Dan GillmorMar 27, 2024

Well, this is a transcendent level of evil: Facebook bought a VPN company and deployed it, in part, to spy on its competitor's users.

https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/

It's a reminder that VPNs have their own risks, beyond technical ones if operated incompetently -- namely, that you have to trust the VPN company itself.

UPDATED to reflect which users were being spied on.

Facebook snooped on users' Snapchat traffic in secret project, documents reveal | TechCrunch

A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.

TechCrunch
Show threadDr Daniel, Photon Shepherd🇸🇪🇦🇺
@dangillmor FB and their evil shit aside, it's baffling that people think they have more reason to trust a VPN company over their ISP.
Mar 27, 2024 at 7:15amWeb
Show threadTesmaiaMar 27, 2024
@DanielEriksson That's because ads work. You don't constantly get bombarded by your isp with how they keep you secure. You do get constant vpn ads (as sponsor segments on youtube).
Show threadA.L. BlacklynMar 27, 2024

@DanielEriksson my ISP is the most reliable and affordable option in my physical area for internet. However, it's known for spying, selling user data, and lobbying against civil rights. I know this, so I don't want my ISP collecting all the website addresses I visit.

That's one way a VPN is supposed to help.

There are people for whom Facebook is their ISP. Facebook's Israeli-based VPN was probably advertised as a way to be more secure to people who couldn't easily find any advice about it.

Show threadDaniel GibsonMar 27, 2024
@DanielEriksson @dangillmor
The VPN company might be based in another country and be more willing to ignore your local laws..
And you usually don't have much choice in your ISP, so if you don't trust them but find a trustworthy VPN provider (however one finds out who's trustworthy..) that can help
Show threadDaniel GibsonMar 27, 2024
@DanielEriksson @dangillmor
And to be clear, "local laws" is not just about filesharing etc, but also about laws that violate human rights
Show threadArneBabMar 27, 2024

@DanielEriksson in some areas they actually have more choice in the VPN than in the ISP.

But you’re right regardless of that.
@dangillmor

Show threadReay JespersenMar 28, 2024

@DanielEriksson @dangillmor ISPs aren’t (that I’ve ever heard) vetted for privacy and data collection matters. There are VPNs — Proton, TunnelBear, IVPN and Mullvad as some examples — who take measures to demonstrably show that they ARE vetted.

People just need to care about their privacy enough to make good choices about such things.