U.S. Firms Providing Web Hosting & Other Core Website Support to Blacklisted Surveillance Companies

Amazon and Microsoft sell essential website services, such as access to Content Delivery Networks, web hosting and email provision, to almost half the Chinese surveillance companies blacklisted by the US government.
Illustration showing a man's face being scanned electronically acting as a header image for a report into how U.S. Big Tech companies are providing core website support to blacklisted Chinese surveillance companies.

UPDATED 27 May 2020 to include analysis regarding the new additions to the U.S. government blacklist announced on 22 May. Our original findings remain unchanged. Jump straight to the update for full details.

  • Google, Amazon and Microsoft provide essential website support services to 10 out of 18 of the world’s most controversial surveillance companies to keep them online
  • 8 out of 9 of the Chinese surveillance companies on the U.S. blacklist’s websites are powered by web services from at least one U.S. company
  • Amazon supports the most companies (7), followed by Google (5) and Microsoft (4)
  • Web Hosting: 9 companies have U.S. providers
  • Content Delivery Networks: 8 companies have U.S. providers
  • Email Hosting: 10 companies have U.S. providers

U.S. Firms Keeping Blacklisted Surveillance Companies Online

In October 2019, the U.S. government blacklisted 28 Chinese surveillance tech companies due to alleged human rights abuses in Xinjiang, northwest China.[1]

The dramatically restricts American companies’ ability to legally trade with them.

This investigation aims to shine a spotlight on the corporate relationships between these surveillance companies and US firms that would otherwise go publicly unrecorded.

We identified who has been providing the essential web services required to operate the websites of the newly-blacklisted Chinese surveillance companies. We did the same for a number of other highly-controversial surveillance companies around the world.

Why did we publish this research? Our belief is that it’s in the public interest for consumers to be made aware of how U.S. big tech is doing business with companies whose intrusive surveillance technology is involved an ongoing human rights abuses, along with various breaches of our digital rights.

Not only are U.S. companies working with controversial Chinese firms, they are also helping the notorious NSO Group, as well as 16 other companies that have faced allegations of human rights abuses, stay online.

Through providing essential web services to these controversial companies, US firms are playing a part in the proliferation of highly invasive surveillance products that have the potential to undermine human rights around the world.

Specifically, we reveal which US companies provide the following services for each surveillance company:

  • Web hosting
  • Content Delivery Networks (CDN)
  • Email hosting
  • SSL certificates
  • Name server
  • Content Management System (CMS)

For more information on what these services involve, jump to our core web services explainer section.

The U.S. Services Powering Each Surveillance Company's Website

The following table lists the surveillance companies included in this report and indicates who provides each of the essential website services that power their websites, ie Web hosting, Content Delivery Networks (CDN), Email hosting, issue of SSL certificates, Name server provision, and Content Management System (CMS).

Core Website Services Explained

This section provides additional detail on the core website support services we have identified as being provided to the controversial surveillance firms by the U.S. Big Tech companies.

Web Hosting

Web Hosting providers offer services that enable individuals and organizations to host their websites on the Internet. They provide server space for storing website files and manage bandwidth, which is crucial for handling website traffic and speed. These hosts also offer domain name services for acquiring and renewing web addresses. Additionally, they provide essential security features like SSL certificates, firewalls, and data encryption to safeguard sensitive information.

Alongside these core services, web hosting providers offer 24/7 technical support, email hosting linked to the domain, and website building tools for easy site creation and management. They ensure regular data backups for security and offer scalable solutions to accommodate growing traffic and data needs.

Content Delivery Networks

Content Delivery Networks (CDNs) are systems of distributed servers that deliver web content and services to users based on their geographic location, the origin of the webpage, and a content delivery server. CDNs are designed to optimize speed and efficiency, ensuring fast loading times and reduced latency for websites and web services. They work by caching content like HTML pages, javascript files, stylesheets, images, and videos on a network of servers around the globe.

When a user requests content from a website using a CDN, the request is redirected to the nearest server, minimizing the distance the data travels, thereby reducing loading times and improving user experience. CDNs also handle large traffic volumes effectively, enhancing website stability and reliability during traffic spikes. They contribute to security by providing DDoS mitigation, optimizing content delivery, and improving website performance.

