The Citizen Lab’s Submission on Transnational Repression in the UK - The Citizen Lab
Transnational repression is a serious threat to human rights.| The Citizen Lab
Join our team! We are hiring a Systems and Security Administrator to oversee the daily operations of networks and systems administration and oversee security and administration of all information technology in the Citizen Lab. Apply by September 10, 2025.| The Citizen Lab
Join Citizen Lab founder and director Ron Deibert for a screening of the 1981 film “Blow Out” hosted by the Great Escape Bookstore.| The Citizen Lab
Transnational repression is a serious threat to human rights.| The Citizen Lab
One App, Two Systems: How WeChat uses one censorship policy in China and another internationally| The Citizen Lab
This panel is part of the 2025 American Political Science Association Annual Meeting Date: September 12, 2025 Time: 11am – 12:30pm EDT Location: Vancouver, Canada Registration is required On September 12, join the Citizen Lab’s Noura Aljizawi, Gabrielle Lim, and Jon Penney at the American Political Science Association 2025 annual meeting for their presentation of... Read more »| The Citizen Lab
Ahead of his keynote at Black Hat USA, Citizen Lab director Ron Deibert spoke with TechCrunch reporter Lorenzo Franceschi-Bicchierai about what he describes as a “descent into a kind of fusion of tech and fascism.”| The Citizen Lab
On August 21, join Citizen Lab founder and director Ron Deibert as he explores the Lab's groundbreaking work on digital security, surveillance, and human rights, drawing insights from his book Chasing Shadows.| The Citizen Lab
In this paper, the Citizen Lab’s Mohamed Amed and Jeffrey Knockel examine Chinese censorship bias in LLMs with a censorship detector they designed as part of the research. They warn that when LLMs are trained on state-censored texts, their output is more likely to align with the state. An Analysis of Chinese Censorship Bias in... Read more »| The Citizen Lab
In this paper co-authored by the Citizen Lab’s Jeffrey Knockel, researchers investigate the secret relationships between VPN operators and the vulnerabilities these VPNs share. The authors warn that the obfuscation of these relationships prohibits consumers from making informed decisions about their digital security and misleads them about the security properties of the VPNs. Hidden Links:... Read more »| The Citizen Lab
Researchers take a look at the analytics and first-party tracking ecosystem of WeChat Mini Programs.| The Citizen Lab
Keir Giles, a prominent expert on Russia, was targeted with a new form of social-engineering attack that leverages App-Specific Passwords. Google links the operation to UNC6293, a Russian state-backed group.| The Citizen Lab
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings from our forensic analyses of their devices.| The Citizen Lab
In a new article published in the Georgetown Journal of International Affairs, the Citizen Lab’s Noura Aljizawi, Siena Anstis, and Gözde Böcü investigate the| The Citizen Lab
HBO documentary “Surveilled” investigates the growing business of commercial spyware| The Citizen Lab
CBC: WhatsApp Attributes Hack of 1,400 Users to NSO Group Technology| The Citizen Lab
As reported in May 2019, WhatsApp identified and shortly thereafter fixed a vulnerability that allowed attackers to inject commercial spyware on to phones| The Citizen Lab
ปฏิบัติการคุกคามทางโซเชียลมีเดียและการเปิดเผยข้อมูลส่วนตัว (doxxing) อย่างเป็นระบบ ที่โจมตีฝ่ายประชาธิปไตยในไทยนั้น ดำเนินการมาอย่างต่อเนื่องและไร้การทักท้วงใดๆ อย่างน้อยตั้งแ...| The Citizen Lab
Canada-U.S. Cross-Border Surveillance Negotiations Raise Constitutional and Human Rights Whirlwind under U.S. CLOUD Act| The Citizen Lab
In this report we track a malware operation targeting members of the Tibetan Parliament that use the custom backdoor know as KeyBoy.| The Citizen Lab
https://youtu.be/dkkfCaJF0Jw| The Citizen Lab
Investigations into the prevalence and impact of digital espionage operations against civil society groups. For our research on Digital Transnational Repression, visit this page to explore our reports, media mentions, and resources.| The Citizen Lab
Interviews and coverage by major media outlets or organizations.| The Citizen Lab
On July 27, 2022, Citizen Lab senior researcher John Scott-Railton spoke before the House Permanent Select Committee on Intelligence. He was invited to provide expert testimony on a hearing devoted to combatting threats to U.S. national security from the proliferation of foreign commercial spyware.| The Citizen Lab
Uncovering an extensive espionage operation infecting dozens of Thai pro-democracy campaigners with NSO Group's Pegasus spyware.| The Citizen Lab
Our investigation of a spearphishing campaign that targeted senior members of the World Uyghur Congress in March 2025 reveals a highly-customized attack delivery method. The ruse used by attackers replicates a pattern in which threat actors weaponize software and websites aimed at preserving and supporting marginalized and repressed cultures to target those same communities.| The Citizen Lab
