We conducted the first analysis of WeChat’s tracking ecosystem. Using reverse engineering methods to intercept WeChat’s network requests, we identified exactly what types of data the WeChat app is sending to its servers, and when. This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.| The Citizen Lab
WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.| The Citizen Lab
This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.| IETF Datatracker
This document provides specifications for existing TLS extensions. It is a companion document for RFC 5246, "The Transport Layer Security (TLS) Protocol Version 1.2". The extensions specified are server_name, max_fragment_length, client_certificate_url, trusted_ca_keys, truncated_hmac, and status_request. [STANDARDS-TRACK]| IETF Datatracker
In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine apps identified contained vulnerabilities that could be exploited to completely reveal the contents of users’ keystrokes in transit. We estimate that up to one billion users could be vulnerable to having all of their keystrokes intercepted...| The Citizen Lab
Please note that the Let's Encrypt Growth and Let's Encrypt Certificates Issued Per Day charts are undergoing updates and may not reflect the most recent data. Let's Encrypt Growth Percentage of Web Pages Loaded by Firefox Using HTTPS (14-day moving average, source: Firefox Telemetry) Let's Encrypt Certificates Issued Per Day| letsencrypt.org
A comparative analysis of security, privacy, and censorship issues in TikTok and Douyin, both developed by ByteDance.| The Citizen Lab
Posted by Emily Schechter, Chrome Security Team [Updated on 12/5/16 with instructions for developers] Developers : Read more about how to ...| Google Online Security Blog
Square’s meticulous HTTP client for the JVM, Android, and GraalVM| square.github.io
Thursday, August 07, 2014| Google for Developers
