Matthew GreenThis thing Facebook did — running an MITM on Snapchat and other competitors’ TLS connections via their Onavo VPN — is so deeply messed up and evil that it completely changes my perspective on what that company is willing to do to its users.
ipsin@matthew_d_green Is there evidence that Facebook actually did that on users without consent? I looked at the court documents and they seemed to say "here's how we would do it, and we could run a study on consented panelists..."
Osma A 🇫🇮🇺🇦@ipsin
The "consenting panelists" were teenagers who were either promised that Onavo sped up their mobile network or straight up paid to install it. If you believe they knew the app would actually snitch their phone use to Facebook, I have this little used bridge in Baltimore harbor available really cheap.
@matthew_d_green
The "consenting panelists" were teenagers who were either promised that Onavo sped up their mobile network or straight up paid to install it. If you believe they knew the app would actually snitch their phone use to Facebook, I have this little used bridge in Baltimore harbor available really cheap.
@matthew_d_green
Passageiro clandestino@ipsin @matthew_d_green I think they used dark patterns to get consent, so the consent was null, because it was uninformed. Research needs qualified consent: free and informed consent.
shac ron ₪@matthew_d_green They have no limits other than what they can get away with
ᴮᵉⁿ ᴿᵒʸᶜᵉVOTE IN THE PRIMARIESand now #meta is trying to run into the #fediverse with #threads, and do to #mastodon what they did to #myspace in 2010. with the same tactics:
1. a public excited friendly face of #interop
2. drain of users
3. when the competitor is a dried husk, turn around and fanatically prevent any interop with #facebook on any level whatsoever
people need to understand what meta is
and have no illusions about what they have done, and what they will do
Emil Jacobs - Collectifission@benroyce
I don't buy this narrative for the simple reason that I don't believe many people on Mastodon are going to move to Threads. The suspicion towards Meta is simply too big. I do expect people to move *to* Mastodon for this reason.
So why does Meta do it? My guess is that they're looking at how legislation, especially from the EU, is developing and they want to be in charge of a network that is compatible with that vision.
@matthew_d_green
@collectifission @matthew_d_green
it's not a narrative as in a nice story to conform to a bias
it's reality as in a solid track record of behavior
"well, ok sure they're a vile privacy destroying disinfo spreading psychologically manipulating-for-engagement ghoulish corporation that engages in sharp elbow tactics for domination. but let's give them the benefit of the doubt here"
now *that*'s a narrative
and even if you think their project will fail, do not doubt their motivation
@infosec_jcp 🐈🃏 done differently@benroyce @collectifission @matthew_d_green
Oh, someone made a few memes about that.
FinchHaven sfbaTo quote:
" - Economy: abolish the money economy and replace it by cybernetic communism, using labourtime as our measurement for planning."
Where does one even begin to critique such a statement?
And yet your thinking on Meta is clear and lucid and grounded in the real world and should be taken seriously?
Really?
And "Green Nuclear" itself
Well then...
@FinchHaven
I'm not sure how quoting part of my profile is related to my post where I give a brief overview of what I think Meta's business strategy is?
Yes, I think Meta is grounded in reality, capitalist reality of course, dealing with governments that have been annoyed with them for many years and are slowly moving in on them. Mastodon and the Fediverse at large is just their (cynical) attempt to stay ahead of the curve that, ironically, might create a better social network.
@benroyce
you don't work with the devil in any capacity and somehow the world gets better. you kill the devil. #socialmedia gets better when #Facebook, #Twitter, #Tiktok, etc die. and the #Fediverse's role in that is to help kill them by providing a better #decentralized future without #privacy defilement and #algorithm manipulation. obviously it needs more features. people are working on that
in the meantime, f*** #Threads
let it be absolutely hounded out of the Fediverse
@benroyce
Sadly "the devil" has a lot of users, so at least I'm open to bargaining. Not everyone is looking to get Mastodon to become a real social network, and that's fine. I for one am interested in interacting with hundreds of millions of users.
Mastodon enables me to do that on my terms, not on Meta's. But say Meta pulls the plug, which again I don't expect, then there's nothing that disables us from keeping to use the Fediverse. I don't think this is another XMPP scenario.
івась тарасик@collectifission i don't know if devil is consciensly evil or just naturally that way. but people like you, making «evaluated» decisions to continue support an evidently evil status quo «because blah-blah users blah-blah» do scare the hell out of me :-/ this is what i call evil. @benroyce
@tivasyk
I could turn that around, make a statement about this tiny yet loud group of people in this fediblock thing harming the general mood, but where would that bring us?
I honestly don't see the elevator pitch of the fediblock crowd that proactively blocking Meta is somehow going to make the fediverse better. Or conversely, that Meta's federation is somehow going to make it worse.
But each to their own. That's the beauty of the fediverse after all.
