Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Your Rights Online

Facebook Accused of Using Your Phone To Wiretap Snapchat (gizmodo.com) 58

Court filings unsealed last week allege Meta created an internal effort to spy on Snapchat in a secret initiative called "Project Ghostbusters." Gizmodo: Meta did so through Onavo, a Virtual Private Network (VPN) service the company offered between 2016 and 2019 that, ultimately, wasn't private at all. "Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them," said Mark Zuckerberg in an email to three Facebook executives in 2016, unsealed in Meta's antitrust case on Saturday. "It seems important to figure out a new way to get reliable analytics about them... You should figure out how to do this."

Thus, Project Ghostbusters was born. It's Meta's in-house wiretapping tool to spy on data analytics from Snapchat starting in 2016, later used on YouTube and Amazon. This involved creating "kits" that can be installed on iOS and Android devices, to intercept traffic for certain apps, according to the filings. This was described as a "man-in-the-middle" approach to get data on Facebook's rivals, but users of Onavo were the "men in the middle."

Meta's Onavo unit has a history of using invasive techniques to collect data on Facebook's users. Meta acquired Onavo from an Israeli firm over 10 years ago, promising users private networking, as most VPNs do. However, the service was reportedly used to spy on rival social media apps through tens of millions of people who downloaded Onavo. It gave Facebook valuable intel about competitors, and this week's court filings seem to confirm that. A team of senior executives and roughly 41 lawyers worked on Project Ghostbusters, according to court filings. The group was heavily concerned with whether to continue the program in the face of press scrutiny. Facebook ultimately shut down Onavo in 2019 after Apple booted the VPN from its app store.

This discussion has been archived. No new comments can be posted.

Facebook Accused of Using Your Phone To Wiretap Snapchat

Comments Filter:
  • by cayenne8 ( 626475 ) on Tuesday March 26, 2024 @01:20PM (#64346423) Homepage Journal
    If an individual did this...They'd have the book thrown at them for hacking and a plethora of charges would be levied against them.

    Why are we not seeing the Feds jumping all over this with the DOJ immediately?!?.

    • With pro corporate right wing judges. Do a little bit of googling and you will find that an outfit called The heritage foundation has spent the last 40 years on a large scale project to install right wing judges favorable to large corporations.

      The program began after Barry Goldwater lost his election and the right wing in America regrouped and changed its tactics. Goldwater himself warned us about it and about the new wave of the American right wing. We didn't listen and here we are.
    • One count of wiretapping and one count of wire fraud per instance of interception.

      Oh, and Computer Fraud and Abuse Act charges.

      For everyone involved.

      No, wait - he's the third largest Democrat donor. Nevermind - Dish got their charges dropped last week for just a $130,000 donation to the Biden campaign.

      And people think I'm odd for having a separate phone for secret-source apps!

      • No, wait - he's the third largest Democrat donor.

        Yeah because the Republicans are sooo good at reigning in corporations.

        How about you pull your head out of your arse, stop cheering for a political party like a sports team and recognize that this is a massive, bipartisan problem.

    • by whoever57 ( 658626 ) on Tuesday March 26, 2024 @03:02PM (#64346691) Journal

      Why are we not seeing the Feds jumping all over this with the DOJ immediately?!?.

      While it might be about money, as others have suggested, I think there is an alternative suggestion: Meta/Facebook is too cooperative with providing data to the FBI/CIA and the DoJ doesn't want to risk that relationship.

    • by Miram ( 2480128 )

      Because it was done with the knowledge and consent of the Onavo users, and Facebook paid them ~$20/month for their data.
      Gizmodo reported this back in 2019, but made no mention of it in today's article.
      https://gizmodo.com/facebook-i... [gizmodo.com]

  • by mmdurrant ( 638055 ) on Tuesday March 26, 2024 @01:21PM (#64346431)
    Anyone who worked at Facebook and contributed to this project should be blacklisted. Using technical knowledge to assist evil is always an ethically negative proposition and we should have zero tolerance for it.

    Working in tech used to be cool but now it's just like finance. Dominated by sociopaths with zero principles that believe stealing money from people is OK as long as you can make some half-assed argument to blame it on the victim. i

    • It's because you're a tech nerd and us tech nerds love concept of individuals pulling off all sorts of cool shit using computers.

      This isn't something that can be solved in an individual level it's a systemic problem. It represents decades of pro corporate shifts in attitudes and beliefs.

      You need to understand that one of the things that corporations do is they spread the actions and blame around to so many people while also protecting those people from legal consequences.

      That can be a good thing w
      • I see where you're going but using Mortal Combat and drag queens as examples is weird. Might as well start talking about how corporations and government coordinated the push for EVs, 15-minute cities, and eating bugs to make your point. Or the fascist push for the COVID vaccination mandates.
    • by BigFire ( 13822 )

      Unlike Google, Facebook never claimed not to be Evil.

  • by Midnight_Falcon ( 2432802 ) on Tuesday March 26, 2024 @01:31PM (#64346451)
    Is especially relevant here, [slashdot.org] You shouldn't be using a VPN that neither you nor your employer control. The attack vector of compromise of the VPN provider (or it being plain malicious as it is here) is far worse than the near-useless-in-2024 security benefits of using a commercial VPN provider.

