Fact-checked by Grok 2 weeks ago

Citizen Lab

The Citizen Lab is an interdisciplinary research laboratory affiliated with the and at the , founded in 2001 by Ron Deibert to investigate digital threats at the intersection of information and communication technologies, , and global security. Its mission emphasizes research into internet censorship, surveillance practices, influence operations, and related policy issues, employing methods such as network analysis, forensic investigations, and legislative reviews to expose threats primarily targeting actors, journalists, and dissidents in authoritarian contexts. The lab has gained prominence for documenting sophisticated cyber espionage campaigns and commercial spyware deployments, including early revelations on tools like FinFisher and contributions to global awareness of the Pegasus spyware developed by NSO Group, which prompted legal actions and sanctions against implicated entities. These efforts have influenced international policy discussions on digital security and export controls for surveillance technologies, positioning Citizen Lab as a key player in advocating for internet openness and privacy protections. However, some of its high-profile reports, such as the "" investigation linking to Spanish authorities targeting Catalan independence figures, have faced academic scrutiny for shortcomings in , fieldwork , and evidentiary standards, raising questions about the rigor underlying certain causal attributions in politically charged cases. This controversy underscores ongoing debates over the balance between rapid investigative reporting and methodological accountability in nonprofit research.

History

Founding and Early Development

The Citizen Lab was established in 2001 by Ronald Deibert, a professor of at the , as an interdisciplinary research laboratory focused on the intersection of digital technologies, , and global security. Deibert, motivated by concerns over potential government-led censorship amid the early "information revolution," secured initial funding of $250,000 from the to launch the initiative. Housed within the university's academic framework—later formalized under the and Public Policy—the lab adopted a multidisciplinary model integrating , , , and to empirically investigate threats to openness and user privacy. Early development emphasized testing theories of state-sponsored digital controls through hands-on technical analysis and fieldwork. In 2003, Nart Villeneuve, a graduate student under Deibert, spearheaded the lab's first major project, which mapped and compared censorship practices across multiple countries, revealing systematic blocking of content related to , , and . This effort directly informed the creation of the OpenNet Initiative, a collaborative mapping project with Harvard University's Berkman Klein Center and the , which produced the first comprehensive global surveys of filtering regimes starting in 2004–2005. By mid-decade, Citizen Lab had developed proprietary tools for detecting filtering technologies and began disseminating findings to , policymakers, and affected communities, establishing its reputation for rigorous, evidence-based reporting on information controls without reliance on corporate or governmental partnerships. These foundational activities prioritized 's role in online expression, setting the stage for later expansions into investigations while maintaining a commitment to open-source methodologies and transparency in research processes.

Expansion and Institutional Milestones

Following its establishment in 2001, Citizen Lab broadened its operational scope by integrating interdisciplinary expertise from , , , and to address evolving digital threats, transitioning from initial focus on internet filtering to comprehensive investigations of surveillance technologies and state-sponsored operations. This growth was supported by diversified funding from foundations including the Donner Canadian Foundation, , and William and Flora , enabling expanded research capacity and strategic policy engagement. A key institutional milestone occurred in 2014 when Citizen Lab received a $1 million MacArthur Award for Creative and Effective Institutions—the first such award granted to a Canadian —intended to establish an endowment, enhance communications, and sustain long-term outreach on information controls impacting . The award recognized the lab's development of novel methods for documenting network and , facilitating institutional stability amid increasing global demand for its expertise. Citizen Lab further solidified its position through strategic partnerships, securing in-kind contributions from cybersecurity firms such as (now part of ), , and Cisco's Threat Grid, which provided access to proprietary threat intelligence tools essential for scaling technical analyses. In parallel, it co-founded the Information Controls Fellowship Program with the , serving as a host organization to cultivate emerging researchers in digital security and studies, thereby fostering institutional and network expansion. These developments underscored Citizen Lab's evolution into a pivotal hub for within the University of Toronto's & Public Policy.

Organizational Structure and Operations

Leadership and Key Personnel

Ronald Deibert has been the founder and director of the Citizen Lab since its inception in 2001. A professor of at the University of Toronto's and Public Policy, Deibert oversees the lab's interdisciplinary research into digital threats, drawing on expertise in , , and . The lab's core research is conducted by a team of senior researchers, fellows, and associates, many with specialized backgrounds in cybersecurity, , and . Prominent senior researchers include Bill Marczak, known for technical analyses of surveillance; John Scott-Railton, who has led investigations into targeted campaigns; and Irene Poetranto, focusing on Southeast Asian digital ecosystems. Other key figures encompass Siena Anstis as senior legal advisor, addressing policy implications of surveillance technologies, and Lex Gill as senior fellow, contributing to studies on data practices. Administrative roles support operations, with Céline Bauwens serving as director of administration and Adam Senft as operations manager, ensuring logistical and security protocols for the lab's global fieldwork. The personnel structure emphasizes collaboration among approximately 40 staff, researchers, and affiliates, including post-doctoral fellows and students, though exact headcount fluctuates with project demands.