@benroyce
"Mastodon enables me to do that on my terms, not on Meta's"
you *know* that if it were up to Meta, that would not be the case
so i don't understand the disconnect between your rational understanding of what Meta is, and your irrational insistence that what Meta is doing on the fediverse is beneficial in someway or somehow harmless
@benroyce
But it’s not up to Meta to decide, anymore anyway.
I’m not under any illusion that this is anything more than a temporary arrangement. But for that time, say it lasts a few years, we can invite many users to also take the reigns of their social experience in their own hands.
Example: Threads is silencing politics. There’s quite a bit of controversy over it. Would’ve been great to invite these folks.
@tivasyk
me: "you don't work with the devil"
you: {continues insisting working with the devil is harmless or somewhat beneficial}
i don't understand the source of your disconnect between what meta obviously is and its clearly established intentions, and your strong desire to continue arguing for accommodation. so this exchange is absurd now. i begin to wonder at your motivations: you're not dumb but you're so earnest you seem to be playing some angle. so we're done. bye
@collectifission @tivasyk unread
uninterested
Dan Neuman 🇨🇦@benroyce @collectifission @tivasyk So I should ostracize my family because they use Meta products? The issue is a difference of moderation standards. The hate speech is a tiny fraction of the people on Meta, and at the moment easily managed. I likely won't see much because my follows don't boost hate speech. But I'm willing to reconsider if the situation changes. Blocking after the fact achieves the same thing.
You quoted that into your profile to represent (one would think, at least) some core, foundational thinking of yours
Fantastical would be the word I would chose
But you're really firmly grounded
It's just up to everyone to take everything else you say at...
...are face value the words I'm looking for?
@FinchHaven
Ah, so you were building an ad hominem. 'Pathetic' would be the word that comes to mind.
@benroyce
Ah, so you were building an ad hominem. 'Pathetic' would be the word that comes to mind.
@benroyce
Dude, you spoke for yourself in your own words
Is that the 'ad hominem' to which you refer?
cc @benroyce
LisPi@collectifission @matthew_d_green @benroyce What does Facebook, corposcum degenerates that they are, have to offer to Fediverse users?
FediThing 
They've seen Meta doing this to others for 20 years, but for some reason delude themselves into thinking that this time it will be different. They think they are special and Meta will treat them with respect, unlike everyone else that Meta has ever dealt with.
And when it isn't different, they will claim they had no way of knowing, that no one warned them. 😞
The worst part is that the people who suffer most are innocent bystanders who end up the targets of hate spread on Meta's platforms, in many cases deadly hate.
KnowAttitude@FediThing @benroyce @matthew_d_green If only there was a fable for such a thing 🤔 https://en.wikipedia.org/wiki/The_Scorpion_and_the_Frog
@knowattitude @FediThing @matthew_d_green that fable was updated: https://en.wikipedia.org/wiki/Drive_(2011_film)
SherBeareth@SherBeareth @knowattitude @FediThing @matthew_d_green more like i fell asleep last night reading about this specific topic
@benroyce @knowattitude @FediThing @matthew_d_green
Ah hah! It percolated all night.
𝓐𝓷𝓭𝔂𝓣𝓲𝓮𝓭𝔂𝓮 𓀤@matthew_d_green How does that even work? They should get a certificate error when someone is trying to do a MITM.
AMS@andytiedye @matthew_d_green Lots of things don't validate certs, or only validate against the system store. Also doesn't help that corporate "security" products do the same thing.
@AMS @matthew_d_green Those products are broken and need to be fixed. They only pretend to provide security.
ArtemesiaNot if they MITMed the certificate download in the first place.
@artemesia @matthew_d_green If them MITM the SSL/TLS connection, they are doing that anyway, but how would they get a valid certificate for a competitor?
Of course their own app could ignore the invalid certificates, but we don't have to use it.
Justin Fitzsimmons@andytiedye VPN installed a new root cert
Cassandrich@smn @andytiedye Is this really how it worked? 🤦
I have said 100 times and been ignored: device & browser vendors need to remove custom root CA support from their mainline products for consumers and only offer the antifeature in a $1000+ enterprise product.
@dalias @andytiedye that's what was initially reported but I've now also seen claims that snapchat started cert pinning prior to when this VPN thing went live so now I don't know. Maybe it was more sophisticated?
Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️@andytiedye @matthew_d_green They have enterprise distribution certificate installed on the device, which is why Apple revoked Facebook's cert after onavo came to light.
@matthew_d_green Have I missed something? Link?
Chuck DarwinFacebook new tracking revelations
"#Facebook’s #IAAP program conduct was not merely anticompetitive, but criminal," read the filings revealed on March 26, 2024, by a federal court in California during the class action lawsuit between consumers and Meta.
Facebook used its #OnavoVPN system to illegally track its users when accessing Snapchat and other competitors' apps, new unsealed court filings can reveal.
