Geedge Networks is a network security company that builds Internet censorship software for both China and foreign authoritarian regimes. The September 2025 Geedge Networks leak (GNL) exposed 572 GiB of internal documents, source code, and binaries from Geedge Networks and the related MESA lab. We analyze 6,915,266 domains extracted from the GNL and compare them against the two most widely used domain lists in censorship research: Tranco and the CitizenLab test lists. Our analysis across 5 locations reveals that 298,955 censored GNL domains (93.7% of all censored GNL domains) are not included in either Tranco or the CitizenLab lists. While Tranco captures globally popular sites and CitizenLab monitors sensitive content categories, the GNL provides a vendor-side perspective on which domains commercial censorship systems consider of interest. By correlating censored domains with filepaths in the GNL, we reveal files containing domain lists likely to be related to censorship done by customers of Geedge Networks.
@article{sheffey2026geedge,
title={Geedge Cases: Censorship Measurement Insights from the Geedge Networks Leak},
author={Sheffey, Jade and Zohaib, Ali and Wu, Mingshi and Houmansadr, Amir},
journal={Free and Open Communications on the Internet},
year={2026}
}