In August 2019 a wave of websites and social media channels, called “HKLEAKS,” began “doxxing” the identities and personal information of pro-democracy activists in Hong Kong. While the creators of these sites and channels claimed that HKLEAKS was the product of local volunteer communities, several indicators suggest a coordinated information operation conducted by professional actors in alignment with Chinese state interests.

We conducted the first analysis of WeChat’s tracking ecosystem. Using reverse engineering methods to intercept WeChat’s network requests, we identified exactly what types of data the WeChat app is sending to its servers, and when. This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.

This FAQ accompanies the full report on privacy in the WeChat ecosystem. We analyzes privacy issues with popular app WeChat by reviewing the data collected by the app and sent to WeChat servers during the regular operation of its various features. We find that they collect more usage data than is disclosed in the WeChat privacy policy.

We identified widespread Pegasus spyware infections within Armenian civil society. We also identified two suspected Pegasus operators in Azerbaijan, whom we call BOZBASH and YANAR.

We discovered over 60,000 unique censorship rules used to partially or totally censor search results across eight China-accessible search platforms analyzed. These findings call into question the ability of non-Chinese technology companies to better resist censorship demands than their Chinese counterparts.

In 2022, the Citizen Lab gained extensive forensic visibility into new NSO Group exploit activity after finding infections among members of Mexico’s civil society, including two human rights defenders from Centro PRODH, which represents victims of military abuses in Mexico.

At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. Traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.

Citizen Lab examined a set of documents leaked to news outlet The Intercept that describe plans to develop and launch an Iranian mobile network, including subscriber management operations and services, and integration with a legal intercept solution. If implemented fully as envisioned, it would enable state authorities to directly monitor, intercept, redirect, degrade or deny all Iranians’ mobile communications, including those who are presently challenging the regime.

Key findings and recommendations from the House of Commons Standing Committee on Access to Information, Privacy and Ethics on the use and impact of facial recognitioon, along with some concerns.

Mexican digital rights organization R3D, with technical support from the Citizen Lab, has determined that Mexican journalists and a human rights defender were infected with Pegasus between 2019 and 2021. The infections occurred years after the first revelations of Pegasus abuses in Mexico, and after Mexico’s current President assured the public that the government no longer used the spyware, and that there would be no further abuses.