Brief
“Smart” in-store shopping carts, developed by Caper and used by Sobeys, issue electronic receipts via SMS message and share a URL that uses an easily predictable format. These receipts contain a number of personal data points, including the customer’s partial credit/debit/Air Miles card numbers, a full list of purchases, and the date, time, and location of the customer’s purchase.
Forbidden Stories and Amnesty International requested that the Citizen Lab undertake an independent peer review of a sample of their forensic evidence and their general forensic methodology. We were provided with iTunes backups of several devices and a separate methodology brief, and independently validated that Amnesty International’s forensic methodology correctly identified infections with NSO’s Pegasus spyware.
For human rights activists, Internet technologies bring both risks and benefits. Smartphones are widely used to document the abuses that activists are fighting against, as well as to store photos, recordings, and documents. Social media and messaging apps are key organising and communications tools. But even as these technologies enhance activists’ work, they also enable online threats such as surveillance and harassment.
The May 2019 WhatsApp Incident As reported in May 2019, WhatsApp identified and shortly thereafter fixed a vulnerability that allowed attackers to inject commercial spyware on to phones simply by ringing the number of a target’s device. Today Oct 29th, WhatsApp is publicly attributing the attack to NSO Group, an Israeli spyware developer that also […]
Using the AMI approach, partners have launched projects around the world, including in Australia, Canada, Hong Kong, Indonesia, Malaysia, and South Korea. These projects focused on making data access requests to telecommunications companies in each country, led by a local researcher and a team of volunteers. Every country has specific laws, regulations, and corporate mechanisms that present unique challenges and opportunities in accessing data, but the results of each provide insights into the larger ecosystem of data access.
In recent days, United Nations Special Rapporteurs have released two revelatory reports that demonstrate the dangerous effects of unchecked technology in the hands of autocrats: one relating to the proliferation and abuse of surveillance software and one that investigates the murder of Washington Post journalist Jamal Khashoggi. Both reports highlight the danger of unaccountable and unregulated surveillance technology sold to countries with egregious human rights records.
In this post, we evaluate the Government’s explanation of some of the more problematic elements of Bill C-59 in its briefing notes. We ultimately conclude that while the government’s briefing material provides insight into some of the ways that the CSE might act following the passage of the CSE Act, the material itself does not resolve our concerns with the CSE Act.
In this post, Reem al Masri of Citizen Lab’s Cyber Stewards Network partner 7iber investigates the process of Archive.org being blocked in Jordan.
We are releasing a more comprehensive “checklist” consolidating our thoughts on how best to confront the lack of accountability in the commercial spyware trade.
In our blog post, we describe the results of tests we conducted to measure HTTPS support on the advertisers found on a sample of news websites as well as two sample lists of advertisers. We find a large disparity between our results and the the level of security support referred to in a recent post on the Internet Advertising Bureau’s website.