Research Methods and Tools

Citizen Lab employs a mixed-methods framework that draws on , , , and to examine digital threats, including technologies, , and information controls. This interdisciplinary approach merges empirical technical analysis—such as dissection and probing—with qualitative , including collaborations with targets and contextual assessments of geopolitical factors. Human subjects protocols guide interactions with individuals potentially exposed to risks, ensuring ethical handling of sensitive data from investigations into targeted or state-sponsored operations. Central to their technical toolkit is forensic device analysis for detecting spyware infections, involving the acquisition and imaging of iOS and Android devices from victims to inspect filesystem artifacts, log modifications, and network indicators like command-and-control domains. Researchers identify specific indicators of compromise, such as the SMALLPRETZEL artifact in Paragon's Graphite iOS spyware, confirmed in a June 2025 analysis of a journalist's device compromised as early as 2023. They integrate open-source tools like Amnesty International's Mobile Verification Toolkit (MVT), which scans backups and device dumps for Pegasus-related traces including suspicious domains and bundle identifiers, a methodology Citizen Lab has peer-reviewed and applied in joint investigations. Reverse engineering of malware samples, often submitted to platforms like VirusTotal for initial triage, further reveals exploit chains and persistence mechanisms. For broader network threats, Citizen Lab conducts active and passive scanning to map censorship tools and surveillance infrastructure, as in their 2013 "Planet Blue Coat" report, which traced global deployment of content filtering appliances via IP geolocation and data. They utilize threat intelligence services like PassiveTotal for DNS and enrichment to link observed artifacts to vendors or actors. Project-specific methodologies include the Access My Info framework, launched in , which automates data access requests to companies under privacy laws, followed by structured analysis of responses to quantify compliance and data practices across jurisdictions. These methods emphasize verifiable artifacts over attribution reliant solely on , though they incorporate collaborative verification with NGOs to mitigate single-source limitations.

Funding and Affiliations

Citizen Lab is formally affiliated with the and Public Policy at the , where it operates as an interdisciplinary research laboratory focused on digital threats to , , and . This university affiliation provides institutional support, including access to academic resources and oversight, while allowing operational independence in research selection. The lab's primary funding derives from the , supplemented by grants from private foundations and philanthropists. Key supporters include the Donner Canadian Foundation, , and , which have provided financial backing for specific projects and general operations. In 2014, it received a grant from and as part of the New Digital Age initiative to advance digital security research. More recently, in late 2024, an anonymous donor contributed $43,872,000 to the specifically earmarked for Citizen Lab activities. Citizen Lab maintains a against accepting direct to preserve research independence, relying instead on allocations and nongovernmental sources. It has also collaborated on fellowship programs with the (OTF), which it co-founded, though these involve performance-based contracts rather than core operational . This model supports its investigative work but has drawn scrutiny in contexts where donors' interests align with geopolitical priorities, such as U.S.-based foundations scrutiny of authoritarian tools.

Research Focus and Key Investigations

Investigations into Surveillance and Spyware

Citizen Lab's investigations into and have primarily utilized forensic analysis of infected devices, network traffic examination, and of samples to uncover the deployment of commercial and state-sponsored tools targeting , journalists, and dissidents. These efforts revealed the global proliferation of sophisticated suites capable of zero-click infections, remote microphone activation, and , often sold exclusively to governments. Early work focused on mapping the spread of tools like and Hacking Team's Remote Control System (), with reports in 2014 and 2015 identifying infections in over 20 countries, including , , and , where the was used against activists. A landmark series of reports centered on NSO Group's Pegasus spyware, first forensically confirmed by Citizen Lab in 2016 on the device of UAE human rights activist Ahmed Mansoor, which demonstrated capabilities including silent SMS sending and full device compromise without user interaction. Subsequent investigations, such as "Hide and Seek" in 2018, tracked Pegasus operations to at least 45 countries through domain analysis and device scans, linking infections to entities in Mexico, Azerbaijan, and Togo targeting journalists and opposition figures. In 2021, analysis of a Saudi activist's iPhone uncovered the FORCEDENTRY zero-click exploit abusing iMessage, affecting multiple Apple employees' devices and prompting patches from Apple and a U.S. blacklist of NSO Group. Pegasus-related findings extended to specific campaigns, including Project Torogoz in (2022), where 35 journalists and members were infected between July and November 2020 using zero-click exploits; extensive targeting in (CatalanGate, 2022), affecting 65 individuals including politicians with and Candiru's spyware; and large-scale surveillance in (2024), confirming 35 infections or attempts on from 2019 to 2023. In (2022), collaboration with R3D identified infections on journalists' devices from 2019 to 2021, amid government denials. Similar patterns emerged in (2023), with two critics targeted, and Thailand's pro-democracy movement. These cases relied on indicators like suspicious domains and filesystem artifacts, with infections persisting despite vendor claims of ethical use. Beyond Pegasus, Citizen Lab exposed operations involving other vendors, such as Dark Caracal in 2018, a Lebanese- and Israel-linked APT stealing gigabytes of data via trojanized Telegram and apps targeting U.S., Canadian, and Middle Eastern entities, including embassies and . In 2023–2025, investigations identified spyware from Israel's Solutions on a journalist's device in January–February 2025, and Monokle-type installed on a Russian programmer's after confiscation by authorities in 2024, highlighting risks from device seizures. These findings underscored the mercenary spyware market's evolution, with zero-day exploits and AI-assisted targeting, often evading detection through encrypted communications and self-deleting payloads. Methodologically, Citizen Lab developed tools like the Mobile Verification Toolkit (MVT) in collaboration with (2021) to detect Pegasus traces on and devices, enabling broader verification by victims and researchers. Reports emphasized from device logs, crash reports, and IP attribution, while noting challenges like short infection windows and vendor obfuscation. Outcomes included U.S. sanctions on NSO and others, lawsuits against firms, and heightened scrutiny of export controls, though proliferation continued amid limited accountability for state actors.

