Reminds me of the “free” online games, where the free players provide the environment for the addicted “pro” players who pay a fortune for “extras” and upgrades.
If I've understood correctly, the test used was something along the lines of: two non-chinese accounts send back-and-forth messages including benign content (maybe a picture of a pie) and less-benign content (maybe "I like Falun Gong almost as much as I like the CDC"). Then, chinese accounts would observe that the picture of the pie might be censored. I don't actually see an unambiguous description of what messages were sent, or how strong the effect is. Those questions don't really matter for addressing "are non-chinese accounts monitored?" (unless CL is outright lying, obviously yes), but they do matter for the fun question:
Can this be used to construct an attack on WeChat? Providing targeted misinformation for training, to suggest correlations where there really are none, thus triggering WeChat to have a higher false-positive rate when censoring messages?
I'm reminded of RMS's famous practice (and a script in emacs, IIRC): automatically append various keywords to the bottom of emails to screw with any US surveillance that might be getting too nosy.
As far as I can tell, an attack isn't possible. WeChat would ideally like to analyze each document or video sent for sensitive content, but it takes some time (on the order of 20 seconds, maybe), and so that analysis can't be performed before messages are supposed to be delivered. However, if WeChat has already seen the video, then it can make the judgement quickly, and perform real-time censorship. Thus, sending a sensitive video the first time won't be blocked, but all subsequent sends will be. CL's result seems to be that if the first video send is between non-chinese accounts, that's still enough to get it analyzed and blocked the second time.
When we are discussing whether the accounts are monitored, we need to remember the no-password mongo db databases containing these messages were available on the internet.
That it actually takes 20 seconds implies to me that actual people are viewing the content. I don't see any automated system taking that long as I do believe they would just throw more resources at the problem.
I'm a Chinese here, many "Digital immigrants"(1) from China uses Telegram as replacement to WeChat, because I guess it's groupchat feature.
However, Telegram itself is not a surveillance-avoidance/privacy protection tool of course, as you need a phone number to register, and an valid phone number is really hard to get anonymously.
Foot notes:
1: "Digital immigrants" means people who digitally lives outside the network border of their own country, not the dumb buzzword that Wikipedia tries to feed you
If they’re using pure MD5 such that collisions work, then using steganography techniques to embed random bytes encrypted with some obvious cipher will bypass the initial autocensor while simultaneously driving the Chinese intelligence services crazy trying to decrypt the random bytes in every image sent. Note that using this approach may cause threat of harm to any sender or recipient within China’s sphere of influence.
23 comments
[ 3.5 ms ] story [ 68.3 ms ] threadCan this be used to construct an attack on WeChat? Providing targeted misinformation for training, to suggest correlations where there really are none, thus triggering WeChat to have a higher false-positive rate when censoring messages?
I'm reminded of RMS's famous practice (and a script in emacs, IIRC): automatically append various keywords to the bottom of emails to screw with any US surveillance that might be getting too nosy.
EDIT: I'm a dope, and should have read the full report (here: https://citizenlab.ca/2020/05/we-chat-they-watch/#part-2---t...) before commenting.
As far as I can tell, an attack isn't possible. WeChat would ideally like to analyze each document or video sent for sensitive content, but it takes some time (on the order of 20 seconds, maybe), and so that analysis can't be performed before messages are supposed to be delivered. However, if WeChat has already seen the video, then it can make the judgement quickly, and perform real-time censorship. Thus, sending a sensitive video the first time won't be blocked, but all subsequent sends will be. CL's result seems to be that if the first video send is between non-chinese accounts, that's still enough to get it analyzed and blocked the second time.
https://www.theverge.com/2019/3/4/18250474/chinese-messages-...
I wonder though... do we know enough now to know at what rate actual people view the content, vs just automated processing?
It's like refusing to eat eggs and milk for ethical purposes and then switching to steaks.
From raw human meat
I'm a Chinese here, many "Digital immigrants"(1) from China uses Telegram as replacement to WeChat, because I guess it's groupchat feature.
However, Telegram itself is not a surveillance-avoidance/privacy protection tool of course, as you need a phone number to register, and an valid phone number is really hard to get anonymously.
Foot notes:
1: "Digital immigrants" means people who digitally lives outside the network border of their own country, not the dumb buzzword that Wikipedia tries to feed you
1. https://matrix.org/ 2. https://about.riot.im/