Reports and Briefings

Citizen Lab reports and research briefs

Cashless Society, Cached Data: Are Mobile Payment Systems Protecting Chinese Citizens’ Data?

This research series presents an in-depth examination of mobile payment systems, a rapidly evolving form of financial technology. We will provide an overview of how they are used in China–where they are taking off faster than anywhere else in the world–and what implications their security and data protection practices may have for millions of users, by presenting a case study on Alipay.

Bill Marczak co-authors “Social Engineering Attacks on Government Opponents”

Citizen Lab Senior Research Fellow Bill Marczak has co-authored a paper titled “Social Engineering Attacks on Government Opponents: Target Perspectives,” along with Vern Paxson of UC Berkeley.

Cyber Stewards in Global Information Society Watch 2016 publication

Several Cyber Stewards Network Partners have contributed to the 2016 Global Internet Society Watch on Economic, Social, and Cultural Rights on the Internet, a publication with 46 country reports and other topics.

Tibetans blocked from Kalachakra at borders and on WeChat

From January 2 to 13 2017, His Holiness the Dalai Lama is holding a popular Tibetan Buddhist teaching called Kalachakra in Bodh Gaya, India. Increased restrictions from the government of China has barred Tibetans in Tibet from attending the teachings. This report documents blocking of Kalachakra-related keywords on WeChat revealing how restrictions on the ritual extend online.

“一APP两制”:微信如何区别审查中国及海外用户

多伦多大学公民实验室的最新报告揭露了微信平台的审查机制。微信是中国腾讯控股有限公司旗下的即时通讯应用,目前是中国最受欢迎的聊天软件之一,也是全球排名第四的最流行聊天软件

One App, Two Systems: How WeChat uses one censorship policy in China and another internationally

In this report we provide the first systematic study of keyword and website censorship on WeChat, the most popular chat app in China

It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community

In this report we track a malware operation targeting members of the Tibetan Parliament that used known and patched exploits to deliver a custom backdoor known as KeyBoy. We analyze multiple versions of KeyBoy revealing a development cycle focused on avoiding basic antivirus detection.

Harmonized Histories? A year of fragmented censorship across Chinese live streaming applications

In this report, we reverse engineer three popular live streaming platforms (YY, Sina Show, and 9158) and find keyword lists used to censor chat messages. Tracking changes to the keyword lists over the past year gives an inside look into how these applications implement censorship

Canada’s National Security Consultation: Digital Anonymity & Subscriber Identification Revisited… Yet Again

In this post, we critically examine the Government of Canada’s proposal to indiscriminately access subscriber identity information that is possessed by telecommunications service providers. We conclude by arguing that the government has failed to justify its case for such access to the information.

Tender Confirmed, Rights At Risk: Verifying Netsweeper in Bahrain

In this report, we confirm the use of the services of Canadian company Netsweeper, Inc. to censor access to the Internet in the Kingdom of Bahrain.