Censorship, Filtering, and State-Sponsored Operations

Citizen Lab researchers have documented the deployment of commercial filtering technologies by authoritarian regimes to enforce internet censorship. In their April 25, 2018, report "Planet Netsweeper," the lab identified instances of Netsweeper software—a product of the Canadian firm Netsweeper Inc.—being used in at least ten countries, including , the , , and , to selectively block websites related to political opposition, organizations, and LGBTQ+ content. The analysis involved remote network probes and , revealing category-based blocking lists that targeted terms like "" and "" in local contexts, with showing the highest volume of censored URLs among tested nations. A significant portion of Citizen Lab's censorship research targets China's Great Firewall and associated platforms. The November 4, 2021, launch of GFWatch provided a scalable measurement tool for tracking DNS poisoning and resolution interference, enabling longitudinal data collection on blocked domains such as those hosting materials or references. Complementary studies, including the July 15, 2019, report "(Can't) Picture This 2," demonstrated WeChat's real-time hashing and filtering in private chats, where sensitive visuals like the Citizen Lab were censored upon detection, even in non-China-registered accounts. A , 2023, analysis, "Missing Links," compared censorship across Baidu, , and others, finding systematic suppression of queries on topics like the 1989 events and rights, with over 90% of tested political terms yielding filtered results. In examining state-sponsored operations tied to information control, Citizen Lab's May 7, 2020, report "We Chat, They Watch" revealed how —operated by under Chinese regulatory oversight—surveils content from international users to populate and refine mainland China's databases, including automated blocking of shared documents and images deemed sensitive. This extends to broader campaigns, such as Russia-aligned influence operations; a into "Tainted Leaks" exposed coordinated hacks and selective leaks targeting activists, while an August 14, 2024, report detailed sophisticated attacks against Russian critics worldwide, incorporating for narrative suppression. These findings, derived from endpoint forensics and , underscore state utilization of both domestic platforms and transnational tools to enforce filtering at scale, often evading detection through obfuscated infrastructure.

Emerging Threats and Digital Influence Campaigns

Citizen Lab has examined state-sponsored digital influence operations that leverage and tactics to manipulate narratives, discredit opponents, and incite unrest. These investigations highlight the evolution of from traditional and leaks to ephemeral content deployment and AI-generated media, often blurring lines between state actors and private firms. In a 2017 report, Citizen Lab detailed the "Tainted Leaks" campaign, a operation targeting over 200 individuals across 39 countries, including government officials, journalists, and activists critical of . Attackers used credential-harvesting emails with shortened URLs to steal documents, which were then altered—such as inserting false claims of foreign funding—and laundered through pro-Russian outlets like CyberBerkut to sow distrust and undermine opposition figures like . Tactics overlapped with known Russian-linked groups, though direct attribution to a state agency remained inconclusive based on available evidence. By 2019, Citizen Lab's analysis of the "Endless Mayfly" operation revealed tactics of ephemerality, where inauthentic websites and personas impersonated legitimate outlets via and redirects to spread anti-Saudi, anti-Israel, and anti-U.S. narratives. Content, including 135 fabricated articles targeting dissidents like Ali Al-Ahmed, was amplified through bots and aligned networks before deletion, redirecting to authentic sites to evade detection. This approach underscored challenges in forensic attribution, requiring infrastructure tracing and archived captures, and illustrated how short-lived evades platform moderation. More recently, the 2024 "PAPERWALL" investigation uncovered a network of 123 websites masquerading as in 30 countries across , , and , disseminating pro-Beijing content, attacks on critics, and commercial releases sourced from Chinese wire services. Operated by Shenzhen-based Haimaiyunxiang Media Co., Ltd., a private firm, the sites demonstrated how commercial entities facilitate state-aligned influence, with low direct traffic but potential for local media amplification. Emerging threats involving were spotlighted in the 2025 "PRISONBREAK" report, which identified over 50 inauthentic X accounts promoting regime-change narratives in , timed with the June 2025 "Twelve-Day War." Tactics included AI-generated deepfakes, such as fabricated videos of bombings on June 23, 2025, and impersonation of outlets like , with activity peaking in coordination with military actions and Foreign Minister Gideon Saar's posts. Evidence, including time-zone patterns and narrative alignment, pointed to likely government or subcontractor involvement, marking AI's role in scalable, deceptive influence at scale. These cases reveal patterns in digital influence, from phishing-laundered leaks to AI-amplified , emphasizing private-sector enablers and detection hurdles like content transience and cross-platform spread. Citizen Lab advocates multidisciplinary strategies, including policy adaptations to counter such operations without stifling legitimate discourse.

