微信是一個具有許多功能的應用程式。之前我們研究過圍繞小程式的隱私問題，以及微信對文字和圖片訊息的監視及審查。在這項研究中，我們主要關注微信的網路加密協定及其安全性。

Research FAQ for the full report “Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol”

This report performs the first public analysis of MMTLS, the main network protocol used by WeChat, an app with over one billion users. The report finds that MMTLS is a modified version of TLS, however some of the modifications have introduced cryptographic weaknesses.

Apple has decided to drop its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could risk revealing the security methods used to combat commercial surveillance tools.

We are excited to announce a new book, Chasing Shadows: Cyber Espionage, Subversion, and the Global Fight for Democracy, by Ronald Deibert, director and founder of The Citizen Lab, will hit shelves on February 4, 2025.

A sophisticated spear phishing campaign has been targeting Western and Russian civil society. In collaboration with Access Now, and with the participation of numerous civil society organizations, we uncover this operation and link it to COLDRIVER, a group attributed by multiple governments to the Russian Federal Security Service (FSB).

The annual Privacy Enhancing Technologies Symposium (PETS) 2024 is underway in Bristol, UK and online, a gathering of privacy experts from around the world to discuss recent advances and new perspectives on research in privacy technologies. On July 16, former Citizen Lab Open Technology Fund (OTF) Information Controls Fellowship Program fellow Benjamin Mixon-Baca will be… Read more »

In a joint investigation with Access Now, we found that seven Russian and Belarusian-speaking independent journalists and opposition activists based in Europe were targeted and/or infected with NSO Group’s Pegasus mercenary spyware.

In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine apps identified contained vulnerabilities that could be exploited to completely reveal the contents of users’ keystrokes in transit. We estimate that up to one billion users could be vulnerable to having all of their keystrokes intercepted, constituting a tremendous risk to user security.

Emile Dirks, Research Associate at the Citizen Lab, prepared a written submission for the Congressional-Executive Commission on China (CECC) about the state of human rights in the country. The CECC was established by Congress in October 2000, with the legislative mandate to monitor human rights and the development of the rule of law in China,… Read more »