Report
As part of our ongoing project monitoring changes to Chinese search censorship, we tracked changes to censorship following Li Keqiang’s death across seven Internet platforms: Baidu, Baidu Zhidao, Bilibili, Microsoft Bing, Jingdong, Sogou, and Weibo. We found that some keyword combinations in search queries triggers hard censorship whereas others trigger soft censorship. Our results demonstrate China’s ongoing efforts to push state-sanctioned narratives concerning politically sensitive topics, impacting the integrity of the online information environment.
This report provides a comprehensive guide to geolocation-related threats sourced from 3G, 4G, and 5G network operators. Case studies, references, examples, and evidence are provided to give a complete and contextual understanding of mobile network-based location tracking in order to formulate policies and actions that protect civil society from current and future geolocation surveillance.
Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
This report examines the accessibility of certain types of content on VK (an abbreviation for “VKontakte”), a Russian social networking service, in Canada, Ukraine, and Russia. Among these countries, we found that Russia had the most limited access to VK social media content, due to the blocking of 94,942 videos, 1,569 community accounts, and 787 personal accounts in the country.
In August 2019 a wave of websites and social media channels, called “HKLEAKS,” began “doxxing” the identities and personal information of pro-democracy activists in Hong Kong. While the creators of these sites and channels claimed that HKLEAKS was the product of local volunteer communities, several indicators suggest a coordinated information operation conducted by professional actors in alignment with Chinese state interests.
We conducted the first analysis of WeChat’s tracking ecosystem. Using reverse engineering methods to intercept WeChat’s network requests, we identified exactly what types of data the WeChat app is sending to its servers, and when. This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.
We discovered over 60,000 unique censorship rules used to partially or totally censor search results across eight China-accessible search platforms analyzed. These findings call into question the ability of non-Chinese technology companies to better resist censorship demands than their Chinese counterparts.
In 2022, the Citizen Lab gained extensive forensic visibility into new NSO Group exploit activity after finding infections among members of Mexico’s civil society, including two human rights defenders from Centro PRODH, which represents victims of military abuses in Mexico.
At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.