Controversies and Criticisms

Methodological and Ethical Challenges

Critics have questioned the rigor of Citizen Lab's attribution processes in linking spyware infections to specific state actors, arguing that detections rely on indicators of compromise that lack sufficient and without access to proprietary vendor data or third-party verification. In particular, claims of " " for forensic methodologies have been challenged as unconvincing, given the absence of impartial external scrutiny in politically sensitive cases. A prominent example involves the 2022 "Gate" report, which alleged widespread use of and spyware by the Spanish government against Catalan independence figures; a critical academic highlighted flaws in , including breaches of digital forensic protocols and academic conventions, as well as inadequate fieldwork lacking a proper for device evidence, which raises risks of false positives or contamination. The further critiqued practices for deviating from established scientific norms, such as selective presentation of findings that could amplify unverified attributions without comprehensive counter-evidence analysis. Ethically, these investigations have faced scrutiny for potential biases in case selection and , with the CatalanGate accused of aligning with secessionist narratives, possibly serving as a tool for political litigation or rather than neutral scholarship. Concerns include insufficient mechanisms, such as the failure to disclose full methodological details for replication, and the ethical implications of publicizing findings that could endanger sources or provoke retaliation without exhaustive pre-publication verification. In response to such critiques, external parties have called for university-led probes into Citizen Lab's protocols, though no formal retraction or overhaul has been documented as of 2023.

Allegations of Bias and Selectivity

Critics have alleged that Citizen Lab exhibits and selectivity in its research, particularly in high-profile investigations attributing use to governments, where reports are accused of favoring narratives aligned with certain activist causes over balanced evidence presentation. In the "CatalanGate" report, which claimed extensive and deployment by the Spanish government against independence figures, reviewers identified in case selection and reporting, arguing that the lab bundled inconclusive indicators with confirmed infections to inflate victim counts and imply widespread state orchestration without sufficient disaggregation of evidence. These critiques highlight omissions of alternative explanations, such as potential or non-state actors, and a lack of rigor in forensic confirmations, with one documented error in attributing a confirmed infection to a non-targeted later corrected by Citizen Lab on , 2022, after manual review of 65 cases revealed isolated but notable inaccuracies. Political bias allegations stem from perceived alignment with pro-independence stakeholders, including collaborations that critics say prioritized media impact over neutrality, potentially shaping against the Spanish state while downplaying evidentiary gaps. Broader claims of selectivity point to Citizen Lab's focus on spyware linked to authoritarian or non-Western regimes, such as extensive reporting on and Chinese operations, contrasted with comparatively limited scrutiny of Western government tools, though defenders attribute this to the lab's emphasis on threats to rather than deliberate omission. Such patterns, per critics, risk reinforcing geopolitical narratives without equivalent empirical depth across actors, though no peer-reviewed studies have quantified overall research distribution to substantiate systemic selectivity. Citizen Lab maintains its methodologies undergo internal and external , rejecting bias claims as attempts to discredit findings on abuses.

Interactions with Adversaries and Pushback

Citizen Lab's exposure of NSO Group's Pegasus spyware deployments against journalists, activists, and dissidents has elicited legal countermeasures from the company. In the ongoing U.S. federal lawsuit filed by Meta (formerly Facebook) against NSO in 2019, alleging Pegasus targeted over 1,400 devices including those linked to Citizen Lab's investigations, NSO sought to obtain internal documents from Citizen Lab researchers. Specifically, in March 2024, NSO requested a letter rogatory for cross-border discovery, which U.S. District Judge Phyllis Hamilton denied; a renewed request in April 2024 was similarly rejected in May 2024 as "overbroad," though the judge left open the possibility of a narrower future bid. NSO argued the materials were needed to demonstrate Pegasus's use solely against criminals and terrorists, contesting Citizen Lab's evidence of civil society targeting. Private efforts to discredit Citizen Lab emerged shortly after Novalpina Capital's 2019 acquisition of NSO. Novalpina partner Stephen Peel commissioned research and outreach aimed at undermining the lab's findings on abuses, including hiring Vivek Krishnamurthy—a former research assistant to Citizen Lab director Ron Deibert—to contact Deibert and leveraging personal ties from the . Peel also dined with in May 2019 to question Citizen Lab's donor-funded motives and push for defunding, with internal emails referencing Deibert over 470 times. These actions, revealed through data protection disclosures, sought to portray Citizen Lab's work as biased or incomplete amid NSO's defense that its tools serve lawful purposes. Interactions with state adversaries have yielded more opaque pushback, often limited to denials of involvement in operations Citizen Lab attributes to them. For instance, following revelations of state-linked like Monokle installed on devices confiscated from targets, Russian authorities have rejected broader malfeasance claims, as in BBC-reported denials of abuses. Similarly, Chinese government-aligned actors implicated in and campaigns against activists have not publicly engaged Citizen Lab's attributions, though the lab's reports highlight persistent digital threats without direct retaliation documented. These responses contrast with NSO's overt legal tactics, underscoring adversaries' varied strategies to deflect scrutiny of practices.

