Pellaeon Lin


解读 WeChat 生态系统中的隐私问题

该报告通过审查 WeChat 应用程序在其各种功能正常运行期间收集并发送到 WeChat 服务器的数据,对流行应用程序 WeChat 的隐私问题进行了分析。我们发现,他们收集的使用数据多于 WeChat 隐私政策中披露的程度。

WeChat 生態系統的隱私權解析

這份報告檢視熱門應用程式 WeChat 在其各種功能的正常運作過程中所蒐集並傳送至 WeChat 伺服器的資料,以此分析該應用程式存在的隱私問題。我們發現,WeChat 蒐集的使用資料比在隱私權政策中公布的還要多。

Should We Chat? Privacy in the WeChat Ecosystem

We conducted the first analysis of WeChat’s tracking ecosystem. Using reverse engineering methods to intercept WeChat’s network requests, we identified exactly what types of data the WeChat app is sending to its servers, and when. This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.

Privacy in the WeChat Ecosystem Explained

This FAQ accompanies the full report on privacy in the WeChat ecosystem. We analyzes privacy issues with popular app WeChat by reviewing the data collected by the app and sent to WeChat servers during the regular operation of its various features. We find that they collect more usage data than is disclosed in the WeChat privacy policy.

Privacy and Security Analysis of the IATA Travel Pass Android App

The IATA Travel Pass (ITP), a global, opt-in app to receive, store, and share digital COVID-19 test certificates for flights, has a critical flaw in its registration process which allows an attacker to impersonate another user, needing only to know the user’s passport details but not possess the passport itself.

關於 TikTok 與抖音的常見問題

2021 年 3 月 22 日,公民實驗室發佈了一篇研究報告,比較 TikTok 與抖音的安全、隱私及言論審查。我們將於本文中與研究員 Pellaeon Lin 討論他的研究發現。

Unmasked: COVID-KAYA and the Exposure of Healthcare Worker Data in the Philippines

COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.