Email Hosting

Email Hosting providers offer specialized services for hosting and managing email communications. Unlike free email services, these providers cater to business, offering custom email addresses that match the client’s domain name. These services include robust email servers dedicated to sending, receiving, and storing emails.

The key features of email hosting include enhanced security measures like spam and virus protection, encryption, and secure data transfer protocols to safeguard sensitive information. They also offer larger storage capacities and better management tools compared to standard free email services. Additionally, these providers ensure higher reliability and uptime, and often include support for advanced email protocols and integration with other business tools.

SSL Certificates

SSL (Secure Sockets Layer) Certificate services specialize in providing digital certificates that authenticate the identity of a website and enable an encrypted connection. These certificates are a critical component of internet security. When installed on a web server, they activate the padlock and the https protocol, ensuring secure connections from a web server to a browser.

SSL Certificate services verify the identity of the entity requesting the certificate, ensuring that visitors to a website can trust the site’s legitimacy. They offer different levels of validation, from basic Domain Validation (DV) to more rigorous Extended Validation (EV) certificates. Besides authentication, these certificates encrypt the data transmitted between the user and the web server, protecting sensitive data like login credentials, personal information, and credit card numbers from interception.

Name Servers

Name Server providers play a crucial role in the functioning of the internet by translating human-readable domain names into IP addresses that computers use to identify each other on the network. Essentially, they act as the internet’s phone book, maintaining a directory of domain names and their corresponding IP addresses.

When a user enters a domain name in their browser, the request is sent to a name server to find the corresponding IP address. Once located, the IP address is returned to the user’s device, allowing it to connect to the web server hosting the desired website. This process, known as DNS resolution, is vital for the seamless functioning of internet browsing.

Some Name Server providers also offer additional services like DNS management tools, enhanced security features like DDoS protection, and support for DNSSEC (Domain Name System Security Extensions) to protect against DNS spoofing attacks.

Content Management Systems

Content Management System (CMS) providers offer software platforms that enable users, particularly those without coding expertise, to create, manage, and modify content on a website without needing to write code from scratch. A CMS is a user-friendly tool that provides a graphical interface to manage the creation and modification of digital content.

CMS providers typically offer a variety of features, such as templates for web design, plugins for extended functionalities, and tools for SEO, social media integration, and content scheduling. These systems allow for easy management of elements like text, images, and videos, making it straightforward to update and maintain a website’s content. CMS platforms can range from simple website builders for small sites to powerful systems capable of handling complex websites for large organizations.

U.S. Website Support Services: List of Blacklisted Customers

The table below lists the U.S. website service providers we identified in our research and shows which surveillance companies they are supporting and what website services are being provided. The number of blacklisted companies that they support is also highlighted.

We also found the following US companies providing website support services to a single surveillance company:

  • Akamai – Huawei (Host, CDN)
  • NTT America – Huawei (Host)
  • Stackpath – Clearview (CDN)
  • Symantec – Xiamen Meiya Pico Information (SSL Cert)
  • Comodo Positive SSL – Vision Lab (SSL Cert)
  • Pardot – Anyvision (Email)

Blacklisted Companies

Dahua Technology

Headquarters: Hangzhou, China

Core Business:

  • Dahua Technology is a leading provider of audio-video surveillance technology.
  • It is partially state-owned due to stakes held by Central Huijin Investment (1%), China Galaxy Securities (1.82%) and China Mobile (10.42%).


  • Alongside Hikvision, Dahua Technology was specifically mentioned in a letter to the U.S. president’s top advisers in May 2019, signed by over 40 lawmakers.[2]
  • In October 2019, Dahua’s parent company was placed on the Bureau of Industry & Security’s “Entity List”, after it was determined to be “acting contrary to the foreign policy interests of the United States.”
  • Dahua released a statement in response to the US’s decision, arguing that it “lacked any factual basis”.


