Citizen Lab Research

Targeted Threats

Investigations into the prevalence and impact of digital espionage operations against civil society groups.

Latest Research

PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions

Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.

Beautiful Bauhinia: “HKLeaks” – The Use of Covert and Overt Online Harassment Tactics to Repress 2019 Hong Kong Protests

In August 2019 a wave of websites and social media channels, called “HKLEAKS,” began “doxxing” the identities and personal information of pro-democracy activists in Hong Kong. While the creators of these sites and channels claimed that HKLEAKS was the product of local volunteer communities, several indicators suggest a coordinated information operation conducted by professional actors in alignment with Chinese state interests.

Read More from Targeted Threats

Free Expression Online

Studies of Internet filtering, network interference, and other technologies and practices that impact freedom of expression online. 

Latest Research

Not OK on VK: An Analysis of In-Platform Censorship on Russia’s VKontakte

This report examines the accessibility of certain types of content on VK (an abbreviation for “VKontakte”), a Russian social networking service, in Canada, Ukraine, and Russia. Among these countries, we found that Russia had the most limited access to VK social media content, due to the blocking of 94,942 videos, 1,569 community accounts, and 787 personal accounts in the country.

Missing Links: A comparison of search censorship in China

We discovered over 60,000 unique censorship rules used to partially or totally censor search results across eight China-accessible search platforms analyzed. These findings call into question the ability of non-Chinese technology companies to better resist censorship demands than their Chinese counterparts.

Read More from Free Expression Online

Transparency and Accountability

Examinations of transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.

Latest Research

You Move, They Follow: Uncovering Iran’s Mobile Legal Intercept System

Citizen Lab examined a set of documents leaked to news outlet The Intercept that describe plans to develop and launch an Iranian mobile network, including subscriber management operations and services, and integration with a legal intercept solution. If implemented fully as envisioned, it would enable state authorities to directly monitor, intercept, redirect, degrade or deny all Iranians’ mobile communications, including those who are presently challenging the regime.

Mass Iris Scan Collection in Qinghai: 2019–2022

Police led mass iris scan collection in Qinghai, a region with a population that is 49.4% non-Han, including Tibetans and Hui Muslims. Iris scan collection is part of long-standing police intelligence gathering programs. Through this data collection, Qinghai’s police are effectively treating entire communities as populated by potential threats to social stability.

Mobility Data and Canadian Privacy Law Explained

Analysis and recommendations pertaining to the collection of de-identified mobility data and its use in Canadian privacy law. In this explainer, we discuss our findings and recommendations with Amanda Cutinha and Christopher Parsons, the report’s authors.

Read More from Transparency and Accountability

App Privacy and Controls

Research into privacy, security, and information controls of popular applications.

Latest Research

“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping

In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.

Read More from App Privacy and Controls

Global Research Network

Outputs related to the global community of practice that the Citizen Lab helps to cultivate through our Cyber Stewards Network, various fellowships, and events.

Latest Research

Asociación por los Derechos Civiles to hold public session at Inter-American Commission on Human Rights

Cyber Steward Network partner Asociación por los Derechos Civiles (ADC) will lead a public hearing at the 167 extraordinary period of session of the Inter-American Commission on Human Rights (IACHR). Taking place on February 28 at 11:30 am EST, the hearing is titled “Digital Intelligence, Cybersecurity, and Freedom of Expression in America”. The topics to be addressed in… Read more »

Sula Batsu Honoured with 2017 EQUALS in Tech Award

Cyber Stewards Network organization Sula Batsu Cooperativa has been honoured with a 2017 EQUALS in Tech Award. Presented at the Internet Governance Forum at the United Nations in December, Kemly Camacho– Sula Batsu Coordinator– accepted the award on behalf of the group. They were recognized in the Leadership category for their work to create women-led… Read more »

Read More from Global Research Network

Tools & Resources

While the Citizen Lab is primarily focused on high-level academic research, we also produce accessible tools and educational resources to help everyone better navigate their online lives. Below are some of the latest projects that are aimed at making everyone safer online.

Access My Info

Access My Info is a project designed to understand what can be learned about company data practices by filing data access requests (DARs), seeking access to the requester’s personal information held by a company.
Read More from Tools & Resources