties.
What Now
If you’re a Vultr customer: LEAVE NOW, before you are breached.
Tell them why. Integrity breach by China.
If you’re a journalist: this is a clean story about security vulnerability in cloud providers. American tech enforces Chinese censorship, a Tencent complaint about “censored/blocked” content.
If you’re at another hosting provider: check your Trust & Safety processes protect trust and safety. Are you vulnerable to breach by pretextual abuse?
Contact Vultr directly. David Aninowsky and JJ Kardwell are real people who allowed their company to become an instrument of Chinese state censorship. They should have to own that:
- David Aninowsky, Founder and Executive Chairman: contact
- JJ Kardwell, CEO: contact
GreatFire has moved FreeWeChat to another provider, a disaster recovery plan for an integrity breach. Vultr remains breached, vulnerable to attack.