Headquarters: Hangzhou, China

Core Business:

  • Hikvision is one of the world’s largest suppliers of video surveillance and security products.
  • Together with Dahua Technology, it represents one third of the world’s global market for surveillance technology.[3]


  • In July 2018, the company sold authorities around 1,000 facial recognition cameras to be strategically placed in mosques in Xinjiang province.[4]
  • The company was accused of openly marketing facial recognition technology that could identify Uighurs.[5] Hikvision declined to comment and the webpage was swiftly removed from their website.
  • Hikvision is among the companies named on the US Industry and Security Bureau’s ‘Entity List’.


Headquarters: Shenzhen, China

Core Business:

Huawei is a multinational technology company that specializes in telecommunications infrastructure and consumer devices. It has faced controversy due to its potential links to the Chinese state and its prominent role in the roll-out of 5G networks worldwide.


  • Huawei is notorious for accusations of being a “gateway for China to spy on Western nations.”[6]
  • US officials have been actively lobbying foreign governments against the implementation of Huawei technology into their national 5G infrastructure.[7]


Headquarters: Hefei, China

Core Business:

Specializes in voice recognition AI solutions and also offers services analyzing legal documentation and medical imagery.


  • Added to the US Department of Commerce “Entity List” in October 2019.[1]
  • iFlytek has been at the center of multiple reports for allegedly providing voice recognition technology that has been used by the government for the oppression of ethnic minorities.[8][9]


Headquarters: Beijing, China

Core Business:

  • Backed by Alibaba Group Holding, Megvii is a Chinese AI giant that specializes in image recognition and deep learning software.
  • Megvii’s facial recognition technology is known as “Face++” and has been used by over 300,000 popular Chinese app developers such as Meitu and payment platform Alipay.


  • Added to the US technology blacklist in October 2019.[1]
  • Goldman Sachs was scheduled to be involved in the company’s initial public offering. However, the investment bank later revised its position after Megvii were placed on the US ‘Entity List’.[20]


Headquarters: Hong Kong

Core Business:

  • SenseTime is one of the world’s most valuable AI start-ups,[11] backed by e-commerce giant Alibaba and heavily supported by the Chinese government.
  • The company provides software to police enforcement to help them identify faces, crowd movement and vehicles in real time.


  • Sensetime CEO Xu Li said in 2018 that 30% of SenseTime’s clients were government-related.
  • Months before the US Department of Commerce’s ban, SenseTime had already come under intense scrutiny with reports alleging SenseTime’s presence in Xinjiang province.[12][13]

Xiamen Meiya Pico Information Co

Headquarters: Fujian, China

Core Business:

  • The company, also known as Meiya Pico, is principally involved in “digital forensics and cybersecurity in China”.[14]
  • The firm describes its digital forensic services as identification, extraction and evidence analysis from digital media sources


  • Meiya Pico’s MFSocket software was the focus of reports that “Chinese police are installing intrusive data-harvesting software on ordinary citizens’ smartphones” during random security checks.[15][16] The software provides police with access to images/audio files, location data, call logs, messages and the user’s calendar and contacts.
  • Meiya Pico was added to the US ‘Entity List’ in October 2019.

Yitu Technology

Headquarters: Shanghai, China

Core Business:

Yitu Technology is largely known for their facial scanning platform “Dragonfly Eye System”.[9] It can identify someone within seconds from a vast database of 2 billion records.


  • The company’s software was used by local police to identify residents of Chinese city Sanmenxia over 500,000 times in a single month.[17] The software’s code contained tags suggesting ethnic profiling of Uighurs.
  • Yitu Technologies was added to the US “Entity List” in October 2019.

Yixin Science and Technology

Headquarters: Beijing, China

Core Business:

Yixin Science and Technology, among China’s leading artificial intelligence firms, is a security system developer and nanotechnology start-up based in Beijing.