So-called Project #Ghostbusters—echoing the iconic rival's logo—appears to have been just the beginning of the wider "In App Action Panel" ( #IAAP ) program which aimed to spy on competitors' traffic to gain commercial advantage.
It's thought to have run between June 2016 and approximately May 2019, with YouTube and Amazon being the next targets.
#Meta, Facebook's parent company, employed its controversial #VPN service as a way to intercept and decrypt the traffic between the people accessing its service and competitors' servers.
The company shut down #Onavo in 2019, following a TechCrunch investigation revealing the #spyware-like VPN software was employed in a research project to collect sensitive user data from paid volunteers aged between 13 and 25.
Peter Bindels@matthew_d_green Wasn't this also the idea behind Facebook's "free internet for poor regions", except even worse?
@matthew_d_green
They did that from 2012 to 2019 and it was published by Techcrunch at the time. Their investigation essentially revealed that the reason Facebook acquired Onavo was so that they could acquire "competitive intelligence" to prevent another Instagram surprise.
Why does it change your perspective of the company in 2024? Honest question. I thought this was widely known since at least Cambridge Analytica.
Richard Lawler@matthew_d_green in ways that it didn't when we learned about the scheme five years ago?
happyborg@matthew_d_green Welcome to my world.
AndreasBut apparently Snapchat was using cert pinning since 2015... 🤔
https://infosec.exchange/@wdormann/112180917282894504
Will Dormann (@[email protected])
Attached: 1 image Though as I look closer, it appears that Snapchat has been doing cert pinning since 2015 at the latest. So, if Facebook was intercepting Snapchat traffic in 2016... what exactly were they successfully seeing? https://github.com/magicguru/SnapchatCertPinning
WerHaus@matthew_d_green Ellsberg also has questions... https://www.youtube.com/watch?v=VYqWabxYhSs
What Could the FBI Do With Facebook?
Em 💜@matthew_d_green I’m starting to question even more what these hidden services are really doing. When user uninstalls the apps, there is no easy way for a normal user to see that Meta's services still continue running on their phones 🤔
https://9to5google.com/2023/11/13/oneplus-open-facebook-bloatware/
Oliver D. Reithmaier@matthew_d_green this is a wild sentence considering they aided and abetted a literal genocide a few years ago.
Nikhil@matthew_d_green The company kicked off with @zuck backstabbing it's co-founder. And this is not their first rodeo. Hell, didnt Mark lied under oath?
Something I wrote a while back during during the whole whatsapp privacy policy change saga.
After writing, I realised how many hyperlinks of fb breaking promises were in that block. Mind you, this is just about WA. Not all fb products.
https://www.unsungnovelty.org/posts/01/2021/frequently-asked-questions-about-privacy-whatsapp-telegram-and-signal/
@unsungnovelty @matthew_d_green
The company kicked off with Zuckerberg saying people who trusted him were "stupid fucks".
Ants Are Everywhere@matthew_d_green Totally agree. But I thought the Onavo spying has been known for years? I know new details came out with the court records. But I'm curious: is there something in this most recent update to you seems different in kind to what we knew about before?
Ben Adida@matthew_d_green what's the best writeup you've found? Even the one sentence summary sounds bad.
Graydon@matthew_d_green Why would you suppose that, given the expectation of a greater immediate return, Meta wouldn't use you as the raw materials for soap?
We know how it started; as a means to involuntarily rate the hotness of female university students. Someone who thinks it's easier to make a billion dollars (which means doing arbitrarily many terrible things) than cope with rejection is not so much fleeing their demons as being ridden through demon dressage events and scoring well.
gary@matthew_d_green they did get fined for 90m, lots of people do use ssl/tls proxies and it can be helpful in finding botnets, dns, backdoors etc - it is a good story that needs more discussion but why don't you want to see all the pkts - you do but it depends on use case
@matthew_d_green the govt and at&t do the same thing and nobody cares
Walter van Holst@matthew_d_green Being complicit in the genocide in Myanmar wasn’t enough of a red flag for you?
Simon Frankau@matthew_d_green I think Facebook's standard for ethical behaviour is "whatever we can get away with", and they appear to have got away with this.
Horrific.
evana@matthew_d_green you mean as opposed to when they did experiments to see if making people angrier boosted their time spent? I'm not shocked at all.
Theriac@matthew_d_green
wait - isn't that the company that everyone is talking about federating with?
And you're saying that they have already used software to snaffle user data intentionally circumventing consent?
Also wasn't that kind of behaviour part of the lawsuit filed against Zuck by his ex-business associates from his sojourn at Harvard which he settled out of court?
wait - isn't that the company that everyone is talking about federating with?
And you're saying that they have already used software to snaffle user data intentionally circumventing consent?
Also wasn't that kind of behaviour part of the lawsuit filed against Zuck by his ex-business associates from his sojourn at Harvard which he settled out of court?