Ang COVID-KAYA ay isang platform na ginagamit ng mga frontline healthcare workers sa Pilipinas para mangolekta at magbahagi ng mga kaso ng COVID-19 sa Kagawaran ng Kalusugan. Natagpuang nagtataglay ng mga kahinaan ang web at Android apps nito, na pinapayagan ang mga walang pahintulot na user na makuha ang pribadong datos tungkol sa mga gumagamit ng app, at maaring maging ang datos ng mga pasyente.
App Privacy and Controls
Research into privacy, security, and information controls of popular applications.
COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.
This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys to China.
This report provides an in-depth legal and policy analysis of technology-facilitated intimate partner surveillance (IPS) under Canadian law. Stalkerware apps are designed to facilitate remote surveillance of an individual’s mobile device use with the surveillance often being covert or advertised as such. Despite increasing recognition of the prevalence of technology-enabled intimate partner abuse and harassment, the legality of the creation, sale, and use of consumer-level spyware apps has not yet been closely considered by Canadian courts, legislators, or regulators.
This report was collaboratively written by researchers from computer science, political science, criminology, law, and journalism studies. As befits their expertise, the report is divided into several parts, with each focusing on specific aspects of the consumer spyware ecosystem, which includes: technical elements associated stalkerware applications, stalkerware companies’ marketing activities and public policies, and these companies’ compliance with Canadian federal commercial privacy legislation.
End-to-end encrypted messaging is effective at protecting the content of your messages from being read as they travel across the Internet to your friends and family. This is why the Citizen Lab has released Secure Your Chats: a Net Alert resource that outlines how to safely use end-to-end encryption.