  • Yixin Science and Technology was categorized among the other 28 additions to the Department of Commerce’s “Entity List” on October 7th.[18]
  • The company was also found to be the provider of wireless surveillance systems to the government during the 2008 Beijing Olympics.[19]


Headquarters: Holon, Israel

Core Business:

  • AnyVision is an AI firm that specializes in surveillance solutions for private customers as well as law enforcement agencies.[20]


  • Anyvision reportedly provided Israeli intelligence services with technology that had been purposed for a covert surveillance program targeting Palestinians in the West Bank.[21]
  • Microsoft launched an audit of the company in November 2019, as it participated in a $74 million funding round for Anyvision earlier that year.[22] Microsoft later announced it had withdrawn all investment from AnyVision.[23]


Headquarters: Herzelia, Israel

Core Business:

  • NSO Group Technologies is a spyware provider, most known for its Pegasus software that has the ability to capture the contents of a targets’ phone, including encrypted messages in plain text, through remote access.
  • Controversies:

    • The NSO Group has faced multiple accusations that its invasive Pegasus spyware has been used by oppressive regimes to spy on private conversations between innocent civilians,[24] especially targeting journalists and human rights activists.
    • The company faces numerous lawsuits and is reportedly being investigated by the FBI for hacking American citizens’ cell phones and intelligence gathering on government personnel.[25]
    • WhatsApp also is pursuing the NSO in a US court and claim that the company’s spyware gave rise to the hack of 1,400 of its users in 2019.[26]

    Mem3nto Labs

    Headquarters: Milan, Italy

    Core Business:

    Mem3nto Labs primarily specializes in research and development for cyber intelligence solutions and its company mission is the “development of advanced tools and solutions to outperform in the Hybrid warfare era.”[27]


    • Mem3nto Labs has ties to notorious company Hacking Team, which had a global business based their Remote Control System (RCS) technology.[28]
    • Almost five years since the company’s activities were exposed, founder Paolo Lezzi purchased Hacking Team and merged it with his own company to form Mem3nto Labs, in the hopes to revive the disgraced company.[29]
    • Mem3nto’s KRAIT system allows users to “attack any Android device and leave no traces,” providing full control over the end-device.


    Headquarters: Moscow, Russia

    Core Business:

    Findface is facial recognition technology based on AI and neural networks developed by Russian company NTechLab. They provide services for the Russian state as well as the private sector.[30]


    • The company boasts the ability to perform real-time facial recognition in a split-second, supported by a database of over 1.5 billion entries.[31]
    • Earlier this year, the company revealed that it has secured a 200 million rouble contract with the Russian Department of Technology for a roll-out of this technology across Moscow.[32]

    Vision Labs

    Headquarters: Amsterdam, The Netherlands

    Core Business:

    • VisionLabs is a “team of Computer Vision and Machine Learning experts” specializing in products and solutions in facial recognition, augmented and virtual reality.[33]


    • The company’s primary software, dubbed “Luna”, allows users to “verify and identify customers instantly” based on a database of photos and video images.[34] VisionLabs applies this software to its Smart city projects to collect and analyze data from surveillance cameras.
    • VisionLab’s other major technology, Face_IS, was created to controversially allow retailers to make personalized and targeted ads to customers whose faces have been recognized.

    Mollitiam Industries

    Headquarters: Toledo, Spain

    Core Business:

    • Mollitiam describes its services as the “development of solutions and software technology, cybersecurity and cyberdefense.”[35]



    Headquarters: New York, US

    Core Business:

    In the company’s own words, “Clearview AI is a new research tool used by law enforcement agencies to identify perpetrators and victims of crimes.”[36]


    • Clearview gained widespread attention for its facial recognition app, which can identify anyone within a database of more than 3 billion photos lifted from major social media platforms.[37]
    • The company faced widespread criticism as the act of scraping such images and selling them was in breach of the terms of service of the social media platforms from where the photos were taken.


    Headquarters: Washington, D.C., US

    Core Business:

    Zerodium is a US startup, which offers bounties for hackers to access rare vulnerabilities in operating systems, web browsers and mobile phones named “zero-days” which remain unknown to the company which would patch them.


    • Details of Zerodium’s ventures remain murky as founder, Chauki Bekrar, declines to say whether such exploits are sold to intelligence agencies around the world as a surveillance tool, as opposed to the vendor or company of the vulnerable system.[38]
    • Bekrar’s companies have been criticized for doing controversial work that privacy advocates argue “contribute to the spread of cyberwar and wrongful surveillance.”[39]
    • The company is also on Reporters Without Borders’ list of digital privacy abusers.[40]

    ZTE Corp.