    Still, marketing persists and tech people cling to their NordVPN!

    • Is especially relevant here, [slashdot.org] You shouldn't be using a VPN that neither you nor your employer control. The attack vector of compromise of the VPN provider (or it being plain malicious as it is here) is far worse than the near-useless-in-2024 security benefits of using a commercial VPN provider.

      Still, marketing persists and tech people cling to their NordVPN!

      Third party VPNs are fine, as long as you understand they are a security risk not a security mitigation. They're a minor security/privacy risk, on par with the security/privacy risk posed by your ISP. If all of your traffic is end to end encrypted (e.g. TLS), then that's not a serious problem. If some of it isn't encrypted... you should fix that ASAP, and using a third party VPN is not a fix.

      Third party VPNs are good for region shifting and that's about it.

      • You're absolutely right, region shifting is one of few valid use cases...and it comes with some minor risk. Unfortunately I've talked to many NordVPN subscribers, including unwitting CEOs that made it mandatory for their whole company to use at all times; who believe VPN equals security and you must have, like McAfee antivirus in 1998. That's how Meta snookered people into installing this spyware VPN, and how NordVPN keeps billing legions of subscribers monthly for near-useless services (unless they real
        • Yes, the VPNs-for-security meme got pretty thoroughly embedded when companies were running their own VPNs to provide remote access to corp LANs (which is also not a great idea, though for different reasons) and security-clueless people assume that benefit is also provided by VPNs -- and the third-party VPNs in question definitely advertise security and privacy as a prominent features.

          In all honesty, NordVPN et al probably are a net security win, assuming you're not trying to hide from law enforcement. T

          • e.g. coffee shop wifi, which is generally unencrypted and sniffable by anyone with a nearby antenna.

            Your reply is very accurate until this part: this was true in let's say 2010, but now MiTM attacks like SSLStrip (hail Moxie Marlinspike) do not generally work anymore. HSTS, including prefetch lists embedded in browsers and widespread use of TLS mean coffee shop attacks just generate error messages in people's browsers. A few years ago, the installation of a browser plugin "HTTPS Everywhere" from the EFF was all you needed to do to guarantee it; but it's so widespread now that isn't usually necessary.

  • This would be a nightmare for Facebook if everyone filed individual federal lawsuits over this under the CFAA. Facebook seems to have checked all the boxes on this:

    Federal law regarding unauthorized use of a computing device primarily falls under the Computer Fraud and Abuse Act (CFAA), which is a United States cybersecurity law. Under the CFAA, there are several requirements that must generally be met to sue someone for unauthorized use of a computing device:
    1. Access without authorization: The defe

  • They trust me, the dumb fucks.

    1. I'm not surprised.

    2. Little people would have been threatened with 1000 years in the kind of rape torture prisons that America likes to specialize in order to get them to plead guilty to something that will merely destroy their life completely.

    At most, Meta will at most get a small fine put down to the cost of doing business.

  • Evil cyber criminal boss having his minions perform illegal wiretapping in millions of cases.

    • Nah, but he'll be spending what is to him a trivial amount of money having his legal department come up with a reason the courts should ignore this.

    • Best they can do is get Martha Stewart for selling some stocks and Tommy Chong selling rolling papers via mail.

  • Imagine if that had ben tik tok .... but is OK because it is the Americans spying on you and breaching your privacy.
  • Court settlements are literally bribes for an offender to keep doing what they're doing, so nothing changes until offers are refused short of reform.
  • by Rosco P. Coltrane ( 209368 ) on Tuesday March 26, 2024 @02:53PM (#64346657)

    is like getting financial advice from Sam Bankman Fried: how did those people even think this was legit?

    • I just checked the onavo site on the wayback machine from march 27th in 2018 [archive.org] and it doesn't say anything about Facebook. So why do you think "those people" knew they were buying VPN service from Zuckerberg?
      • You would think someone would do a modicum of research before subscribing to something as broad-ranging as a VPN service. Especially since, in theory, people who use a VPN do so to protect their privacy. And ESPECIALLY since the VPN was free.

        Many software aren't that important and you can install them with a cursory check of what they do and who owns them before installing them. But some, like VPNs or browsers, are so central to one's personal life, and have such potential for abuse, that they absolutely re

  • Not my phone they didn't.
  • That's why no social media on my phone including FB/Meta and no banking/money apps !!
  • Imagine if we had a government that actually passed laws to safeguard citizen rights and privacy. Wouldn't that be nice...
  • by OfMiceAndMenus ( 4553885 ) on Wednesday March 27, 2024 @07:58AM (#64348237)
    It is "Unauthorized Access of a Computer System" and it's a fucking federal felony. Direct violation of 18 USC 1030, and god help them if they installed this shit on a government-owned phone.

    Lock up Zuck for suggesting it, and shut down the fucking company already. They've learned zero from their oopsies with Cambridge Analytica et al. They're much more of a danger to America than Tik Tok and they provide nothing of value.
  • Hitting companies with fines that have a significant amount of bite to them would solve this problem.

    Set the fine as a percentage of overall Company worth at the time of the infraction ( ~5% as an arbitrary number ) and
    watch how quickly this behavior self corrects.

    Today, that would equate to a ~$5B fine for Facebook. ( In addition to what investors would do to it afterwards )

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...