1. At the time it was the only nation state that had specialty infrastructure except for maybe the US.
2. There were specific infrastructure changes made for blocking and sending logs inside mainland china.
3. The CDN node would deny access to specific urls uploaded by the Chinese partner company. I don't remember the SLA. The SLA for reporting visited URLs was 15m IIRC
I worked on the censorship and government reporting (sending all logs) infrastructure for Akamai China CDN. I'm glad to see it get shut down. Happy to answer questions.
I was powerless to stop it. I was just a junior engineer, and it was decided by the CEO to do the project. So, actually, I feel I made the right choice -- I participated in the project but worked hard on making sure it was as limited as possible. I successfully advocated for several categories of logs to not be sent because they were not required by law.
So, yes, I regret I couldn't do more, but I don't regret the choices I made with the information I had and the position I was in.
All of the sites served had an ICP license. This is separate, and the CDNs in China have regulations specific to CDNs they need to comply with.
At the time, Akamai also had the capability to stream logs, but the ministry of technology required a specific, custom interface to receive them, which required engineering work, especially to do it for an entire country without the customers configuring it themselves. I would be extremely surprised if it required no engineering work at Amazon or Cloudflare to deliver the logs in the way they requested.
When I was at Akamai about 5 years ago, I was involved in building the system for making their CDN compliant in China. There were two main features, and they were activated on all servers running inside mainland china (not HK, macau or Taiwan)
1. Logs of the CDN were sent in real time to the ministry of technology -- there was about a 15 minute delay if I remember correctly, and they could impose fines if they were delayed. The log included the url visited, the IP address of the visitor, and a few other things. Perhaps the user agent? I forget.
2. The ministry of technology had a special API to block URLs on the CDN. Basically, they provided a list of URLs that would return a 451, and of course those logs also went to the government.
No other country had this kind of access at the time, but it was considered critical for the business to continue to operate in China. As I understand it, these are required to comply with chinese government regulations, and other CDNs like Cloudflare and Cloudfront have also built similar capabilities. Perhaps jgrahamc can comment on what cloudflare did?
I feel quite guilty about being involved with that project, but the business was set on building it, so I did what I could to limit the blast radius. I would not be surprised if someone got arrested or was killed because of it.
2. There were specific infrastructure changes made for blocking and sending logs inside mainland china.
3. The CDN node would deny access to specific urls uploaded by the Chinese partner company. I don't remember the SLA. The SLA for reporting visited URLs was 15m IIRC