Turkish social media law consolidates news censorship under ‘right to be forgotten’
In late 2020, a Turkish court ruled that the leftist daily Evrensel should remove a news report alleging that a presidential advisor forged their high school diploma. Evrensel complied, Erdi Tütmez, news editor for the outlet told CPJ by email in January; the report was no longer available when CPJ reviewed the site, though it…
Kazakhstan’s move to control internet prompts censorship, surveillance concerns
A state-controlled internet service provider in Kazakhstan is requiring at least some of its subscribers to submit to having their internet traffic intercepted when they use specific websites–including social media sites, email and messaging services, and Google News, according to research published this week by Censored Planet, a project at the University of Michigan.
UN report promotes encryption as fundamental and protected right
On Wednesday, Special Rapporteur on freedom of opinion and expression David Kaye will present his report on international legal protection for encryption and anonymity to the United Nations Human Rights Council. The report is an important contribution to the security conversation at a time when some Western leaders are calling for ill-informed and impossible loopholes…
China’s Great Cannon: New weapon to suppress free speech online
China, rated as the eighth most censored country in the world, in a report released by CPJ today, has long had a strong line of defense against free speech online. Its Golden Shield Project, launched by the Ministry of Public Security in 1998, relies on a combination of technology and personnel to control what can…
When it comes to Great Firewall attacks, HTTPS is greatest defense
The power of HTTPS to protect has been brought into sharp focus by a series of attacks against software collaboration site GitHub. These attacks consistently failed because of the site’s universal use of HTTPS. Most recently, GitHub reported a blistering series of distributed denial of service attacks in March, which it believes were an attempt…
China’s CNNIC issues false certificates in serious breach of crypto trust
In a major breach of public trust and confidence, the Chinese digital certificate authority China Internet Network Information Center (CNNIC) certified false credentials for numerous domains, including several owned by Google. The deliberate breach had the potential to seriously endanger vulnerable users, such as journalists communicating with sources. The breach was discovered by Google and…
‘Spear phishing’ attacks underscore necessity of digital vigilance
The revelation that the FBI sent a fake Associated Press story containing malware to a teenager suspected of making bomb threats has brought “spear phishing” back into the public consciousness. The technique, which combines malicious software with social cues tailored to the target, has been used by state and non-state actors to attack journalists and…
Farsi guides to the surveillance attack in Iran
As we’ve reported before, there’s strong evidence that forces with widespread access to Iran’s internet infrastructure have been engaged in large-scale surveillance of https traffic in July and August, certainly of Google traffic, and perhaps many more websites, including Facebook and Yahoo! If you used the Internet in Iran during this period you should, at…
Catching the Internet’s spies in Iran and elsewhere
In August, Google introduced a new, if rather obscure, security feature to its Chrome web browser, designed to be triggered only under extreme circumstances. If you were talking to Google’s servers using the web’s secure “https” protocol, your browser makes a number of checks to ensure that you are really talking to Google’s servers. Like…