Dan GillmorMar 27, 2024

Well, this is a transcendent level of evil: Facebook bought a VPN company and deployed it, in part, to spy on its competitor's users.

https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/

It's a reminder that VPNs have their own risks, beyond technical ones if operated incompetently -- namely, that you have to trust the VPN company itself.

UPDATED to reflect which users were being spied on.

Facebook snooped on users' Snapchat traffic in secret project, documents reveal | TechCrunch

A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.

TechCrunch
Show threadWaseem
@dangillmor I am starting to believe I can trust my ISP more than VPN providers
Mar 27, 2024 at 9:08amWeb
Show threadKhleedrilMar 27, 2024
@iamwaseem @dangillmor Trust no one. Security is entirely up to you.
Show threadWaseemMar 27, 2024
@khleedril @dangillmor Agreed
Show threadpa28Mar 27, 2024
@iamwaseem @dangillmor this is a useful frame of mind to be starting from. Using a VPN just shifts the trust from one org to another. This can be extremely useful in some cases, and make things very much worse in others. Most users have to make the choice on almost no reliable information. After a lifetime in security & intelligence I almost never use personal VPNs unless I’m running it, and then only in high threat environments. Many consumer VPNs just enlarge the attack surface and concentrate targets. Basically what FB did in this case.