Move Fast and Roll Your Own Crypto
A Quick Look at the Confidentiality of Zoom Meetings

This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys to China.

Featured Publications

Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator

New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.” The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM. We have linked KINGDOM to Saudi Arabia. In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir, and Yahya Assiri, as well as a staff member at Amnesty International.

Lifting the lid off the Internet.

The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research and development at the intersection of information and communication technologies, human rights, and global security. Learn more.

Get the latest Citizen Lab news right in your inbox. Subscribe below.

Privacy Policy

Features & News

New York Times: WhatsApp Says Israeli Firm Used Its App in Spy Program

As part of our investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East, and North America that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.

Access My Info: How a Team of Researchers Investigated Data Access Rights around the World

Using the AMI approach, partners have launched projects around the world, including in Australia, Canada, Hong Kong, Indonesia, Malaysia, and South Korea. These projects focused on making data access requests to telecommunications companies in each country, led by a local researcher and a team of volunteers. Every country has specific laws, regulations, and corporate mechanisms that present unique challenges and opportunities in accessing data, but the results of each provide insights into the larger ecosystem of data access. 

CLSI 2019 in Review

CLSI brings together academics, researchers, activists, and frontline workers and asks them to address some of the most pressing issues at the intersection of digital security and human rights.

Featured Video

CBC: WhatsApp Attributes Hack of 1,400 Users to NSO Group Technology

Citizen Lab senior researcher John Scott-Railton discusses why WhatsApp is suing NSO Group after discovering their spyware was used to target 1,400 users—100 of whom were members of civil society—and why this is a significant bellwether.

Unless otherwise noted this site and its contents are licensed under a Creative Commons Attribution 2.5 Canada license.

Munk School of Global Affairs & Public Policy | University of Toronto