OTF's September 2022 Newsletter
Resolving the tension between wanting to know information about a users and the need to collect information about individuals that might compromise their privacy is the impetus for the Divvi Up project. The goal is to provide an easy-to-use system that application owners—from government and public benefit entities to private companies—can use to easily collect user-population metrics while respecting user privacy. This privacy-respecting system, Divvi Up, takes a user-generated metric (from a mobile device, web browser, or other application) and divides, or “divvi ups”, the metric into two encrypted shares. These shares are then used to create a privacy-preserving aggregate statistic of users.
Divvi Up makes it possible to gain insights about users without compromising individual privacy. The hope is that this privacy-preserving metric system becomes an Internet standard that can be adopted by anyone, with enormous potential to dramatically improve users’ privacy across the whole Internet.
MSM is a multi-source threat intelligence solution, designed to analyze and provide insights into active surveillance threats targeting the phones of at-risk individuals and groups around the world. In response to targeted device spyware and network-originated surveillance threats, MSM uses a combination of location analytics and data science with a variety of threat sources provided by leading NGO research, private cybersecurity threat intelligence, and open-source communities. To date, MSM’s Surveillance Threat Detections have recorded 150 attributed threat actors and source countries with over 1.4 million surveillance-oriented device malware threats, 12,000 mobile network threats, and 850 threat assessments logged and monitored.
Many individuals inside China as well as diaspora populations use WeChat out of necessity rather than choice. For vulnerable populations that must use the application (for instance, domestic journalists and foreign correspondents, and activists), precise threat modeling is of utmost importance. There has been very little work investigating specific security and privacy properties of WeChat and its proprietary transport encryption protocol MMTLS. Various government entities in China can likely request arbitrary user data from WeChat and other companies, yet little scrutiny has been given towards how encrypted network traffic (and MMTLS) can be used for mass surveillance on-the-ground. With this project, Information Controls Fellowship Program Fellow Mona Wang aims to understand exactly what information is sent over communications between the WeChat application and its servers.