[ad_1]
- Unsealed court documents have revealed that Facebook had a secretive “Project Ghostbusters” that spied on its users’ Snapchat traffic
- Recovered emails suggest that the spying started in 2016 after Facebook recognized the growth potential of Snapchat
- Later, they also spied on Amazon and YouTube
Facebook is in trouble for snooping on users’ Snapchat traffic. On Tuesday, a federal court in California released new documents along with some internal emails from the company that exposed ‘Project Ghostbusters’ – Facebook’s best-kept secret…until now.
These court documents were revealed as a part of a class action lawsuit filed against Meta by Sarah Grabert and Maximilian Klein. The duo accused Facebook of anticompetitive behavior and misusing user data collected through deceptive means. The lawsuit was filed in 2020.
What is Project Ghostbusters: A Brief Timeline
Launched in 2016, Project Ghostbusters was a part of the company’s In-App Action Panel (IAPP) program. It was designed to intercept the traffic flowing between Snapchat servers and its users.
This data was then used to understand customer behavior and see how these users interact with Snapchat to gain a competitive advantage over it.
According to the documents, Amazon and YouTube were also targeted under this project.
The snooping began sometime after June 2016. The biggest evidence of this is an email dated June 9, 2016, where Mark Zuckerberg asked his team to get data on Snapchat’s analytics.
Zuckerberg said in the email that since Snapchat’s traffic was encrypted, they have never had any information about their user base. However, considering its growing popularity, it was time to find a workaround.
That’s when the engineers at Facebook came up with the idea to use Onavo, a VPN-like service that the company had acquired in 2013.
Just a month after ‘Project Ghostbusters’ began, the Onavo team created a ‘kit’ that could be installed in Androids and iOS devices to intercept the traffic of certain subdomains.
This kit worked a lot like how ‘man-in-the-middle’ attacks function. In a man-in-the-middle attack, the hacker intercepts the traffic when it’s flowing from one server to another and then is able to access all the data therein.
Usually, details about the user’s identity, password, and username are stolen during such attacks, and that’s exactly what Onavo did.
The only difference is that a ‘man-in-the-middle’ attack targets unencrypted traffic whereas Onavo’s technique targeted the traffic before it was encrypted and sent over the internet.
We now can measure detailed in-app activity (from) parsing Snapchat analytics collected from incentivized participants in Onavo’s research program.An email acknowledging the success of the kit
However, Onavo was shut down in 2019 after an investigation revealed that Facebook was paying teenagers to use the app just so they could track web activities. However, the damage has already been done by then.
If you’re worried about hackers accessing your personal data through such attacks, the best foot forward is to use one of the best VPN services. A VPN will encrypt your internet traffic and spoof your IP address, thereby hiding you from prying eyes.
How Did Facebook Employees React to the Project?
Apart from Mark Zuckerberg himself, the court documents revealed that a team of senior executives and 41 lawmakers worked on the project.
However, not everyone within Facebook was in favor of this move. For example, Jay Parikh (then-head of infrastructure engineering at Facebook) and Pedro Canahuati (then-head of security engineering at Facebook) were both against the project.
This is evident by the fact that one of the recovered emails from Canahuati showed he clearly expressed his concerns to the company.
I can’t think of a good argument for why this is okay. No security person is ever comfortable with this, no matter what consent we get from the general public. The general public just doesn’t know how this stuff works.Pedro Canahuati, Facebook’s head of security engineering
Amazon has refused to comment on the matter whereas Meta, Google, and Snapchat are yet to respond.
What’s also interesting (and particularly worrisome) is that this isn’t Meta’s first case regarding its questionable privacy practices and actions. Earlier this month, it was accused of running a massive data processing business.
And in addition to being unbothered about account hijackings on Facebook and Instagram, both Meta’s new AI glasses as well as its Twitter rival Threads ignited privacy concerns not that long ago.
Source link