Impact and Reception

Policy Influence and Legal Outcomes

Citizen Lab's investigations into commercial have informed policy deliberations in multiple jurisdictions, including recommendations for stricter export controls on technologies. In a 2019 submission to the on freedom of opinion and expression, the lab urged states to amend regulations requiring licensing for exports, citing risks to from unregulated sales to authoritarian regimes. Their 2017 report "Who's Watching Little Brother?" critiqued gaps in international frameworks like the , advocating for controls that balance security research with preventing misuse, though noting potential drawbacks for legitimate defensive tools. Research from Citizen Lab has prompted governmental responses to proliferation, including U.S. congressional testimony. Senior researcher John Scott-Railton testified before the U.S. House Permanent Select Committee on Intelligence in July 2022, highlighting threats to from mercenary and urging policy measures to curb foreign commercial surveillance vendors. Their documentation of deployments contributed to broader revelations that influenced the U.S. Department's November 2021 blacklisting of , restricting American exports to the firm due to risks from its tools' misuse by foreign governments. In Europe, findings such as the 2022 CatalanGate report on extensive operations against Catalan independence figures spurred parliamentary inquiries in and heightened scrutiny in and , where similar targeting of journalists and opposition led to domestic political debates on . Legally, Citizen Lab's forensic analyses have supported multiple actions against spyware vendors. Their evidence on Pegasus infections aided Apple's November 2021 lawsuit against NSO Group, which sought to enjoin the firm from targeting iOS users and highlighted exploits like the zero-click iMessage vulnerability detailed in the lab's September 2021 ForcedEntry report. The lab maintains a resource tracking related litigations, including WhatsApp's 2019 suit against NSO for hacking 1,400 users and various complaints under international human rights frameworks. Conversely, NSO Group initiated legal challenges against Citizen Lab in 2024, seeking discovery on research methods used in Pegasus reports, though U.S. courts have repeatedly denied the firm's motions to compel evidence, citing protections for confidential sources. These cases underscore tensions between vendor accountability and researcher protections in spyware disputes.

Recognition and Broader Contributions

Citizen Lab has garnered significant recognition for its pioneering research on digital threats to . In February 2014, the laboratory received the Foundation's Award for Creative and Effective Institutions, which included a $1 million grant to establish an endowment and enhance communications and outreach efforts. This award highlighted the lab's role in exposing cyberspying and , marking the first time a Canadian entity received this honor. Later that year, in March 2014, Citizen Lab was one of ten nonprofits selected for the New Digital Age Grants, funded by a $1 million donation from Executive Chairman and his wife , to support innovative technology solutions for global challenges. In August 2015, the (EFF) awarded Citizen Lab its Pioneer Award, recognizing the lab's advancements in , , and to defend . The praised the lab's investigations into state-sponsored surveillance and censorship, which have informed global efforts to protect civil society from digital espionage. Founder Ronald Deibert has also received individual honors tied to the lab's work, such as the International Studies Association's Distinguished Scholar award in April 2021 for contributions to international security studies. Beyond awards, Citizen Lab has made broader contributions through practical tools and policy engagement. The lab developed the original design for , a censorship-circumvention software launched in 2009, which has enabled users in countries like and to access blocked content despite government restrictions; Psiphon later spun out into a private entity with ongoing lab partnership. It also collaborated on Security Planner, a platform offering peer-reviewed recommendations for online safety, which earned a Excellence through Innovation Award for its team. These efforts extend to strategic policy work, including providing evidence on digital transnational repression that has been cited in parliamentary inquiries, and investigations into spyware like that heightened international scrutiny leading to the U.S. blacklisting of in November 2021. The lab further supports education via student supervision, research fellowships, and partnerships with foundations like the and to advance transparency and accountability in .

Debates on Effectiveness and Unintended Consequences

Citizen Lab's investigations into and have demonstrably influenced policy and corporate actions, with reports on NSO Group's contributing to the U.S. Department of Commerce's blacklisting of the firm on November 3, 2021, amid broader international scrutiny including the European Parliament's PEGA Committee inquiry launched in March 2022. These outcomes, alongside advocacy campaigns and legal challenges like Apple's 2021 lawsuit against NSO, underscore claims by lab director Ron Deibert that such research has spurred "consequences, actions taken, policy changes" in multiple instances. However, debates persist over the lab's overall effectiveness, particularly regarding methodological robustness. Critics, including cryptographer , have challenged Citizen Lab's assertions of independent in forensic analyses, arguing they lack convincing substantiation and may overstate scientific validity. In the 2022 "CatalanGate" report alleging use by Spanish authorities against independence figures, a review by LSE researcher José Javier Olivas Osuna contends the work violates in research design, evidence handling, and reporting, recommending retraction by the to avoid reputational damage. Such critiques suggest that flaws in specific high-profile cases could erode trust in the lab's broader findings, potentially limiting policy impact despite initial media amplification. Unintended consequences of Citizen Lab's disclosures include alerting spyware vendors to detection techniques, enabling them to adapt and evade future scrutiny. Senior researcher John Scott-Railton has noted that detailing forensic methodologies in reports allows commercial actors like NSO to refine tools, complicating ongoing investigations and perpetuating an "ongoing battle." Ethical concerns raised in critiques of operations like CatalanGate highlight risks of collateral harm, such as unintended negative effects on third parties or diplomatic tensions from unverified attributions. Deibert himself has acknowledged technology's loops creating broader societal risks, though applied more generally to digital threats than the lab's methods. These dynamics raise questions about whether heightened awareness and vendor evolution ultimately advance or hinder long-term threat mitigation.

