In 2016, Facebook launched a secret project aimed at intercepting and decrypting web traffic between people using the Snapchat app and its servers. The goal, according to newly unsealed court documents, is to understand user behavior and help Facebook compete with Snapchat. Facebook is calling this “Project Ghostbusters,” an apparent reference to Snapchat’s ghost logo.

On Tuesday, a federal court in California released new documents discovered in a class-action lawsuit between consumers and Facebook parent company Meta.

Newly released documents reveal how Meta sought to gain a competitive advantage over rivals, including Snapchat and later Amazon and YouTube, by analyzing web traffic of users interacting with Meta competitors. Given that these apps use encryption, Facebook needs to develop special techniques to bypass it.

One of the documents details Facebook’s Ghostbusters project. Consumer lawyers wrote in the report that the project is part of the company’s In-App Action Panel (IAPP) program, which uses a technique to “intercept and decrypt” encrypted apps from Snapchat users and later from YouTube and Amazon users. flow. The document.

The document includes internal Facebook emails discussing the project.

Meta CEO Mark Zuckerberg wrote in an email on June 9, 2016: “Whenever someone asks a question about Snapchat, the answer is usually, because their traffic is encrypted. We were unable to analyze it.” The email was released as part of the lawsuit. “Given how fast they are growing, it seems important to find a new way to get reliable analysis about them. Maybe we need to make panels or write custom software. You should figure out how to do that.”

Facebook engineers’ solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down its Onavo campaign after a TechCrunch investigation revealed that it had been secretly paying teenagers to use Onavo so that the company could access all of their networks.

After Zuckerberg sent the email, the Onavo team took over the project and a month later came up with a solution: a so-called “toolkit” that could be installed on iOS and Android to intercept traffic from specific subdomains, “allowing us to read to retrieve content that would otherwise be unreadable”. “This is a ‘man-in-the-middle’ approach,” a July 2016 email read.

A man-in-the-middle attack (now also known as an adversary in the middle) is an attack in which a hacker intercepts Internet traffic flowing from one device to another over the network. When network traffic is unencrypted, this type of attack allows hackers to read internal data such as usernames, passwords, and other in-app activity.

Given that Snapchat encrypts traffic between the app and its servers, this network analysis technique wouldn’t be effective. That’s why Facebook engineers recommend using Onavo, a software that, when activated, has the advantage of reading all of a device’s network traffic before encrypting it and sending it over the Internet.

“We now have the ability to measure detailed in-app activity,” via “Parsing Snapchat [sic] Analytical data collected from incentive participants in the Onavo research program,” another email read.

Later, according to court documents, Facebook expanded the program to Amazon and YouTube.

There’s no consensus within Facebook on whether Project Ghostbusters is a good idea. Some employees, including Facebook’s then-head of infrastructure engineering Jay Parikh and then-head of security engineering Pedro Canahuati, expressed their concerns.

“I can’t think of a good argument for why it’s okay to do this. No matter what we get from the public, no security person is happy with it. The public just doesn’t know how these things work,” Kanawa Ty wrote in an email that was included in the court filing.

In 2020, Sarah Grabert and Maximilian Klein filed a class-action lawsuit against Facebook, claiming that the company lied about its data collection activities and used it to obtain “deceptive information” from users. Extract” data to identify competitors and then unfairly fight these new companies.

An Amazon spokesman declined to comment.

Google, Meta and Snap did not respond to requests for comment.

#Documents #show #Facebook #snooped #users #Snapchat #traffic #secret #project

Leave a Reply

Your email address will not be published. Required fields are marked *