Citizen Lab
Research

Citizen Lab research includes: investigating digital espionage against civil society, documenting Internet filtering and other technologies and practices that impact freedom of expression online, analyzing privacy, security, and information controls of popular applications, and examining transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.

Targeted Threats

Investigations into the prevalence and impact of digital espionage operations against civil society groups.

Latest Research

Running in Circles: Uncovering the Clients of Cyberespionage Firm Circles

Circles is a surveillance firm that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe, and is affiliated with NSO Group, which develops the oft-abused Pegasus spyware. Using Internet scanning, we found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments, enabling us to identify Circles deployments in at least 25 countries.

Dark Basin: Uncovering a Massive Hack-For-Hire Operation

Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.

Read More from Targeted Threats

Free Expression Online

Studies of Internet filtering, network interference, and other technologies and practices that impact freedom of expression online. 

Latest Research

微信监控诠释

公民实验室2020年5月7日发布报告指出,中国最流行的社交媒体软件微信是对平台上的文档和图像内容实施监控,并使用监控所得的数据训练其审查系统。本文是对该报告的概述,以及与研究团队的一些常见问答。

Read More from Free Expression Online

Transparency and Accountability

Examinations of transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.

Latest Research

Submission to the Ministry of Government and Consumer Services Consultation: Strengthening Privacy Protections in Ontario

It is encouraging to see the provincial government undertake efforts to improve the state of privacy law in Ontario, given the increasingly ubiquitous data commodification and surveillance of our behaviours, bodies, online and offline activities, and lives. To that end, the Citizen Lab submitted a brief which included 21 recommendations for legal and policy reform in Ontario, with a view to strengthening the privacy and data protection rights of individuals in the province.

Access My Info: How a Team of Researchers Investigated Data Access Rights around the World

Using the AMI approach, partners have launched projects around the world, including in Australia, Canada, Hong Kong, Indonesia, Malaysia, and South Korea. These projects focused on making data access requests to telecommunications companies in each country, led by a local researcher and a team of volunteers. Every country has specific laws, regulations, and corporate mechanisms that present unique challenges and opportunities in accessing data, but the results of each provide insights into the larger ecosystem of data access. 

Read More from Transparency and Accountability

App Privacy and Controls

Research into privacy, security, and information controls of popular applications.

Latest Research

COVID-KAYA and the Exposure of Healthcare Worker Data in the Philippines (Tagalog)

Ang COVID-KAYA ay isang platform na ginagamit ng mga frontline healthcare workers sa Pilipinas para mangolekta at magbahagi ng mga kaso ng COVID-19 sa Kagawaran ng Kalusugan. Natagpuang nagtataglay ng mga kahinaan ang web at Android apps nito, na pinapayagan ang mga walang pahintulot na user na makuha ang pribadong datos tungkol sa mga gumagamit ng app, at maaring maging ang datos ng mga pasyente.

Unmasked: COVID-KAYA and the Exposure of Healthcare Worker Data in the Philippines

COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.

تحرك بسرعة واستخدم تشفيرك الخاص: نظرة سريعة على سرية اجتماعات Zoom

يفحص هذا التقرير التشفير الذي يحمي الاجتماعات في تطبيق Zoom الرائج. وجدنا أن Zoom لديه نظام تشفير “خاص به” ، ويحتوي على نقاط ضعف كبيرة. بالإضافة إلى ذلك حددنا نقاط تثير القلق في البنية التحتية لـ Zoom ، بما في ذلك نقل مفاتيح التشفير للاجتماعات عبر الصين.

Read More from App Privacy and Controls

Global Research Network

Outputs related to the global community of practice that the Citizen Lab helps to cultivate through our Cyber Stewards Network, various fellowships, and events.

Latest Research

Asociación por los Derechos Civiles to hold public session at Inter-American Commission on Human Rights

Cyber Steward Network partner Asociación por los Derechos Civiles (ADC) will lead a public hearing at the 167 extraordinary period of session of the Inter-American Commission on Human Rights (IACHR). Taking place on February 28 at 11:30 am EST, the hearing is titled “Digital Intelligence, Cybersecurity, and Freedom of Expression in America”. The topics to be addressed in… Read more »

Sula Batsu Honoured with 2017 EQUALS in Tech Award

Cyber Stewards Network organization Sula Batsu Cooperativa has been honoured with a 2017 EQUALS in Tech Award. Presented at the Internet Governance Forum at the United Nations in December, Kemly Camacho– Sula Batsu Coordinator– accepted the award on behalf of the group. They were recognized in the Leadership category for their work to create women-led… Read more »

Read More from Global Research Network

Tools & Resources

While the Citizen Lab is primarily focused on high-level academic research, we also produce accessible tools and educational resources to help everyone better navigate their online lives. Below are some of the latest projects that are aimed at making everyone safer online.

Access My Info

Access My Info is a project designed to understand what can be learned about company data practices by filing data access requests (DARs), seeking access to the requester’s personal information held by a company.

Net Alert

Understanding the technical and social contexts of digital threats can help users make better choices. Net Alert pairs rich visuals with everyday language to show how both higher risk groups and general audiences can protect themselves from some of the most common online attacks.
Read More from Tools & Resources