Weibo is one of the most popular social media platforms in China. Like all Chinese online services, it is subject to censorship and legally bound to hand over user data to the Chinese government if requested. In this last article of a six-part series, cybersecurity expert Ben Finn explains the main safety issues of browsing on Weibo and suggests precautions for journalists to take.
Sina Weibo is a social media platform similar to X (formerly Twitter) that boasts over half a billion monthly active users, the vast majority of whom are Chinese. This makes Weibo one of the best platforms to interact with a Chinese audience, and keep up with Chinese news and culture. However, Weibo has strict censorship rules in line with the Chinese Communist Party (CCP), and opinions or information shared on Weibo can result in bans or even warrants for arrest in China. Journalists engaging with Weibo must be aware of the risks.
Main safety issues
- Weibo is subject to government oversight and censorship. As a Chinese app operating under Chinese law, Weibo is legally required to censor content according to CCP guidelines and hand over user data to the government if requested. Users should therefore assume that personal data, private messages, metadata, and posts are all accessible to the Chinese regime. Governments worldwide, including allies of China, have expressed concern about Chinese apps like Weibo.
- The Weibo App Marketplace is not secure. Most of the add-ons, other apps, and games available through Weibo App Marketplace have their own data collection policies, and are also subject to Chinese laws, meaning that user data can be used for commercial purposes but also be handed over to the Chinese government through that channel.
- Weibo is a key target for hackers. The amount of user data that Weibo collects make it an attractive target for hackers. One of the largest databases ever sold on the “dark web,” including the real names, locations, and phone numbers of over 500 million people, came from a Weibo hack. While there is no proof Weibo suffers more attacks than any other social media app, it is not under the same disclosure requirements as non-Chinese apps, so hacks and leaks may not be reported to the public.
- Weibo has limited security features. Weibo’s privacy page details the privacy settings and profile management tools the site has available. This Guide details the limited privacy settings offered by Weibo.
Recommendations to journalists
- Do not use Weibo unless you must. Journalists should avoid using Weibo if they can. Very limited security features compared to most social media apps, heavy censorship, data sharing with the Chinese government, and a history of leaking sensitive information make it an unsafe place for journalists to operate.
- If you must, favour the international version. Journalists should use the international version of Weibo, even though it is not heavily used, because it has better legal protections for users. However, Weibo has put limitations on features and content available on this version to discourage its usage.
- Always utilise a secondary device to connect on Weibo. Just like when using WeChat, journalists should operate Weibo on a secondary device that does not contain any sensitive or identifying information, and keep this device physically and electronically separate from other equipment.
- Try to navigate the red lines. Because of the sometimes sensitive nature of their stories, journalists should pay special attention to the CCP guidelines before publishing content on Weibo. If it is essential for their work to remain on Weibo, they should try to stay within these guidelines, and often check them as they keep on changing frequently.
- Stay informed on confidentiality policy. Journalists should also read the privacy policy carefully, and pay attention to updates to this policy.
← Read Part 1: General recommendations
← Read Part 2: TikTok
← Read Part 3: Facebook
← Read Part 4: Instagram
← Read Part 5: X (formerly Twitter)
Written by Benjamin Finn. From Houston (USA), Benjamin has been in the IT field for a decade, during which his primary focus was the deployment of internal enterprise tools across large enterprises, including cybersecurity focused efforts. He has been engaged in training on proper security in the context of an oppressive nation-state, specifically in Myanmar. He has also been working with multiple groups in Taiwan to train them on proper security and safety measures.