This report describes privacy and security issues with Baidu Browser, a web browser for the Windows and Android platforms. Our research shows that the application transmits personal user data to Baidu servers without encryption and with easily decryptable encryption, and is vulnerable to arbitrary code execution during software updates via man-in-the-middle attacks. Much of the data leakage is the result of a shared Baidu software development kit, which affects hundreds of additional applications.

Citizen Lab Director Ron Deibert hosted a Q&A session with Ben Wizner, Director of the American Civil Liberties Union’s (ACLU) Speech, Privacy, and Technology Project, and attorney for NSA whistleblower Edward Snowden. The event followed the screening of the CITIZENFOUR film.

In a guest post on JustSecurity co-authored with Tamir Israel of the Canadian Internet Policy & Public Interest Clinic (CIPPIC), Citizen Lab Postdoctoral Fellow Christopher Parsons urged a revaluation of Canada’s intelligence sharing with its Five Eyes allies.

A new report describing major security and privacy issues in several leading wearable fitness tracking devices and accompanying mobile applications. The research examined offerings by Apple, Basis, Fitbit, Garmin, Jawbone, Mio, Withings, and Xiaomi.

This report describes major security and privacy issues in several leading wearable fitness tracking devices and accompanying mobile applications.

Citizen Lab Senior Research Fellow Bill Marczak spoke to ABC Australia regarding the proxy server for the remote intrusion software FinFisher found in Sydney, Australia.

Palo Alto Networks cited the Citizen Lab report entitled “Communities @ Risk: Targeted Threats Against Civil Society.”

Citizen Lab Senior Research Fellow Claudio Guarnieri was named to Forbes 30 Under 30 list, in the Enterprise Technology section.

Canada’s Department of National Defence, and its associated research wing, Defence Research and Development Canada (DRDC), are looking to purchase software to analyze social media streams in real-time. Christopher Parsons weighs in on concerns of the possibility of accidentally collecting Canadians’ personal information.