In an interview for CBC Ideas, Citizen Lab founder Ron Deibert talks with host Nahlah Ayed about mercenary spyware, sharing that "the latest versions can be| The Citizen Lab
A sustained, coordinated social media harassment and doxxing campaign – which we codenamed JUICYJAM – targeting the pro-democracy movement in Thailand has run uninterrupted, and unchallenged, since at least August 2020. Through our analysis of public social media posts we determined that the campaign was not only inauthentic, but the information revealed could not have been reasonably sourced from a private individual.| The Citizen Lab
In this interview with TVO The Agenda’s Steve Paikin, Citizen Lab director Ron Deibert discusses his recent trip to the White House, the impact that the Trump administration's policies will have on cyber security worldwide, and why Canadians should be concerned by a potential bilateral surveillance agreement with the U.S.| The Citizen Lab
In this Q&A by The Record from Recorded Future News, Citizen Lab director Ron Deibert speaks with cyber security reporter Suzanne Smalley about the| The Citizen Lab
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon's mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.| The Citizen Lab
The website from which you got to this page is protected by Cloudflare. Email addresses on that page have been hidden in order to keep them from being accessed by malicious bots. You must enable Javascript in your browser in order to decode the e-mail address.| citizenlab.ca
Legal researchers Cynthia Khoo and Kate Robertson warn that a Canada-U.S. CLOUD agreement would extend the reach of U.S. law enforcement into Canada’s digital terrain to an unprecedented extent, and that if signed, this agreement would effectively allow U.S. police to demand personal data directly from any provider of an “electronic communication service” or “remote computing service” in Canada, so long as it had some ties to the U.S.| The Citizen Lab
In an opinion piece in the Tahrir Institute for Middle East Policy, Noura Aljizawi, senior researcher at The Citizen Lab, sheds light on the growing threat of| The Citizen Lab
In an opinion piece for The Globe and Mail, The Citizen Lab’s Emile Dirks, Siena Anstis, Noura Aljizawi, and Ron Deibert, argue that while the final report of| The Citizen Lab
In a Q&A for the Digital Front Lines report by Foreign Policy Analytics, The Citizen Lab director Ron Deibert and human rights activist Carine Kanimba| The Citizen Lab
Ron Deibert discusses the growing risks of tech-driven authoritarianism and the deregulation of the AI industry in this episode of Beyond the Headlines (BTH).| The Citizen Lab
China's DeepSeek AI chatbot has raised serious privacy concerns. Speaking with Kevin Collier at NBC News, The Citizen Lab’s director, Ron Deibert, remarks| The Citizen Lab
Ron Deibert, director of The Citizen Lab, discusses his new book, Chasing Shadows, with CityNews journalist Faiza Amin, offering insights into his experiences| The Citizen Lab
Our first network security analysis of the popular Chinese social media platform, RedNote, revealed numerous issues with the Android and iOS versions of the app. Most notably, we found that both the Android and iOS versions of RedNote fetch viewed images and videos without any encryption, which enables network eavesdroppers to learn exactly what content users are browsing. We also found a vulnerability in the Android version that enables network attackers to learn the contents of files on use...| The Citizen Lab
Researchers from The Citizen Lab are scheduled to speak in a series of discussions, panels, and workshops at RightsCon addressing some of the most urgent| The Citizen Lab
Jon Penney, research fellow at The Citizen Lab and an associate professor at the Osgoode Hall Law School at York University, writes an insightful opinion| The Citizen Lab
We conducted the first analysis of WeChat’s tracking ecosystem. Using reverse engineering methods to intercept WeChat’s network requests, we identified exactly what types of data the WeChat app is sending to its servers, and when. This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.| The Citizen Lab
This report demonstrates the technical underpinnings of how WeChat image censorship operates and suggests possible evasion strategies.| The Citizen Lab
In this report we take an in-depth look at how WeChat, the most popular chat app in China, censored content related to the NCPC19.| The Citizen Lab
WeChat and Sina Weibo adapted and evolved their censorship efforts in response to the death of Liu Xiaobo.| The Citizen Lab
This report analyzes the information control practices related to a national crackdown on Chinese rights lawyers and activists on two leading Chinese social media networks. We document the Search filtering on Weibo, China’s Twitter-like service, as well as keyword and image censorship on WeChat, the most popular chat app in China.| The Citizen Lab