    Headquarters: Shenzhen, China

    Core Business:

    ZTE is a Chinese telecom and information technology giant providing its services to consumers, carriers, businesses and government from “over 160 countries around the world.”[41]


    • Similar to Huawei, the company has faced intense scrutiny over surveillance fears due to its close ties to the Chinese government.
    • The company was placed under a trade ban for seven years by the Department of Commerce in April 2018 when the company failed to hold employees involved in illegal exports to Iran and North Korea to account. In addition, the company was fined a record-breaking US$1.19 billion for export control violations.[42]
    • While the ban has now been lifted, we have found that the web services provided by NTT America (Hosting: Nov 2014 – April 2019), Akamai (Hosting: May 2014 – July 2018), COM.CN DNS (Name Server: May 2014 – May 2014) and Sitecore (CMS: May 2016 – Dec 2019) all supported ZTE’s website throughout the duration of the ban.

New Additions to US Blacklist

The day after we first published this report, the US Department of Commerce announced the addition of 33 new organizations to its blacklist on 22 May.[43]

These new inclusions were announced in two distinct groups:

  • 24 Chinese governmental and commercial organizations with ties to WMD and military activities
  • Nine Chinese entities related to human rights abuses in the Xinjiang Uighur Autonomous Region<

The nature of these new companies is very different to those we analyzed in the main body of this report. Rather than slick multinational companies, such as Huawei or Hikvision, the fresh inclusions are typically much smaller organizations. Most are specialized manufacturers with minimal online presence, or research organizations.

As a result, the websites we analyzed were unsurprisingly often very basic and lacking in the latest web technology.

Only one newly blacklisted company had significant support from a US web service provider, while a further six had limited support in the form of SSL certification from a US provider.

  • Cloudmind:[44] GoDaddy (Web Hosting, CDN, SSL Certification)
  • Beijing Computational Science Research Center:[45] DigiCert SSL (SSL Certification)
  • Harbin Institute of Technology:[46] DigiCert SSL (SSL Certification)
  • CloudWalk Technology:[47] DigiCert SSL (SSL Certification)
  • NetPosa:[48] DigiCert SSL (SSL Certification)
  • SenseNets (Subsidary of NetPosa):[49] DigiCert SSL (SSL Certification)
  • Intellifusion:[50] DigiCert SSL (SSL Certification)


The digital surveillance companies included in our investigation were selected on the basis of their inclusion on the US Entity List, or if they had been embroiled in recent public controversy regarding the nature and application of their digital surveillance products.

We identified the providers of the essential website services that power these companies’ websites, using a combination of public tools, such as builtwith.com, examining the source code of websites and analysing their HTTP traffic.

We only included those where some kind of active relationship was involved, ignoring the use of products such as Operating Systems or open source platforms for example.

About Top10VPN.com

We specialize in testing and reviewing VPN services. We recommend the best VPNs to our readers in order to help them safeguard their online privacy and security. We also carry out in-depth research and investigations into digital rights and security risks that affect the general public.

Additional research by Christine O’Donnell


[1] https://www.federalregister.gov/documents/2019/08/21/2019-17921/addition-of-certain-entities-to-the-entity-list-and-revision-of-entries-on-the-entity-list

[2] https://www.cnbc.com/2019/05/22/us-reportedly-considering-blacklisting-chinas-hikvision.html

[3] https://www.bloomberg.com/news/articles/2019-05-22/china-s-hikvision-weighed-for-u-s-ban-has-probably-filmed-you

[4] https://www.ft.com/content/c610c88a-8a57-11e8-bf9e-8771d5404543

[5] https://ipvm.com/reports/hikvision-uyghur

[6] https://www.bbc.co.uk/news/resources/idt-sh/Huawei

[7] https://www.ft.com/content/6853f24e-5e0e-11ea-8033-fa40a0d65a98

[8] https://www.wired.com/story/mit-cuts-ties-chinese-ai-firm-human-rights/

[9] https://www.cnbc.com/2019/05/16/this-chinese-facial-recognition-start-up-can-id-a-person-in-seconds.html

[10] https://www.cnbc.com/2019/10/09/goldman-evaluating-role-in-chinas-megvii-ipo-after-us-blacklist.html

[11] https://qz.com/1248493/sensetime-the-billion-dollar-alibaba-backed-ai-company-thats-quietly-watching-everyone-in-china/