References

  1. [1]
    About the Citizen Lab
    The Citizen Lab is an interdisciplinary lab at the University of Toronto, focusing on digital threats to civil society and high-level policy engagement.Missing: mission | Show results with:mission
  2. [2]
    Watching the watchers: U of T's Ron Deibert blazing new trails with ...
    Dec 4, 2016 · What is the Citizen Lab and what kind of research does it do? The Citizen Lab is a research lab that I found in 2001. Our mission is to ...
  3. [3]
    [PDF] Research and development at the intersection of digital media ...
    The Citizen Lab researches digital espionage, internet filtering, transparency, and privacy controls of popular apps, focusing on cyber security issues related ...
  4. [4]
    The Citizen Lab
    ### Summary of Citizen Lab
  5. [5]
    What to do about "dual use" digital technologies? - Ronald Deibert
    Nov 29, 2016 · For over a decade, the Citizen Lab at the Munk School of Global Affairs, University of Toronto has researched and documented information ...<|separator|>
  6. [6]
    MacArthur Foundation Awards $1 Million to Citizen Lab
    Feb 20, 2014 · In carrying out its work, the Citizen Lab aims to explore issues that impact the openness and security of the Internet and that pose threats to ...
  7. [7]
    [PDF] The Pegasus spyware scandal A critical review of Citizen Lab's ...
    Dec 22, 2022 · Citizen Lab has used “academic freedom” and “academic independence” as arguments to dispel criticisms on their me- thods and research ...
  8. [8]
    (PDF) The Pegasus spyware scandal: A critical review of Citizen ...
    This critical review shows that Citizen Lab's research design, fieldwork, and reporting of findings in the “CatalanGate” report clash with commonly accepted ...
  9. [9]
    How The Citizen Lab polices the world's digital spies - CSMonitor.com
    Dec 22, 2016 · University of Toronto professor Ron Deibert launched The Citizen Lab in 2001 to become the 'CSI of the internet.' Since then, it has become ...
  10. [10]
    The Citizen Lab - MacArthur Foundation
    An interdisciplinary laboratory that operates at the intersection of human rights, global security, and the digital world.Missing: early development
  11. [11]
    Citizen Lab wins Canada's 1st $1M MacArthur award | CBC News
    Feb 20, 2014 · The Citizen Lab, a Toronto research group that exposes cyberspying and internet censorship, has won a prestigious $1-million grant from the ...Missing: milestones partnerships
  12. [12]
    2022 Information Controls Fellowship Program - The Citizen Lab
    Jan 31, 2022 · ICFP at the Citizen Lab. The Citizen Lab co-founded the program with OTF and has been a host organization since its inception. We welcome ...
  13. [13]
    Citizen Lab | The Munk School
    Founded by Professor Ron Deibert, The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of ...
  14. [14]
    Bio - RONALD DEIBERT - The Citizen Lab
    Ron Deibert, (OC, O.Ont., PhD, University of British Columbia) is a professor of political science, and the founder and director of the Citizen Lab.
  15. [15]
    People - The Citizen Lab
    Director Ron Deibert Founder & Director email: ron at citizenlab.ca (pgp) Staff and Researchers Bahr Abdul Razzak Security Researcher Mohamed Ahmed.Missing: leadership | Show results with:leadership
  16. [16]
    Independent Peer Review of Amnesty International's Forensic ...
    Jul 18, 2021 · Citizen Lab's peer review of Amnesty International's forensic techniques to identify Pegasus spyware concludes they are sound.
  17. [17]
    Graphite Caught: First Forensic Confirmation of Paragon's iOS ...
    Jun 12, 2025 · Citizen Lab confirmed that the device was targeted with spyware, and affirms the presence of the SMALLPRETZEL forensic indicator. Compromise was ...Missing: methods | Show results with:methods
  18. [18]
    Forensic Methodology Report: How to catch NSO Group's Pegasus
    Jul 18, 2021 · This report documents the forensic traces left on iOS and Android devices following targeting with the Pegasus spyware.
  19. [19]
    Publications - The Citizen Lab
    “Project Torogoz: Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware,” The Citizen Lab Research Report No. 148, University of ...Missing: early | Show results with:early
  20. [20]
    Access My Info: How a Team of Researchers Investigated Data ...
    Oct 16, 2019 · Citizen Lab provides resources for researchers and advocates who are interested in running their own AMI project. The Access My Info Playbook ...
  21. [21]
    [PDF] ID File No: 0018-C1-00135-01 UCI: 11-0952-9374 IMMIGRATION ...
    6. The Citizen Lab is funded by the university and has received funding from various government and private funding institutions, including the Canada Centre ...
  22. [22]
    Citizen Lab Receives "New Digital Age" Grant from Eric Schmidt
    The Citizen Lab at the University of Toronto has been awarded a "New Digital Age" Grant funded by Eric Schmidt and his wife Wendy. This grant, part of a $1 ...
  23. [23]
    [PDF] Academic Board SPONSOR: CONTACT INFO: David Palmer, Vice ...
    Feb 24, 2025 · Quarterly List of Donations of $250,000 or more to the University of Toronto – Nov 1, ... The Citizen Lab. $43,872,000. Anonymous Donor.
  24. [24]
    Keep the Open Technology Fund Open - The Citizen Lab
    Jun 19, 2020 · The encroachments to OTF highlight why independent and transparent funding sources for research and development on Internet freedom are so
  25. [25]
    Call for applications: Information Controls Fellowship Program 2025
    Jan 22, 2025 · Funding awards are performance-based contracts signed directly with the applicant. ... The Citizen Lab co-founded the program with OTF and has ...
  26. [26]
    Mapping Hacking Team's “Untraceable” Spyware - The Citizen Lab
