Citizen Lab
Permanent URI for this collectionhttps://hdl.handle.net/1807/92496
The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada focusing on advanced research and development at the intersection of digital media, global security, and human rights.
Browse
Recent Submissions
Item Banned Books: Analysis of Censorship on Amazon.com(2024-11-25) Knockel, Jeffrey; Dałek, Jakub; Aljizawi, Noura; Ahmed, Mohamed; Meletti, Levi; Lau, JustinWe analyze the system Amazon deploys on the US “amazon.com” storefront to restrict shipments of certain products to specific regions. We found 17,050 products that Amazon restricted from being shipped to at least one world region. While many of the shipping restrictions are related to regulations involving WiFi, car seats, and other heavily regulated product categories, the most common product category restricted by Amazon in our study was books.Item The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers(2024-04-23) Knockel, Jeffrey; Wang, Mona; Reichert, ZoëWe analyzed the security of cloud-based pinyin keyboard apps from nine vendors — Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi — and examined their transmission of users' keystrokes for vulnerabilities. Our analysis revealed critical vulnerabilities in keyboard apps from eight out of the nine vendors in which we could exploit that vulnerability to completely reveal the contents of users’ keystrokes in transit. Most of the vulnerable apps can be exploited by an entirely passive network eavesdropper. We reported these vulnerabilities to all nine vendors. Most vendors responded, took the issue seriously, and fixed the reported vulnerabilities, although some keyboard apps remain vulnerableItem Not OK on VK: An Analysis of In-Platform Censorship on Russia’s VKontakte(2023-07-26) Knockel, Jeffrey; Dalek, Jakub; Meletti, Levi; Ermoshina, KseniaThis report examines the accessibility of certain types of content on VK (an abbreviation for “VKontakte”), a Russian social networking service, in Canada, Ukraine, and Russia. Among these countries, we found that Russia had the most limited access to VK social media content, due to the blocking of 94,942 videos, 1,569 community accounts, and 787 personal accounts in the country. VK predominantly blocked access to music videos and other entertainment content in Canada, whereas, in Russia, we found VK blocked content posted by independent news organizations, as well as content related to Ukrainian and Belarusian issues, protests, and lesbian, gay, bisexual, transgender, intersex, and queer (LGBTIQ) content. In Ukraine, we discovered no content that VK blocked, though the site itself is blocked to varying extents by most Internet providers in Ukraine. In Russia, certain types of video content were inaccessible on VK due to the blocking of the accounts of the people or communities who posted them. These individuals and groups were often targeted for their criticism of Russia’s President Vladimir Putin or of the Russian invasion of Ukraine. Additionally, accounts belonging to these communities and people have been restricted from VK search results in Russia using broad, keyword-based blocking of LGBTIQ terms. We collected over 300 legal justifications which VK cited in justification of the blocking of videos in Russia. Notably, we discovered a 30-fold increase in the rate of takedown orders issued against VK in an eight month period following Russia’s February 2022 invasion of Ukraine.Item "Please do not make it public": Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping(2023-08-09) Knockel, Jeffrey; Reichert, Zoë; Wang, MonaIn this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.Item Beautiful Bauhinia: “HKLeaks”– The Use of Covert and Overt Online Harassment Tactics to Repress the 2019 Hong Kong Protests(2023-07-13) Fittarelli, Alberto; Tsui, LokmanIn August 2019 a wave of websites and social media channels, called “HKLEAKS,” began “doxxing” the identities and personal information of pro-democracy activists in Hong Kong. While the creators of these sites and channels claimed that HKLEAKS was the product of local volunteer communities, several indicators suggest a coordinated information operation conducted by professional actors in alignment with Chinese state interests.Item Mass Iris Scan Collection in Qinghai: 2019–2022(2023-12-14) Dirks, EmilePolice led mass iris scan collection in Qinghai, a region with a population that is 49.4% non-Han, including Tibetans and Hui Muslims. Iris scan collection is part of long-standing police intelligence gathering programs. Through this data collection, Qinghai’s police are effectively treating entire communities as populated by potential threats to social stability.Item Mass DNA Collection in the Tibet Autonomous Region from 2016–2022(2022-09-13) Dirks, EmileWe find that mass DNA collection in Tibet is another mass DNA collection campaign conducted under the Xi Jinping administration (2012–present), along with the mass DNA collection campaign in the Xinjiang Uyghur Autonomous Region and the police-led national program of male DNA collection.Item Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains(2023-04-18) Marczak, Bill; Scott-Railton, John; Abdul Razzak, Bahr; Deibert, RonIn 2022, the Citizen Lab gained extensive forensic visibility into new NSO Group exploit activity after finding infections among