Citizen Lab
Research

Citizen Lab research includes: investigating digital espionage against civil society, documenting Internet filtering and other technologies and practices that impact freedom of expression online, analyzing privacy, security, and information controls of popular applications, and examining transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.

Targeted Threats

Investigations into the prevalence and impact of digital espionage operations against civil society groups.

Latest Research

Dark Basin: Uncovering a Massive Hack-For-Hire Operation

Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.

Stopping the Press: New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator

New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.” The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM. We have linked KINGDOM to Saudi Arabia. In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir, and Yahya Assiri, as well as a staff member at Amnesty International.

Read More from Targeted Threats

Free Expression Online

Studies of Internet filtering, network interference, and other technologies and practices that impact freedom of expression online. 

Latest Research

微信监控诠释

公民实验室2020年5月7日发布报告指出,中国最流行的社交媒体软件微信是对平台上的文档和图像内容实施监控,并使用监控所得的数据训练其审查系统。本文是对该报告的概述,以及与研究团队的一些常见问答。

微信監控诠釋

公民實驗室2020年5月7日發布報告指出,中國最流行的社交媒體軟件微信是對平台上的文檔和圖像內容實施監控,並使用監控所得的數據訓練其審查系統。本文是對該報告的概述,以及與研究團隊的一些常見問答。

WeChat Surveillance Explained

On May 7 2020, the Citizen Lab published a report that documents how WeChat (the most popular social app in China) conducts surveillance of images and files shared on the platform and uses the monitored content to train censorship algorithms. This document provides a summary of the research findings and questions and answers from the research team.

Read More from Free Expression Online

Transparency and Accountability

Examinations of transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.

Latest Research

Access My Info: How a Team of Researchers Investigated Data Access Rights around the World

Using the AMI approach, partners have launched projects around the world, including in Australia, Canada, Hong Kong, Indonesia, Malaysia, and South Korea. These projects focused on making data access requests to telecommunications companies in each country, led by a local researcher and a team of volunteers. Every country has specific laws, regulations, and corporate mechanisms that present unique challenges and opportunities in accessing data, but the results of each provide insights into the larger ecosystem of data access. 

Canada’s New and Irresponsible Encryption Policy: How the Government of Canada’s New Policy Threatens Charter Rights, Cybersecurity, Economic Growth, and Foreign Policy

The proposed rationales for weakening encryption would exchange marginal gains in limited investigative situations for significant loses with regards to Canadians’ abilities to exercise their rights and freedoms while simultaneously undermining cybersecurity, economic development, and foreign affairs. Minister Goodale should stop calling persons with well-considered policy positions on the importance of enabling the availability of strong encryption as supporters of child abusers, and get on with his job of trying to keep Canadians safe instead of endangering them with his irresponsible and dangerous encryption policy.

Read More from Transparency and Accountability

App Privacy and Controls

Research into privacy, security, and information controls of popular applications.

Latest Research

تحرك بسرعة واستخدم تشفيرك الخاص: نظرة سريعة على سرية اجتماعات Zoom

يفحص هذا التقرير التشفير الذي يحمي الاجتماعات في تطبيق Zoom الرائج. وجدنا أن Zoom لديه نظام تشفير “خاص به” ، ويحتوي على نقاط ضعف كبيرة. بالإضافة إلى ذلك حددنا نقاط تثير القلق في البنية التحتية لـ Zoom ، بما في ذلك نقل مفاتيح التشفير للاجتماعات عبر الصين.

Zoom’s Waiting Room Vulnerability

In this note, we describe a security issue where users in the “Waiting Room” of a Zoom meeting could have spied on the meeting, even if they were not approved to join. Zoom fixed the issue after we reported it to them.

Move Fast and Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings

This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys to China.

Read More from App Privacy and Controls

Global Research Network

Outputs related to the global community of practice that the Citizen Lab helps to cultivate through our Cyber Stewards Network, various fellowships, and events.

Read More from Global Research Network

Tools & Resources

While the Citizen Lab is primarily focused on high-level academic research, we also produce accessible tools and educational resources to help everyone better navigate their online lives. Below are some of the latest projects that are aimed at making everyone safer online.

Access My Info

Access My Info is a project designed to understand what can be learned about company data practices by filing data access requests (DARs), seeking access to the requester’s personal information held by a company.

Net Alert

Understanding the technical and social contexts of digital threats can help users make better choices. Net Alert pairs rich visuals with everyday language to show how both higher risk groups and general audiences can protect themselves from some of the most common online attacks.
Read More from Tools & Resources