    Feb 17, 2014 · The second in a series of posts that focus on the global proliferation and use of Hacking Team RCS spyware, which is sold exclusively to ...
  27. [27]
    Mapping FinFisher's Continuing Proliferation - The Citizen Lab
    Oct 15, 2015 · FinFisher is a sophisticated computer spyware suite, written by Munich-based FinFisher GmbH, and sold exclusively to governments for ...
  28. [28]
    FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured ...
    Sep 13, 2021 · While analyzing the phone of a Saudi activist infected with NSO Group's Pegasus spyware, we discovered a zero-day zero-click exploit against ...
  29. [29]
    Hide and Seek: Tracking NSO Group's Pegasus Spyware to ...
    Case study, Middle East, Technology & society, Citizen Lab, Munk School. Hide and Seek: Tracking NSO Group's Pegasus Spyware to Operations in 45 Countries.
  30. [30]
    Project Torogoz: Extensive Hacking of Media & Civil Society in El ...
    Jan 12, 2022 · We confirmed 35 cases of journalists and members of civil society whose phones were successfully infected with NSO's Pegasus spyware between ...
  31. [31]
    Extensive Mercenary Spyware Operation against Catalans Using ...
    Apr 18, 2022 · The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with ...Missing: Dark Caracal Sandworm
  32. [32]
    Confirming Large-Scale Pegasus Surveillance of Jordan-based Civil ...
    Feb 1, 2024 · The investigation found that at least 35 individuals were infected or targeted with Pegasus spyware, from at least 2019 until September 2023.
  33. [33]
    Device Confiscated by Russian Authorities Returned with Monokle ...
    Dec 5, 2024 · This joint investigation with First Department, a legal assistance organization, found spyware covertly implanted on a phone returned to a Russian programmer.
  34. [34]
    NSO Group's Pegasus Spyware Returns in 2022 with a Trio of iOS ...
    Apr 18, 2023 · In 2022, the Citizen Lab gained extensive forensic visibility into new NSO Group exploit activity after finding infections among members of ...Missing: methodology | Show results with:methodology
  35. [35]
    Planet Netsweeper: Executive Summary - The Citizen Lab
    Apr 25, 2018 · This report describes an investigation into the global proliferation of Internet filtering systems manufactured by Netsweeper.
  36. [36]
    To censor the internet, 10 countries use Canadian filtering ... - CBC
    Apr 25, 2018 · A new Citizen Lab report says Netsweeper is being used to censor political critics, news, and LGBTQ+ resources.
  37. [37]
    A Longitudinal Measurement Platform Built to Monitor China's DNS ...
    Nov 4, 2021 · DNS filtering is a process of interfering with DNS resolutions, which are used to map human-memorable domain names (e.g., citizenlab.ca) to ...Missing: investigations | Show results with:investigations
  38. [38]
    (Can't) Picture This 2: An Analysis of WeChat's Realtime Image ...
    Jul 15, 2019 · To test this, we sent the now-filtered Citizen Lab logo a second time to test whether sending it the first time removed it from the hash index.
  39. [39]
    Missing Links: A comparison of search censorship in China
    Apr 26, 2023 · In this report, we show how search platforms operating in China infringe on their users' rights to freely access political and religious content.
  40. [40]
    We Chat, They Watch: How International Users Unwittingly Build up ...
    May 7, 2020 · In this report, we show that documents and images shared among non-China-registered accounts are subject to content surveillance and are used to build up the ...
  41. [41]
    Rivers of Phish: Sophisticated Phishing Targets Russia's Perceived ...
    Aug 14, 2024 · A sophisticated spear phishing campaign has been targeting Western and Russian civil society. In collaboration with Access Now, and with the ...Missing: Dark Caracal
  42. [42]
    Free Expression Online Archives - The Citizen Lab
    Studies of Internet filtering, network interference, and other technologies and practices that impact freedom of expression online.
  43. [43]
    Disinformation Archives - The Citizen Lab
    In the past decade, we have seen a significant shift in how governments talk about misinformation. Many countries now consider or intentionally frame ...
  44. [44]
    Burned After Reading: Endless Mayfly's Ephemeral Disinformation ...
    May 14, 2019 · Using Endless Mayfly as an illustration, this highlights the challenges of investigating & addressing disinformation from research & policy ...
  45. [45]
    Tainted Leaks: Disinformation and Phishing With a Russian Nexus
    May 25, 2017 · This report describes an extensive Russia-linked phishing and disinformation campaign. It provides evidence of how documents stolen from a prominent journalist ...
  46. [46]
    PAPERWALL: Chinese Websites Posing as Local News Outlets ...
    Feb 7, 2024 · These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the ...
  47. [47]
    We Say You Want a Revolution: PRISONBREAK - An AI-Enabled ...
    Oct 2, 2025 · We investigate a coordinated network of inauthentic X accounts that is spreading AI-generated content to induce revolt in Iran.
  48. [48]
    Please stop misleadingly quoting my critiques of Citizen Lab’s scientific methodology in order to…
    ### Summary of Nadim Kobeissi's Critiques of Citizen Lab's Methodology
  49. [49]
    a critical review of Citizen Lab's "CatalanGate" - LSE Research Online
    Mar 23, 2023 · This critical review shows that Citizen Lab's research design, fieldwork, and reporting of findings in the “CatalanGate” report clash with ...
  50. [50]
    (PDF) Methodological and ethical issues in Citizen Lab's spyware ...
    May 3, 2022 · This document outlines a series of potential methodological and ethical issues that would suggest the. need to launch an independent ...
  51. [51]
    CatalanGate Report: Correcting a Case - The Citizen Lab
