Pellaeon Lin is a senior researcher at Citizen Lab. His work focuses on the security and privacy of consumer apps. He is especially interested in helping users understand these security and privacy threats. He had previously analyzed TikTok, Douyin, COVID-19 tracking apps in Southeast Asia, IATA Travel Pass and WeChat. These works intersect with other topics including censorship and digital ID, which he is also interested in. He also helped colleagues investigate the Great Firewall of China and the HKLeaks online doxxing campaign.
His works were featured in BBC, CNN and The Washington Post. He has given talks in BlackHat Asia and Hacks in Taiwan Conference.
Connect
Publications
Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol
This report performs the first public analysis of MMTLS, the main network protocol used by WeChat, an app with over one billion users. The report finds that MMTLS is a modified version of TLS, however some of the modifications have introduced cryptographic weaknesses.
Should We Chat? Privacy in the WeChat Ecosystem
We conducted the first analysis of WeChat’s tracking ecosystem. Using reverse engineering methods to intercept WeChat’s network requests, we identified exactly what types of data the WeChat app is sending to its servers, and when. This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.
Privacy in the WeChat Ecosystem Explained
This FAQ accompanies the full report on privacy in the WeChat ecosystem. We analyzed privacy issues with popular app WeChat by reviewing the data collected by the app and sent to WeChat servers during the regular operation of its various features. We find that they collect more usage data than is disclosed in the WeChat privacy policy.