Mastodawn

Compi Mar 26, 2024

Lorenzo Franceschi-Bicchierai

NEW: Facebook snooped on Snapchat users' encrypted network traffic to study how they behaved, unsealed court documents reveal.

This was part of a secret program called "Project Ghostbusters," and even inside the company, it was very controversial.

“I can’t think of a good argument for why this is okay. No security person is ever comfortable with this, no matter what consent we get from the general public. The general public just doesn’t know how this stuff works,” Pedro Canahuati, Facebook's then-head of security engineering, wrote in an email.

https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/

Facebook snooped on users' Snapchat traffic in secret project, documents reveal | TechCrunch

A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.

TechCrunch

John Mar 26, 2024

@lorenzofb 🫠

@lorenzofb gross on all levels. Zuck is really a piece of shit and keeps lowering the bar.

Aral Balkan Mar 26, 2024

@lorenzofb @malwaretech Surveillance capitalists gonna surveillance.

Nick Heer Mar 26, 2024

@lorenzofb The DocumentCloud link here (https://www.documentcloud.org/documents/24515959-facebookmeta-class-action-discovery) and linked in the post has a relevant name but it’s concerning that Kentucky/YouTube viewers/elonmuskwhm case, not the Meta one.

Facebook/Meta class action discovery

@infosec_jcp 🐈🃏 done differently Mar 26, 2024

@lorenzofb ¯\_(ツ)_/¯

2xfo Mar 26, 2024

"In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity."

Yikes!

Le Monolecte 😷🤬🐧

What a surprise !

(no)

intermobility_berlin 🌻🇪🇺Mar 26, 2024

@lorenzofb Doh! 🤡

Interpipes 💙Mar 26, 2024

@lorenzofb @malwaretech so.. onavo was, what, installing a trusted root cert initiated from a *regular appstore download* and able to MITM traffic that (presumably) wasn't protected by cert pinning? And the app store which is run so expediently and so expensively to "protect consumers" or whatever horseshit Apple has come out with in pursuit of trying to keep their 30% was ok with this, was it? o_O

John Skiles Skinner Mar 26, 2024

@lorenzofb
So they *bought* a VPN company, presumably serving security-minded customers, so that they could transform that VPN into spyware? Yikes that's low

Alexander The 1st Mar 27, 2024

@skiles @lorenzofb Doubly so, because this basically opens them up the government surveillance of their surveillance technology, and we're...back to why end-to-end encryption was a whole thing.

@skiles @lorenzofb What do you expect from a #PRISM collaborator like #NSAbook / #StasiBook?

OFC they gonna do the shit that everyone accuses #ByteDance and then some in broad daylight!

Mardoch Mar 26, 2024

@lorenzofb I don't see why we continue to allow this company to exist. They should be destroyed for the good of us all.

Justin Fitzsimmons Mar 27, 2024

@lorenzofb the details of this are WAY worse than what the headline suggests. And the headline is already very bad. Holy shit.

Lurkie Mar 27, 2024

@lorenzofb the link to the document on that page seems to be from a different case

felix (grayscale) 🐺Mar 27, 2024

@desttinghim @lorenzofb this seems to be the right doc
https://storage.courtlistener.com/recap/gov.uscourts.cand.369872/gov.uscourts.cand.369872.735.0.pdf

felix (grayscale) 🐺Mar 27, 2024

@desttinghim @lorenzofb It's unclear from the document and current reporting, but this was the "Facebook Research App" which used code from Onava. It wasn't the Onava VPN itself. There are a number of articles from 2019 when FRA was shut down, which talk about how the app asked the user to install a root certificate, and supposedly got informed consent from users for its aggressive snooping of their encrypted behavior.

Kyle Memoir 🍉🐧Mar 27, 2024

Privacy is so yesterday.

Parker Hodges Mar 27, 2024

@lorenzofb perhaps the project was to scrape and sell Snapchat texts to competitors and ... foreign espionage agencies?

@lorenzofb
Yet another reason to distrust Meta. If anyone thinks they aren't analyzing Whatsapp message traffic, well, I don't know what else to tell you.

Latte macchiato

ablobcat_longlong

@lorenzofb Now, I cant say I'm surprised, but I still want to firebomb Facebook for it.
Hard to imagine anyone being that brazen about it.

gary Mar 27, 2024

@lorenzofb everybody upset when zuck does this but they just accept it from feds lol - kind of funny #behave

terminal_blinker

@gary_alderson @lorenzofb It's because we expect this from feds. It's literally in there job description. Facebook shouldn't be doing this. It's unexpected and horrifying.

gary Mar 28, 2024

@Kyebr @lorenzofb no the feds tread on the unholy alliance and psyop of respecting the constitution which is why they buy this infor from data brokers and fb in their spare time with black budget funds that are untraceable - it is an iceberg and will be a big story in 20 years when we have fiber and and vastly more secure comms. still a good reply - everybody is right here sort of from a fisa lawyer and moral perspective - kinda - which is why it is not such big or 'new' news #bb84 is complete

@lorenzofb and some people still think we should let them on the #fediverse because they may act correctly ...

@lorenzofb fuxkin facebook

Clément Boudereau🦀Mar 27, 2024

@lorenzofb 😅

mike morris Mar 27, 2024

@lorenzofb And is this the same company running a federated thing called Threads or something? The one that a large piece of the fediverse wants to "give a fair chance"?

Why, yes. Yes it is!

#threads #meta #fediverse

Greville Constantine Mar 27, 2024

@lorenzofb I DIDN'T THINK ZUCKERBERG COULD BE CAPABLE OF THIS.😳

Richard Bejtlich Mar 27, 2024

@lorenzofb I wonder what Alex Stamos thinks of this?

@lorenzofb nice job. Great read.