Our forensic analysis of two iPhones belonging to Hubbard found evidence of Pegasus infections in July 2020 and June 2021. Notably, these infections occurred after Hubbard reported in January 2020 that we found that he was targeted in 2018 by the Saudi Arabia-linked Pegasus operator that we call KINGDOM.
Citizen Lab Research
Investigations into the prevalence and impact of digital espionage operations against civil society groups.
While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.
لقد حددنا تسعة نشطاء بحرينيين تم اختراق أجهزتهم الآيفون باستخدام برنامج تجسس “Pegasus” من NSO Group في الفترة ما بين يونيو 2020 و فبراير 2021. بعض النشطاء قد تم اختراقهم باستغلال ثغرتين zero-click في iMessage, كنا قد سمينا الثغرتين التي تم اكتشافها في 2020 ب KISMET، أما الثغرة المستخدمة في 2021 فنسميها FORCEDENTRY
Studies of Internet filtering, network interference, and other technologies and practices that impact freedom of expression online.
The Citizen Lab, OutRight Action International, and the Open Observatory of Network Interference (OONI) collaborated to conduct research on LGBTIQ website censorship and its impact on LGBTIQ communities. The results indicate the technical and legal obstacles many users have in accessing LGBTIQ news, health, and human rights websites.
Tujuan dari penelitian kami adalah sebagai berikut. Mendokumentasikan situs web LGBTIQ mana yang diblokir di enam negara; Menyelidiki bagaimana penyensoran situs LGBTIQ berdampak pada komunitas LGBTIQ lokal dan gerakan mereka untuk mengamankan keadilan dan kesetaraan; dan
Menentukan bagaimana Penyedia Jasa Internet (ISP) lokal menerapkan pemblokiran situs web.
This submission outlines Canadian technology companies and the threat they pose to human rights abroad, as well as suggests mechanisms the Government of Canada’s RBC strategy can adopt to address the harmful impacts of Canadian-made technology.
Examinations of transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.
Citizen Lab researchers reviewed the consultation materials, including the “Technical Paper” and the “Discussion Guide” associated with the government’s proposal to address what it has referred to as “online harms.” We provide the following comments in response to that consultation process.
On September 28, the Citizen Lab published an analysis of COVID-19 data collection practices. In this post, we discuss the significance of the findings with report authors.
In this report, we undertake a preliminary comparative analysis of how different information technologies were mobilized in response to COVID-19 to collect data, the extent to which Canadian laws impeded the response to COVID-19, and the potential consequences of reforming data protection or privacy laws to enable more expansive data collection, use, or disclosure of personal information in future health emergencies.
Research into privacy, security, and information controls of popular applications.
“Smart” in-store shopping carts, developed by Caper and used by Sobeys, issue electronic receipts via SMS message and share a URL that uses an easily predictable format. These receipts contain a number of personal data points, including the customer’s partial credit/debit/Air Miles card numbers, a full list of purchases, and the date, time, and location of the customer’s purchase.
On August 18, the Citizen Lab published an analysis of Apple product engraving services and observed censorship. In this post, we discuss the significance of the findings with report authors. What has your study of Apple engraving services revealed? We analyzed Apple’s filtering of product engravings in six regions, discovering 1,105 keyword filtering rules used… Read more »
Within mainland China, we found that Apple censors political content including broad references to Chinese leadership and China’s political system, names of dissidents and independent news organizations, and general terms relating to religions, democracy, and human rights. And across all six regions, we found that Apple’s content moderation practices pertaining to derogatory, racist, or sexual content are inconsistently applied and that Apple’s public-facing documents failed to explain how it derives their keyword lists.
Outputs related to the global community of practice that the Citizen Lab helps to cultivate through our Cyber Stewards Network, various fellowships, and events.
Findings from this study underscore that online and offline threats should not be viewed as separate phenomena, but rather as overlapping and mutually reinforcing.
Cyber Steward Network partner Asociación por los Derechos Civiles (ADC) will lead a public hearing at the 167 extraordinary period of session of the Inter-American Commission on Human Rights (IACHR). Taking place on February 28 at 11:30 am EST, the hearing is titled “Digital Intelligence, Cybersecurity, and Freedom of Expression in America”. The topics to be addressed in… Read more »
Cyber Stewards Network organization Sula Batsu Cooperativa has been honoured with a 2017 EQUALS in Tech Award. Presented at the Internet Governance Forum at the United Nations in December, Kemly Camacho– Sula Batsu Coordinator– accepted the award on behalf of the group. They were recognized in the Leadership category for their work to create women-led… Read more »
While the Citizen Lab is primarily focused on high-level academic research, we also produce accessible tools and educational resources to help everyone better navigate their online lives. Below are some of the latest projects that are aimed at making everyone safer online.