Featured Publications

The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers

In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine apps identified contained vulnerabilities that could be exploited to completely reveal the contents of users’ keystrokes in transit. We estimate that up to one billion users could be vulnerable to having all of their keystrokes intercepted, constituting a tremendous risk to user security.

PAPERWALL: Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content

A network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firm’s official website and the network. These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.

Chinese censorship following the death of Li Keqiang

As part of our ongoing project monitoring changes to Chinese search censorship, we tracked changes to censorship following Li Keqiang’s death across seven Internet platforms: Baidu, Baidu Zhidao, Bilibili, Microsoft Bing, Jingdong, Sogou, and Weibo. We found that some keyword combinations in search queries triggers hard censorship whereas others trigger soft censorship. Our results demonstrate China’s ongoing efforts to push state-sanctioned narratives concerning politically sensitive topics, impacting the integrity of the online information environment.

Lifting the lid off the Internet.

The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research and development at the intersection of information and communication technologies, human rights, and global security. Learn more.

Get the latest Citizen Lab news right in your inbox.

Subscribe below.

Privacy Policy

Features & News

Op-ed by Kate Robertson and Ron Deibert in The Globe and Mail

The Parliament of Canada is expected to move forward with Bill C-26, which aims to improve the country’s cyber readiness. In an opinion piece for the Globe and Mail, the Citizen Lab’s Kate Robertson and Ron Deibert caution that the federal bill has the potential to jeopardize the security of telecommunications for everyone in Canada…. Read more »

Call for applications: Information Controls Fellowship Program 2024

The Citizen Lab co-founded the program with OTF and has been a host organization since its inception. We welcome proposals from fellowship candidates for research projects related to our current thematic areas and applications are open to people from a variety of backgrounds and disciplines and can include students and junior to mid-career practitioners.

Mobile security vulnerabilities threaten millions in Latin America: ICFP and Citizen Lab fellow Beau Kujath finds security vulnerabilities in mobile applications in Latin America region.

In a new study, Citizen Lab sheds light on the massive security threats facing Latin Americans. Citizen Lab and Open Technology Fund (OTF) fellow Beau Kujath in collaboration with SocialTIC finds that mobile applications in Latin America puts millions of users at a security and privacy risk. Beau’s research focuses on three types of mobile… Read more »

Featured Video

Mercenary spyware: Defending against what’s next – iMEdD International Journalism Forum 2023