RedNote: A Threat Assessment

This piece was written by Christian Ryan. Christian Ryan is an open-source national security researcher and a Research Fellow at Trefoil Strategies Ltd., a Pittsburgh-based risk consultancy.

Introduction

RedNote, a short-form video and augmented reality platform better known in Mandarin as xiaohongshu, or “little red book,” has rapidly gained traction in recent years as an alternative to the video blogging service TikTok, especially among younger users drawn to its immersive alternate reality features and tailored content feeds. Like TikTok, RedNote offers algorithmically driven entertainment; however, its underlying infrastructure and legal obligations differ in critical ways. While TikTok has faced scrutiny over its Chinese parent company, ByteDance, and its opaque data practices, RedNote is even more closely aligned with the People’s Republic of China’s (PRC) surveillance architecture. Promoted as a creative social app, RedNote conforms to PRC policy of surveillance-by-design, requiring extensive data extraction, non-transparent content moderation, and legally mandated state access to user information. This closer look examines how RedNote operates within—and extends—the global reach of China’s digital governance model.

Several investigations and analyses by leading digital rights and security organizations have documented troubling aspects of RedNote’s architecture. Organizations including the Electronic Frontier Foundation (EFF), a nonprofit defending digital privacy and free expression; Citizen Lab, a research group at the University of Toronto that specializes in cybersecurity, human rights, and global digital threats; and the Australian Strategic Policy Institute (ASPI), a think tank focused on security issues in the Indo-Pacific region, have found insecure data handling practices, opaque and politically-aligned algorithmic moderation, and the platform’s strict compliance with PRC censorship directives. These investigations have been instrumental in exposing RedNote’s technical vulnerabilities and legal context, as well as the broader risks posed by Chinese digital platforms operating globally.

Much of the existing research refers only briefly to RedNote or places it within broader analyses of China's technology ecosystem. This paper presents a comprehensive evaluation of RedNote as an independent platform, incorporating in-depth forensic analysis, examining relevant legal frameworks, and exploring relevant policy implications. It also offers a nuanced interpretation of how RedNote implements the PRC's model of digital governance. In doing so, this assessment highlights the unique challenges posed by RedNote's international expansion of democratic norms surrounding data sovereignty, user privacy, and national security.

Download the report to read more.