The internet in China is different from the internet in the rest of the world. Services are heavily censored by the state, making it impossible to discuss unsanctioned political topics on the web openly. WeChat, in particular, is known to monitor and censor its platform in China. However, an investigation by The Citizen Lab shows that WeChat doesn't only monitor Chinese citizens, but also extends this activity to people all over the world using the app. It does that to feed its censorship algorithms, which helps filter out certain content proactively. WeChat essentially crowd-sources international users' data.

The Citizen Lab found out that images and documents shared between accounts registered outside of China are analyzed for politically sensitive content. Positive samples are then hashed and automatically flagged when someone tries to share them with a Chinese account. The flagged content is also fed to the machine-learning system used to censor communication in the country. WeChat's terms and policies don't indicate any of that happening, and there is no publicly available information detailing that the platform uses this data to build its censorship machine.

Since server-side monitoring is inherently hard to register without access to the server, The Citizen Lab developed a two-channeled experiment. It registered both China-based and international accounts and shared newly created, potentially politically sensitive images in a group between the international accounts. The same image files were automatically and instantly censored when they tried to send them to Chinese accounts afterward, strongly suggesting that the communication on non-China-based accounts were subject to surveillance, too, since the prohibited content was already known and hashed.

These findings might have broad implications on WeChat's existence on the Play Store and the Apple Store. Both platforms require developers to disclose which data they collect, but WeChat doesn't mention its practices in its privacy policy or its terms. WeChat also never answered emails sent by the researchers regarding its surveillance program. The affair might also mean trouble with the EU and California over privacy regulations such as GDPR and CCPA.

If you're interested in further details on the methodology and findings, be sure to check The Citizen Lab's research, linked in the source below.