Investigations into the prevalence and impact of digital espionage operations against civil society groups.
We identified widespread Pegasus spyware infections within Armenian civil society. We also identified two suspected Pegasus operators in Azerbaijan, whom we call BOZBASH and YANAR.
In 2022, the Citizen Lab gained extensive forensic visibility into new NSO Group exploit activity after finding infections among members of Mexico’s civil society, including two human rights defenders from Centro PRODH, which represents victims of military abuses in Mexico.
At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. Traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.
Studies of Internet filtering, network interference, and other technologies and practices that impact freedom of expression online.
We discovered over 60,000 unique censorship rules used to partially or totally censor search results across eight China-accessible search platforms analyzed. These findings call into question the ability of non-Chinese technology companies to better resist censorship demands than their Chinese counterparts.
We consistently found that Bing censors politically sensitive Chinese names over time, that their censorship spans multiple Chinese political topics, consists of at least two languages—English and Chinese—and applies to different world regions, including China, the United States, and Canada.
本報告研究微軟必應自動建議功能(autosuggestion)針對人名的審查。我們發現,除了審查與色情相關的人名,第二大被微軟必應審查的人名類別是與中國領導人,異議人士相關以及其他在中國被認為是政治敏感的人名。
Examinations of transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities.
Citizen Lab examined a set of documents leaked to news outlet The Intercept that describe plans to develop and launch an Iranian mobile network, including subscriber management operations and services, and integration with a legal intercept solution. If implemented fully as envisioned, it would enable state authorities to directly monitor, intercept, redirect, degrade or deny all Iranians’ mobile communications, including those who are presently challenging the regime.
Police led mass iris scan collection in Qinghai, a region with a population that is 49.4% non-Han, including Tibetans and Hui Muslims. Iris scan collection is part of long-standing police intelligence gathering programs. Through this data collection, Qinghai’s police are effectively treating entire communities as populated by potential threats to social stability.
Analysis and recommendations pertaining to the collection of de-identified mobility data and its use in Canadian privacy law. In this explainer, we discuss our findings and recommendations with Amanda Cutinha and Christopher Parsons, the report’s authors.
Research into privacy, security, and information controls of popular applications.
The IATA Travel Pass (ITP), a global, opt-in app to receive, store, and share digital COVID-19 test certificates for flights, has a critical flaw in its registration process which allows an attacker to impersonate another user, needing only to know the user’s passport details but not possess the passport itself.
On April 13, the Citizen Lab published an analysis of the IATA Travel Pass. In this post, we discuss the significance of the report’s findings.
“Smart” in-store shopping carts, developed by Caper and used by Sobeys, issue electronic receipts via SMS message and share a URL that uses an easily predictable format. These receipts contain a number of personal data points, including the customer’s partial credit/debit/Air Miles card numbers, a full list of purchases, and the date, time, and location of the customer’s purchase.
Outputs related to the global community of practice that the Citizen Lab helps to cultivate through our Cyber Stewards Network, various fellowships, and events.
Findings from this study underscore that online and offline threats should not be viewed as separate phenomena, but rather as overlapping and mutually reinforcing.
Cyber Steward Network partner Asociación por los Derechos Civiles (ADC) will lead a public hearing at the 167 extraordinary period of session of the Inter-American Commission on Human Rights (IACHR). Taking place on February 28 at 11:30 am EST, the hearing is titled “Digital Intelligence, Cybersecurity, and Freedom of Expression in America”. The topics to be addressed in… Read more »
Cyber Stewards Network organization Sula Batsu Cooperativa has been honoured with a 2017 EQUALS in Tech Award. Presented at the Internet Governance Forum at the United Nations in December, Kemly Camacho– Sula Batsu Coordinator– accepted the award on behalf of the group. They were recognized in the Leadership category for their work to create women-led… Read more »
While the Citizen Lab is primarily focused on high-level academic research, we also produce accessible tools and educational resources to help everyone better navigate their online lives. Below are some of the latest projects that are aimed at making everyone safer online.