members of Mexico’s civil society, including two human rights defenders from Centro PRODH, which represents victims of military abuses in Mexico.Item Pearl 2 Pegasus: Bahraini Activists Hacked with Pegasus Just Days after a Report Confirming Other Victims(2022-02-18) Marczak, Bill; Abdulemam, Ali; Scott-Railton, John; Abdul Razzak, Bahr; Anstis, Siena; Al-Jizawi, Noura; Deibert, RonOur forensic analysis confirms that phones belonging to three individuals in Bahrain were hacked in 2021 with NSO Group’s Pegasus spyware.Item Peace through Pegasus: Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware(2022-04-05) Al-Maskati, Mohammed; Marczak, Bill; Anstis, Siena; Deibert, RonPhones belonging to four Jordanian human rights defenders, lawyers, and journalists were hacked with NSO Group’s Pegasus spyware between August 2019 and December 2021. We assess that at least two of the four targets were hacked by Pegasus operators primarily focused on Jordan, based on SMS messages containing Pegasus links that map to a cluster of domain names focusing on Jordanian themes.Item Missing Links: A comparison of search censorship in China(2023-04-26) Knockel, Jeffrey; Kato, Ken; Dirks, EmileAcross eight China-accessible search platforms analyzed — Baidu, Baidu Zhidao, Bilibili, Microsoft Bing, Douyin, Jingdong, Sogou, and Weibo — we discovered over 60,000 unique censorship rules used to partially or totally censor search results returned on these platforms. Among web search engines Microsoft Bing and Baidu, Bing’s chief competitor in China, we found that, although Baidu has more censorship rules than Bing, Bing’s political censorship rules were broader and affected more search results than Baidu. Bing on average also restricted displaying search results from a greater number of website domains. These findings call into question the ability of non-Chinese technology companies to better resist censorship demands than their Chinese counterparts.Item TikTok vs Douyin A Security and Privacy Analysis(2021-03-22) Lin, PellaeonA comparative analysis of security, privacy, and censorship issues in TikTok and Douyin, both developed by ByteDance.Item FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild(2021-09-13) Marczak, Bill; Scott-Railton, John; Abdul Razzak, Bahr; Al-Jizawi, Noura; Anstis, Siena; Berdan, Kristin; Deibert, RonWhile analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.Item Privacy and Security Analysis of the IATA Travel Pass Android App(2022-04-13) Lin, PellaeonThe IATA Travel Pass (ITP), a global, opt-in app to receive, store, and share digital COVID-19 test certificates for flights, has a critical flaw in its registration process which allows an attacker to impersonate another user, needing only to know the user’s passport details but not possess the passport itself.Item Cross-Country Exposure: Analysis of the MY2022 Olympics App(2022-01-18) Knockel, JeffreyMY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.Item Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus(2022-07-15) Marczak, Bill; Scott-Railton, John; Berdan, Kristin; Abdul Razzak, Bahr; Deibert, RonCandiru is a secretive Israel-based company that sells spyware exclusively to governments. Using Internet scanning, we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.Item Project Torogoz: Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware(2022-01-12) Scott-Railton, John; Marczak, Bill; Nigro Herrero, Paolo; Abdul Razzak, Bahr; Al-Jizawi, Noura; Solimano, Salvatore; Deibert, RonThe Citizen Lab and Access Now have confirmed 35 cases of journalists and members of civil society whose phones were successfully infected with NSO’s Pegasus spyware between July 2020 and November 2021. We shared a sample of forensic data with Amnesty International’s Security Lab which independently confirms the findings.Item Engrave Condition: Apple’s Political Censorship Leaves Taiwan, Remains in Hong Kong(2022-03-22) Jeffrey, Knockel; Ruan, LotusSince our report in August 2021, we find that Apple has eliminated their Chinese political censorship in Taiwan. However, Apple continues to perform broad, keyword-based political censorship outside of mainland China in Hong Kong, despite human rights groups’ recommendations for American companies to resist blocking content.Item Engrave Danger: An Analysis of Apple Engraving Censorship across Six Regions(2021-08-18) Knockel, Jeffrey; Ruan, LotusWithin mainland China, we found that Apple censors political content including broad references to Chinese leadership and China’s political system, names of dissidents and independent news organizations, and general terms relating to religions, democracy, and human rights. And across all six regions, we found that Apple’s content moderation practices pertaining to derogatory, racist, or sexual content are inconsistently applied and that Apple’s public-facing documents failed to explain how it derives their keyword lists.Item Bada Bing, Bada Boom: Microsoft Bing’s Chinese Political Censorship of Autosuggestions in North America(2022-05-19) Knockel, Jeffrey; Ruan, LotusWe consistently found that Bing censors politically sensitive Chinese names over time, that their censorship spans multiple Chinese political topics, consists of at least two languages—English and Chinese—and applies to different world regions, including China, the United States, and Canada.