In an article written for Foreign Affairs, Citizen Lab Senior Research Fellow Jason Q. Ng discusses the crackdown of “rumours” on the popular Chinese WeChat mobile application, and its broader implications for censorship in the country.
As the United Nations General Assembly begins its milestone 70th session, international digital security is high on the agenda. One starting point for discussion is likely to be the International Code of Conduct for Information Security (the “Code”). This analysis explores how the Code has developed over time, impetus behind the changes made, and the potential impact of the Code on international human rights law and its application. It is accompanied by an interactive comparison of the 2015 and 2011 versions of the Code.
This report describes the results of two independent security audits of Smart Sheriff, one by researchers who collaborated at the 2015 Citizen Lab Summer Institute (held at the Munk School of Global Affairs, University of Toronto), and the other by the auditing firm Cure53. The combined audits identified twenty-six security vulnerabilities in recent versions of Smart Sheriff (versions 1.7.5 and under). These vulnerabilities could be leveraged by a malicious actor to take control of nearly all Smart Sheriff accounts and disrupt service operations.
This article, written by Postdoctoral Fellow Christopher Parsons and CIPPIC Staff lawyer Tamir Israel, analyzes how successive federal governments of Canada have actively sought to weaken the communications encryption available to Canadians. The article covers regulations imposed on mobile telecommunications providers, state authorities’ abilities to compel decryption keys from telecommunications providers writ large, and Canada’s signals intelligence agency’s deliberate propagation of flawed encryption protocols.
At the 2015 USENIX Free and Open Communications on the Internet (FOCI) workshop, held in Washington DC on August 10, Citizen Lab and collaborators present three papers.
The papers include: investigation of censorship and surveillance on China’s most popular social video platforms, an updated analysis of China’s Great Canon, and examination of securing cookie-based identifiers from passive surveillance.
This research note outlines what we know about the use of Hacking Team’s Remote Control System (RCS) by South Korea’s National Intelligence Service (NIS). The note synthesizes information found in publicly leaked materials, as well as our own research.
ICT Watch, SAFENET, and EngageMedia hosted a discussion on digital rights issues and screened “Citizenfour” movie in Jakarta, Indonesia.
UC Browser is the most popular mobile web browser in China and India, boasting over 500 million users. This report provides a detailed analysis of how UC Browser manages and transmits user data, particularly private data, during its operation. Our research was prompted by revelations in a document leaked by Edward Snowden on which the Canadian Broadcasting Corporation (CBC) was preparing a story.
This document describes key identifiers used by mobile devices, highlights some identifiers that are accessible, and often collected, by various parties and the risks associated with the widespread transmission and use of these identifiers.
