I've been super impressed with the recent Citizen Lab work. I wanted to pull out a couple choice quotes for folks who may have only skimmed this.
------------ Citizen Lab researchers verified that LINE chat traffic is sent unencrypted over 3G networks on the latest version of the client. This behaviour is unusual given the fact that the client does encrypt chat traffic over wifi connections. I found a couple additional bits on this on Twitter via thegrugq: - http://www.telecomasia.net/blog/content/line-vulnerable-man-middle-attack - "LINE is used by the Thai Democrat party for their internal comms. It's terrible." ------------ Reverse engineering of the most recent Android version of LINE revealed that when the user’s country is set to China during installation of the application it will enable censorship functionality by downloading a list of censored words from Naver’s server, and then block the transmission of any messages that contain any of those keywords. ... The presence of censorship functionality has been confirmed as far back as v3.4.2, released on January 18 2013, using APK files found at AndroidDrawer. ... In our analysis, we were able to retrieve two lists from the server: Version 20 (223 keywords) and 21 (370 keywords), which suggests that there have been at least 21 iterations of the keyword block list. ... Citizen Lab Research Fellow Jason Q. Ng has translated both the original keyword list discovered by @hirakujira, and the latest versions we extracted from Chinese to English and describes the context behind them. The first keyword list discovered by @hirakujira is described in a series of blog posts (full list available here) and the most recent keyword list uncovered by Citizen Lab and translated by Ng is available here. The first keyword list from @hirakujira contains content related to domestic Chinese politics, human rights, and sensitive political events–many of which are rather obscure and only mentioned in media known for being critical of the CPC. ------------ -tom On 14 November 2013 15:13, Ronald Deibert <r.deib...@utoronto.ca> wrote: > Dear Lib Tech. > > I am pleased to announce the publication of a new series of research reports > on censorship and surveillance on mobile messaging applications in Asia. > Details are below. > > Cheers > Ron > > > Asia Chats: Analyzing Information Controls and Privacy in Asian Messaging > Applications > > The Citizen Lab at the Munk School of Global Affairs, University of Toronto > is proud to announce the launch of Asia Chats: a project analyzing > information controls and privacy in mobile messaging applications used in > Asia. > > Across Asia, a new class of instant messaging (IM) mobile applications are > rapidly growing in popularity and amassing enormous user bases. These > applications encompass more than text, voice, and video chat as they offer > social networking platforms that include expressive emoticons and stickers > (known as “emoji”), photo and video sharing, e-commerce, gaming, and other > features that provide a more sophisticated user experience than previous > generations of IM clients. These applications are dominating their > respective domestic marketplaces, but are also keenly expanding into markets > in countries across Asia and beyond the region. > > Currently, the three most popular chat applications developed by companies > based in Asia are WeChat (developed by Tencent holdings Ltd based in China), > LINE (developed by LINE Corporation based in Japan, which is a subsidiary of > South Korea-based Naver Corporation), and KakaoTalk (developed by Kakao > Corporation based in South Korea). > > The swift growth of these applications and aggressive strategies to attract > international user bases raise questions regarding the kind of governmental > pressures the companies may face in particular jurisdictions to implement > censorship or surveillance features and provide user data and how they will > respond to these pressures. > > This series will begin with a focus on WeChat, LINE, and KakaoTalk. Reports > will include analysis based on our technical investigation of censorship or > surveillance functionality, assessment of privacy issues surrounding these > application’s use and storage of user data, and comparison of the terms of > service and privacy policies of the applications. > > The first report in this series by Seth Hardy (Senior Security Analyst, > Citizen Lab) examines the implementation of regionally-based keyword > censorship in LINE for users based in China. > > This analysis reveals that when the user’s country is set to China during > installation of the LINE application it will enable censorship functionality > by downloading a list of censored words from Naver’s server, and then block > the transmission of any messages that contain any of those keywords. > > Today we release the following outputs: > > Asia Chats project framing post > > > Detailed technical report of regionally-based keyword censorship in LINE by > Seth Hardy (Senior Security Analyst, Citizen Lab) > > > Keyword list translated from Chinese to English with contextual descriptions > by Jason Q. Ng (Research Fellow, Citizen Lab) > > > Blog series by Jason Q. Ng on context behind the blocked keywords on LINE > > > LINE Region Code Encrypter Tool developed by Seth Hardy and Greg Wiseman > (Senior Data Visualization Developer, Citizen Lab) for changing regions in > the LINE client to disable regionally-based keyword censorship in the > application. > > > For media enquiries please contact us at i...@citizenlab.org or +1 416 946 > 8903 > > Asia Chats Research Team > > Contextual, Legal and Policy Research: Masashi Crete-Nishihata, Andrew > Hilts, Irene Poetranto, Jason Q. Ng, Adam Senft, Aim Sinpeng. > > Technical Research: Jakub Dalek, Seth Hardy, Katie Kleemola, Byron Sonne, > Greg Wiseman. > > Ronald Deibert > Director, the Citizen Lab > and the Canada Centre for Global Security Studies > Munk School of Global Affairs > University of Toronto > (416) 946-8916 > PGP: http://deibert.citizenlab.org/pubkey.txt > http://deibert.citizenlab.org/ > twitter.com/citizenlab > r.deib...@utoronto.ca > > > > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.