    Dec 22, 2022 · We manually reviewed all of the 65 cases documented in the CatalanGate report featuring a forensic confirmation and found no other errors of ...Missing: allegations | Show results with:allegations
  52. [52]
    Israeli Spyware Firm NSO Group Drags Researchers to Court
    May 6, 2024 · In 2019, Citizen Lab reported finding dozens of cases in which Pegasus was used to target the phones of journalists and human rights defenders ...
  53. [53]
    Private equity executive sought to undermine NSO critics, data ...
    Apr 28, 2022 · The Citizen Lab at the University of Toronto has for years been a thorn in the side of the NSO Group, deciphering the company's ...
  54. [54]
    How a Russian man's harrowing tale shows the physical dangers of ...
    Dec 5, 2024 · Subscribe to our daily newsletter. Subscribe. Close. Threats. How a Russian man's harrowing tale shows the physical dangers of ...Missing: responses | Show results with:responses
  55. [55]
    Weaponized Words: Uyghur Language Software Hijacked to Deliver ...
    Apr 28, 2025 · The ruse employed by the attackers replicates a typical pattern: threat actors likely aligned with the Chinese government have repeatedly ...
  56. [56]
    Citizen Lab Recommendations to the United Nations Special ...
    Feb 15, 2019 · 3.3 States should follow Europe's lead and clarify or amend export controls to require licensing for spyware and surveillance technologies ...
  57. [57]
    [PDF] Who's Watching Little Brother? | The Citizen Lab
    Mar 2, 2017 · Identify commercial spyware companies' practices of concern. ☑ Define the goals of accountability measures.Missing: projects | Show results with:projects
  58. [58]
    John Scott-Railton Delivers Testimony to House Permanent Select ...
    Jul 27, 2022 · The Citizen Lab's mandate is concerned with how these threats impact civil society, whether nonprofits, journalists, human rights defenders ...Missing: influence | Show results with:influence
  59. [59]
    Israeli firm NSO Group blacklisted by the US for use of spyware - CNN
    Nov 3, 2021 · The US Commerce Department on Wednesday blacklisted Israeli firms NSO Group and Candiru, accusing the companies of providing spyware to foreign governments.
  60. [60]
    The Citizen Lab's Brave Fight Against Spyware
    Mar 24, 2025 · In mapping out and helping to thwart this burgeoning industry, the Citizen Lab has used “tools, methods, and open-source investigative ...
  61. [61]
    Apple sues NSO Group to curb the abuse of state-sponsored spyware
    Nov 23, 2021 · Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users.Missing: details | Show results with:details
  62. [62]
    Litigation and other formal complaints related to mercenary spyware
    Dec 12, 2018 · This is a living resource document providing links and descriptions to litigation and other formal complaints concerning targeted digital surveillance.
  63. [63]
    Eric Schmidt Awards Citizen Lab "New Digital Age" Grant
    Citizen Lab is one of 10 non-profits to receive the New Digital Age Grants, funded through a $1 million donation by Eric Schmidt and his wife, Wendy.
  64. [64]
    The Citizen Lab wins 2015 Pioneer Award
    Aug 26, 2015 · The Citizen Lab is one of the winners of the 2015 Pioneer Award, awarded by the Electronic Frontier Foundation (EFF).
  65. [65]
    EFF Announces 2015 Pioneer Award Winners: Caspar Bowden ...
    Aug 26, 2015 · EFF Announces 2015 Pioneer Award Winners: Caspar Bowden, Citizen Lab, Anriette Esterhuysen and the Association for Progressive Communications, ...
  66. [66]
    Ron Deibert Receives ISA Award - The Citizen Lab
    Apr 6, 2021 · Citizen Lab founder and director, Ron Deibert, has been honoured as a Distinguished Scholar by the International Studies Association (ISA).Missing: broader | Show results with:broader
  67. [67]
    Psiphon Launch - Let the revolution begin! - RONALD DEIBERT
    May 2, 2009 · Although Psiphon is spinning out, its relationship with the Citizen Lab is stronger than ever. We have developed a strategic partnership with ...Missing: contribution | Show results with:contribution
  68. [68]
    Munk School staff and researchers receive U of T Excellence ...
    A team of Citizen Lab staff and researchers were awarded an honour for Security Planner, a platform with tested, peer-reviewed recommendations for staying safe ...
  69. [69]
    The Citizen Lab's research on digital transnational repression
    This research resulted in two comprehensive reports. The first report, published in 2022, focused on digital transnational repression against targets residing ...
  70. [70]
    'Cat and mouse game': how Citizen Lab shone a spotlight on Israeli ...
    May 12, 2020 · Ron Deibert has helped expose how Israeli spyware firm allegedly ... In 2001 he established the Citizen Lab at the University of Toronto.
  71. [71]
    [PDF] Europe's PegasusGate - European Parliament
    Jul 1, 2022 · Reports revealed that authoritarian and democratic governments around the world were using Pegasus to spy on journalists, lawyers, activists, ...
  72. [72]
    In-depth interview with Ron Deibert, Citizen Lab's founder
    May 31, 2021 · It is a long but rich interview: In 2001, Ron Deibert, a professor at the University of Toronto, founded Citizen Lab to help understand and ...
  73. [73]
    Citizen Lab details ongoing battle against spyware vendors
    Jan 29, 2024 · One of the main challenges Citizen Lab faces, he said, is vendors constantly adapting and changing tactics to allow the continuation of spyware ...<|separator|>
  74. [74]
    The Extremism Machine | U of T Magazine - University of Toronto
    Apr 23, 2021 · Online disinformation poses a danger to society. Researchers at U of T's Citizen Lab are tracking it – and trying to figure out how to stop it.