While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.
Citizen Lab Research
Investigations into the prevalence and impact of digital espionage operations against civil society groups.
لقد حددنا تسعة نشطاء بحرينيين تم اختراق أجهزتهم الآيفون باستخدام برنامج تجسس “Pegasus” من NSO Group في الفترة ما بين يونيو 2020 و فبراير 2021. بعض النشطاء قد تم اختراقهم باستغلال ثغرتين zero-click في iMessage, كنا قد سمينا الثغرتين التي تم اكتشافها في 2020 ب KISMET، أما الثغرة المستخدمة في 2021 فنسميها FORCEDENTRY
We identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (a Shiite Bahraini political society).
Studies of Internet filtering, network interference, and other technologies and practices that impact freedom of expression online.
The Citizen Lab, OutRight Action International, and the Open Observatory of Network Interference (OONI) collaborated to conduct research on LGBTIQ website censorship and its impact on LGBTIQ communities. The results indicate the technical and legal obstacles many users have in accessing LGBTIQ news, health, and human rights websites.
Tujuan dari penelitian kami adalah sebagai berikut. Mendokumentasikan situs web LGBTIQ mana yang diblokir di enam negara; Menyelidiki bagaimana penyensoran situs LGBTIQ berdampak pada komunitas LGBTIQ lokal dan gerakan mereka untuk mengamankan keadilan dan kesetaraan; dan
Menentukan bagaimana Penyedia Jasa Internet (ISP) lokal menerapkan pemblokiran situs web.
This submission outlines Canadian technology companies and the threat they pose to human rights abroad, as well as suggests mechanisms the Government of Canada’s RBC strategy can adopt to address the harmful impacts of Canadian-made technology.
Examinations of transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.
Given our experiences, we have specific recommendations for how any federal commercial privacy legislation must be amended to better protect individuals from the predations and power of private organizations. In making our recommendations we have chosen to focus almost exclusively on the Openness and Transparency, Access to and Amendment of Personal Information, and Whistleblower sections of Bill C-11.
The solution to Canada’s 5G problems will not be found in policies that principally address one company. Instead, a robust and vendor-neutral approach is required.
It is encouraging to see the provincial government undertake efforts to improve the state of privacy law in Ontario, given the increasingly ubiquitous data commodification and surveillance of our behaviours, bodies, online and offline activities, and lives. To that end, the Citizen Lab submitted a brief which included 21 recommendations for legal and policy reform in Ontario, with a view to strengthening the privacy and data protection rights of individuals in the province.
Research into privacy, security, and information controls of popular applications.
On August 18, the Citizen Lab published an analysis of Apple product engraving services and observed censorship. In this post, we discuss the significance of the findings with report authors. What has your study of Apple engraving services revealed? We analyzed Apple’s filtering of product engravings in six regions, discovering 1,105 keyword filtering rules used… Read more »
Within mainland China, we found that Apple censors political content including broad references to Chinese leadership and China’s political system, names of dissidents and independent news organizations, and general terms relating to religions, democracy, and human rights. And across all six regions, we found that Apple’s content moderation practices pertaining to derogatory, racist, or sexual content are inconsistently applied and that Apple’s public-facing documents failed to explain how it derives their keyword lists.
2021 年 3 月 22 日，公民實驗室發佈了一篇研究報告，比較 TikTok 與抖音的安全、隱私及言論審查。我們將於本文中與研究員 Pellaeon Lin 討論他的研究發現。
Outputs related to the global community of practice that the Citizen Lab helps to cultivate through our Cyber Stewards Network, various fellowships, and events.
Findings from this study underscore that online and offline threats should not be viewed as separate phenomena, but rather as overlapping and mutually reinforcing.
Cyber Steward Network partner Asociación por los Derechos Civiles (ADC) will lead a public hearing at the 167 extraordinary period of session of the Inter-American Commission on Human Rights (IACHR). Taking place on February 28 at 11:30 am EST, the hearing is titled “Digital Intelligence, Cybersecurity, and Freedom of Expression in America”. The topics to be addressed in… Read more »
Cyber Stewards Network organization Sula Batsu Cooperativa has been honoured with a 2017 EQUALS in Tech Award. Presented at the Internet Governance Forum at the United Nations in December, Kemly Camacho– Sula Batsu Coordinator– accepted the award on behalf of the group. They were recognized in the Leadership category for their work to create women-led… Read more »
While the Citizen Lab is primarily focused on high-level academic research, we also produce accessible tools and educational resources to help everyone better navigate their online lives. Below are some of the latest projects that are aimed at making everyone safer online.