Reporting to the Director of Administration, Citizen Lab and working under the general direction of the Director, Citizen Lab in coordination with the University of Toronto’s Chief Information Security Officer (CISO), the Systems and Security Technical Lead is responsible for working with Information Technology staff and resources at Citizen Lab and the wider University to minimize risk of the compromising of information, data, servers, and server-based applications.| The Citizen Lab
The Information Controls Fellowship Program (ICFP) from the Open Technology Fund (OTF) fosters research, outputs, and creative collaboration on repressive Internet censorship and surveillance issues. We welcome proposals from fellowship candidates for research projects related to our current thematic areas.| The Citizen Lab
When the general public becomes increasingly aware of online surveillance attempts, how do they respond? Jon Penney, research fellow at Citizen Lab, looks into how individuals navigate this digital landscape and who is most likely to alter their behaviour.| The Citizen Lab
This FAQ accompanies the full report on privacy in the WeChat ecosystem. We analyzes privacy issues with popular app WeChat by reviewing the data collected by the app and sent to WeChat servers during the regular operation of its various features. We find that they collect more usage data than is disclosed in the WeChat privacy policy.| The Citizen Lab
WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.| The Citizen Lab
In this work, we study how Tencent implements image filtering on WeChat. We found that Tencent implements realtime, automatic censorship of chat images on WeChat based on what text is in an image and based on an image’s visual similarity to those on a blacklist. Tencent facilitates this realtime filtering by maintaining a hash index of MD5 hashes of sensitive image files.| The Citizen Lab
In this report we provide the first systematic study of keyword and website censorship on WeChat, the most popular chat app in China| The Citizen Lab
This report performs the first public analysis of MMTLS, the main network protocol used by WeChat, an app with over one billion users. The report finds that MMTLS is a modified version of TLS, however some of the modifications have introduced cryptographic weaknesses.| The Citizen Lab
Microsoft's Digital Crimes Unit takes legal action to dismantle Russia-based threat actor COLDRIVER following a joint investigation by The Citizen Lab and| The Citizen Lab
This report describes our investigation into the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.| The Citizen Lab
A sophisticated spear phishing campaign has been targeting Western and Russian civil society. In collaboration with Access Now, and with the participation of numerous civil society organizations, we uncover this operation and link it to COLDRIVER, a group attributed by multiple governments to the Russian Federal Security Service (FSB).| The Citizen Lab
On July 16, former Citizen Lab Open Technology Fund (OTF) Information Controls Fellowship Program fellow Benjamin Mixon-Baca will be presenting “Attacking| The Citizen Lab
Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Using Internet scanning, we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.| The Citizen Lab
Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox's Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox's Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.| The Citizen Lab
In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine apps identified contained vulnerabilities that could be exploited to completely reveal the contents of users’ keystrokes in transit. We estimate that up to one billion users could be vulnerable to having all of their keystrokes intercepted...| The Citizen Lab
This is the first documented case of one-click mobile exploits used to target Tibetan groups, and reflects an escalation in the sophistication of digital espionage threats targeting the community.| The Citizen Lab
Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.| The Citizen Lab
Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.| The Citizen Lab
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.| The Citizen Lab
A network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the ...| The Citizen Lab
Ron Deibert in The Washington Post on Apple’s decision to drop lawsuit against Israeli spyware firm| The Citizen Lab
A comparative analysis of security, privacy, and censorship issues in TikTok and Douyin, both developed by ByteDance.| The Citizen Lab
An investigation revealing that Mexican soda tax supporters were targeted with NSO Group's government-exclusive spyware and exploit framework.| The Citizen Lab
Ahmed Mansoor was targeted by NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product.| The Citizen Lab
This document provides a summary of the Citizen Lab's WeChat surveillance research findings, as well as questions and answers from the resesearch team.| The Citizen Lab
Amnesty International’s Security Lab has just published Caught in the Net as part of the European Investigative Collaborations' Predator Files, which details| The Citizen Lab
We devise a method for querying FinFisher’s “anonymizing proxies” to unmask the true location of FinFisher’s master servers.| The Citizen Lab
