The findings of our new report on the use of ad-based geolocation surveillance tech in Europe raise the question:
Can surveillance vendors lawfully buy or otherwise obtain billions of location records tied to device identifiers from consumer apps installed on phones under the GDPR?
I doubt it: 🧵
We publish a major @citizenlab.ca report on Webloc, an ad-based mass surveillance system that monitors the movements and personal characteristics of hundreds of millions people globally based on data obtained from mobile apps and digital advertising. Customers include ICE, El Salvador, and Hungary.
NEW REPORT: “Uncovering Webloc: An Analysis of Penlink’s Ad-based Geolocation Surveillance Tech”
Our research confirms that ad-based surveillance tech Webloc is used by military, intelligence, and law enforcement agencies across the globe.
citizenlab.ca/research/ana...
💥Orbán’s intelligence agencies have been secretly using Webloc — a mass surveillance tool that tracks hundreds of millions of people via smartphone advertising data — making Hungary the first confirmed EU country to deploy it, in likely violation of GDPR.
Iran's regime stopped hiding behind security justifications. They're telling us directly: connectivity exists to control the narrative. Will the world act on this, or just condemn it? I unpack Iran's war time information ecosystemm and the solutions needed for @carnegieendowment.org
1/ I spoke with The New York Times for their new story on the “liar’s dividend” in times of war — the ability not to trick audiences with AI-generated content, but to dismiss real one as AI-generated.
1/ I have a huge amount of respect for my former colleagues investigators at Meta who did the hard and smart work behind this new Adversarial Threat Report. And I find what’s in it really important and interesting.
But I have questions for the company.
MARCH 10: Get practical safety tips from the Citizen Lab's Rebekah Brown at @accessnow.org's Digital Security Helpline webinar on preventing spear-phishing attacks against civil society.
Register: www.accessnow.org/event/digita...
Our latest submission to the Committee on Enforced Disappearance and the Working Group on Enforced or Involuntary Disappearances is out now.
We highlight the role of digital technologies; spyware & location-tracking technologies in facilitating enforced disappearances of exiled dissidents
Sarah McKune, @nateschenkkan.bsky.social, an anonymous @citizenlab.ca researcher, @yaqiu.bsky.social & I have co-authored a UN submission on the enforced disappearance of migrants in the context of transnational repression:
citizenlab.ca/submissions-...
The Austrian Ministry of the Interior bought social media surveillance software 'Tangles' from Cobwebs/Penlink and refuses to tell parliament whether they also bought the intrusive Tangles add-on 'Webloc', which relies on the mass collection of personal data from digital advertising and mobile apps.
NEW: Last year, Cellebrite stopped Serbia from using its tools after allegations that local police had abused them to hack into the phone of a journalist.
Now there are similar allegations in Kenya and Jordan, and Cellebrite is taking an entirely different approach.
Please read our latest on how Israel's Cellebrite is being used to break into the phone of a prominent pro-democracy activist. This time, in Kenya. Guess who else has access to this tool? (with Carlos Mureithi) cc @rondeibert.bsky.social www.theguardian.com/world/2026/f...
Great to see @nateschenkkan.bsky.social presenting our report “Perpetrators & methods of transnational repression and possible counter strategies” (co-authored w/ @emiledirks.bsky.social @zecsaky.bsky.social & me) in the @afet.europarl.europa.eu
Full report: www.europarl.europa.eu/thinktank/en...
NEW REPORT ➡️ “From Protest to Peril: Cellebrite Used Against Jordanian Civil Society”
Our investigation reveals that, since 2020, Jordanian authorities have deployed Cellebrite’s forensic extraction products against civil society targets in Jordan.
Full report here: citizenlab.ca/research/fro...
An image in muted colours showing vague aesthetic animated illustrations of a light-brown-skinned man with curly hair, Black woman with a short afro, and red-headed white woman sitting in various poses on, respectively, a reclined chair, a bench, and a stool, in front of and facing an abstract geometrical image, as if considering it and mid-discussion about it.
The People's Consultation on AI launched today! Whether you have in-depth expertise in AI issues, or don't consider yourself an "expert" but have firsthand experience with AI or its impacts and want to have your say, this is for you. Participate by March 15, 2026: www.peoplesaiconsultation.ca
I wrote about Iran's protests for @theatlantic.com: how AI manipulation and the suspicion of it is being weaponised to dismiss real footage of protests.
This piece draws on work from my stellar team at WITNESS and years of studying information controls in Iran and beyond.
1/ Yesterday’s Q2-Q3 Adversarial Threat Report by Meta was interesting in many ways. For us @citizenlab.ca, it was a blast from the past.
For the first time, Meta’s investigators attributed what in 2019 we had named Endless Mayfly - a relentless, sophisticated influence op targeting Iran’s enemies.
The Trump administration’s decision to shut down the U.S. Agency for International Development (USAID) has resulted in hundreds of thousands of deaths from infectious diseases and malnutrition, according to Harvard T.H. Chan School of Public Health’s Atul Gawande. hsph.harvard.edu/news/usaid-s...
Researchers tried plugging every possible phone number into WhatsApp's web app. They found they could collect 3.5 billion users' phone numbers, plus photos for half and profile text for more than a third, the biggest personal data exposure ever by some measures. www.wired.com/story/a-simp...
Law enforcement: we need to break encryption to get access to Signal to protect the children!!
Also law enforcement: for years couldn’t catch a pedophile sex trafficker who used email to coordinate all of his pedophile sex trafficking
A chart showing how well 13 different Android AV apps detect 17 stalkerware products.
EFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones.
www.eff.org/deeplinks/20...
Watch my BSidesPDX keynote where I spoke honestly and frankly about the terrifying reality that Americans are facing under Trump's fascist regime, alongside practical advise for communities to defend themselves micahflee.com/practical-de...
I presume someone just told Trump the Blue Jays are in the world series.
No doubt many of those landlords who "dont have confidence" feel that way because of the backlog at the LTB, something Ford still hasn't fixed.
Not to mention 100+ bike share bike docks within a block of the stadium
NEW REPORT: We uncovered a coordinated network of fake X profiles that is spreading AI-generated content to induce revolt in #Iran. We call this network “PRISONBREAK”.
Read the report 👉 citizenlab.ca/2025/10/ai-e...
The group leveraged dozens of social media accounts and “routinely used” AI-generated imagery and video to stoke unrest among Iran’s population, according to Citizen Lab. via @derekbjohnson.bsky.social cyberscoop.com/citizen-lab-...
1/ NEW REPORT: “We Say You Want a Revolution” - An AI-Enabled Influence Operation Aimed at Overthrowing the Iranian Regime. We call it PRISONBREAK. Keep reading to find out why.
THREAD 🧵
1/Citizen Lab’s new report on PRISONBREAK is a must-read. It exposes an AI-enabled influence operation targeting Iran with deceptive media, from the infamous Evin Prison gates video to deepfake music.