[12] https://www.bloomberg.com/news/articles/2019-10-09/chinese-ai-project-is-under-review-at-mit-after-u-s-blacklists-company

[13] https://www.ft.com/content/7d3e0d6a-87a0-11e9-a028-86cea8523dc2

[14] https://web.archive.org/web/20210122230614/https://www.meiyapico.com/

[15] https://www.ft.com/content/73aebaaa-98a9-11e9-8cfb-30c211dcd229

[16] https://www.scmp.com/tech/start-ups/article/3017688/what-you-need-know-about-meiya-pico-chinas-low-profile-forensics

[17] https://www.nytimes.com/2019/04/14/technology/china-surveillance-artificial-intelligence-racial-profiling.html

[18] https://www.spglobal.com/marketintelligence/en/news-insights/trending/l7v_-Y5cOvD2pO4qQJJGJg2

[19] https://www.bangkokpost.com/business/1771179/chinas-blacklisted-ai-firms-what-you-should-know

[20] https://web.archive.org/web/20200530051856/https://www.anyvision.co/

[21] https://www.nbcnews.com/news/all/why-did-microsoft-fund-israeli-firm-surveils-west-bank-palestinians-n1072116

[22] https://www.nbcnews.com/tech/security/microsoft-hires-eric-holder-audit-anyvision-over-use-facial-recognition-n1083911

[23] https://www.cnet.com/news/microsoft-pulls-out-of-facial-recognition-startup-anyvision/

[24] https://www.theguardian.com/world/2020/feb/06/uk-to-host-spyware-firm-accused-of-aiding-human-rights-abuses

[25] https://uk.reuters.com/article/uk-usa-cyber-nso-exclusive/exclusive-fbi-probes-use-of-israeli-firms-spyware-in-personal-and-government-hacks-sources-idUKKBN1ZT38F

[26] https://www.theguardian.com/world/2020/feb/04/ex-obama-official-juliette-kayyem-quits-israeli-spyware-firm-amid-press-freedom-row

[27] https://web.archive.org/web/20210308124246/https://www.mem3nt0.com/about.php

[28] https://www.technologyreview.com/2019/11/29/131803/the-fall-and-rise-of-a-spyware-empire/

[29] https://www.vice.com/en_us/article/neavnm/hacking-team-new-owner-starting-from-scratch

[30] https://web.archive.org/web/20200522075259/https://findface.pro/en/success-stories/urban-security/

[31] https://web.archive.org/web/20200524172300/https://findface.pro/en/about/

[32] https://www.reuters.com/article/us-russia-technology-facialrecognition/moscow-court-case-challenges-citys-facial-recognition-use-after-launch-idUSKBN1ZU1HJ

[33] https://web.archive.org/web/20200703091434/https://visionlabs.ai/company/about-us

[34] https://venturebeat.com/2016/07/07/russian-facial-recognition-startup-visionlabs-raises-5-5m-after-partnering-with-facebook-and-google/

[35] https://web.archive.org/web/20200619222053/https://www.mollitiamindustries.com/en/#etical

[36] https://web.archive.org/web/20200525112640/https://clearview.ai/

[37] https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html

[38] https://www.vice.com/en_us/article/bmje7d/controversial-zero-day-exploits-seller-launches-new-premium-bug-bounty-program

[39] https://www.wired.com/2016/09/top-shelf-iphone-hack-now-goes-1-5-million/

[40] https://rsf.org/en/news/rsf-unveils-202020-list-press-freedoms-digital-predators

[41] https://web.archive.org/web/20200526102231/https://www.zte.com.cn/global/about/corporate_information

[42] https://uk.pcmag.com/smartphones/88214/zte-will-pay-record-fine-for-sales-to-iran-north-korea

[43] https://www.commerce.gov/news/press-releases/2020/05/commerce-department-add-two-dozen-chinese-companies-ties-wmd-and

[44] https://www.en.cloudminds.com/

[45] https://www.csrc.ac.cn/en/

[46] http://www.hit.edu.cn/

[47] https://www.cloudwalk.cn/

[48] https://www.netposa.com/

[49] https://www.sensenets.com/

[50] https://www.intellif.com/