Citizen Lab
Research

Citizen Lab research includes: investigating digital espionage against civil society, documenting Internet filtering and other technologies and practices that impact freedom of expression online, analyzing privacy, security, and information controls of popular applications, and examining transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.

Targeted Threats

Investigations into the prevalence and impact of digital espionage operations against civil society groups.

Latest Research

NSO Group / Q Cyber Technologies: Over One Hundred New Abuse Cases

The May 2019 WhatsApp Incident As reported in May 2019, WhatsApp identified and shortly thereafter fixed a vulnerability that allowed attackers to inject commercial spyware on to phones simply by ringing the number of a target’s device. Today Oct 29th, WhatsApp is publicly attributing the attack to NSO Group, an Israeli spyware developer that also… Read more »

Burned After Reading: Endless Mayfly’s Ephemeral Disinformation Campaign

Endless Mayfly is an Iran-aligned network of inauthentic websites and online personas used to spread false and divisive information primarily targeting Saudi Arabia, the United States, and Israel. Using this network as an illustration, this report highlights the challenges of investigating and addressing disinformation from research and policy perspectives.

Read More from Targeted Threats

Free Expression Online

Studies of Internet filtering, network interference, and other technologies and practices that impact freedom of expression online. 

Latest Research

“未阅先焚” 2: 微信如何实现实时审查用户对话中的敏感图片

本报告延续上一篇针对微信朋友圈图片过滤技术的研究,分析微信如何在聊天功能中实现实时图片过滤。微信是中国腾讯控股有限公司旗下的即时通讯应用,目前是中国最受欢迎的聊天软件之一,也是全球排名第四的最流行聊天软件。朋友圈是微信上最常用的功能之一,其中图片是用户最期望看到的内容分享形式。

(Can’t) Picture This 2: An Analysis of WeChat’s Realtime Image Filtering in Chats

In this work, we study how Tencent implements image filtering on WeChat. We found that Tencent implements realtime, automatic censorship of chat images on WeChat based on what text is in an image and based on an image’s visual similarity to those on a blacklist. Tencent facilitates this realtime filtering by maintaining a hash index of MD5 hashes of sensitive image files.

Read More from Free Expression Online

Transparency and Accountability

Examinations of transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.

Latest Research

Access My Info: How a Team of Researchers Investigated Data Access Rights around the World

Using the AMI approach, partners have launched projects around the world, including in Australia, Canada, Hong Kong, Indonesia, Malaysia, and South Korea. These projects focused on making data access requests to telecommunications companies in each country, led by a local researcher and a team of volunteers. Every country has specific laws, regulations, and corporate mechanisms that present unique challenges and opportunities in accessing data, but the results of each provide insights into the larger ecosystem of data access. 

Canada’s New and Irresponsible Encryption Policy: How the Government of Canada’s New Policy Threatens Charter Rights, Cybersecurity, Economic Growth, and Foreign Policy

The proposed rationales for weakening encryption would exchange marginal gains in limited investigative situations for significant loses with regards to Canadians’ abilities to exercise their rights and freedoms while simultaneously undermining cybersecurity, economic development, and foreign affairs. Minister Goodale should stop calling persons with well-considered policy positions on the importance of enabling the availability of strong encryption as supporters of child abusers, and get on with his job of trying to keep Canadians safe instead of endangering them with his irresponsible and dangerous encryption policy.

Read More from Transparency and Accountability

App Privacy and Controls

Research into privacy, security, and information controls of popular applications.

Latest Research

Installing Fear: A Canadian Legal and Policy Analysis of Using, Developing, and Selling Smartphone Spyware and Stalkerware Applications

This report provides an in-depth legal and policy analysis of technology-facilitated intimate partner surveillance (IPS) under Canadian law. Stalkerware apps are designed to facilitate remote surveillance of an individual’s mobile device use with the surveillance often being covert or advertised as such. Despite increasing recognition of the prevalence of technology-enabled intimate partner abuse and harassment, the legality of the creation, sale, and use of consumer-level spyware apps has not yet been closely considered by Canadian courts, legislators, or regulators.

The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry

This report was collaboratively written by researchers from computer science, political science, criminology, law, and journalism studies. As befits their expertise, the report is divided into several parts, with each focusing on specific aspects of the consumer spyware ecosystem, which includes: technical elements associated stalkerware applications, stalkerware companies’ marketing activities and public policies, and these companies’ compliance with Canadian federal commercial privacy legislation.

Fit Leaking: Citizen Lab Research on Fitness Tracker Privacy

The post covers several categories of information that can be gleaned from examining Strava’s fitness tracker data, ranging from enabling the identification of secret military facilities in “dark areas” to specific identifiable behaviour patterns of at-risk individuals.

Read More from App Privacy and Controls

Global Research Network

Outputs related to the global community of practice that the Citizen Lab helps to cultivate through our Cyber Stewards Network, various fellowships, and events.

Read More from Global Research Network

Tools & Resources

While the Citizen Lab is primarily focused on high-level academic research, we also produce accessible tools and educational resources to help everyone better navigate their online lives. Below are some of the latest projects that are aimed at making everyone safer online.

Access My Info

Access My Info is a project designed to understand what can be learned about company data practices by filing data access requests (DARs), seeking access to the requester’s personal information held by a company.

Net Alert

Understanding the technical and social contexts of digital threats can help users make better choices. Net Alert pairs rich visuals with everyday language to show how both higher risk groups and general audiences can protect themselves from some of the most common online attacks.

Security Planner

Security Planner is an easy-to-use guide with expert-reviewed advice for staying safer online.
Read More from Tools & Resources