Home › Forums › A SECURITY AND NEWS FORUM › Facebook caught spying on Snapchat, YouTube and Amazon
- This topic is empty.
Viewing 1 post (of 1 total)
-
AuthorPosts
-
2024-03-28 at 15:49 #444091Nat QuinnKeymaster
Facebook caught spying on Snapchat, YouTube and Amazon
Recently unsealed court documents have revealed how Meta Platforms used a man-in-the-middle attack to spy on Snapchatâs encrypted analytics web traffic.
Meta CEO Mark Zuckerberg told three of Metaâs top executives that given how quickly Snapchat was growing, it was important to find âreliable analytics about themâ in an email titled âSnapchat analyticsâ.
Javier Olivan, now Facebookâs COO, replied that he fully agreed with the need for these analytics. He had looked into this with the Onavo team, a web analytics company owned by Meta.
However, gaining insight into Snapchatâs encrypted analytics would require legal approval.
Olivan forwarded the email to Guy Rosen, Onavoâs founder, who replied, âWe are going to figure out a plan for a lockdown effort during June to bring a step change to our Snapchat visibility. This is an opportunity for our team to shine.â
By mid-June, the Onavo team had devised a plan for the âGhostbusters projectâ, referencing the ghost in Snapchatâs logo.
The teamâs solution was to employ a man-in-the-middle attack using their Onavo VPN service to intercept the information before Snapchat could encrypt it using Transport Layer Security (TLS, which the court documents refer to by its predecessorâs name, SSL).
Meta would extract the data once it had left usersâ mobile devices and before it reached Snapchat servers.
Meta used this technique, known as SSL bumping, from June 2016 until early 2019.
However, Snapchat was not the only victim.
Facebook also employed the technology against YouTube and Amazon between 2017 and 2018.
This technology aimed to acquire and decrypt private analytic data from Snapchat, YouTube and Amazon to inform their competitive decision-making.
Onavo was eventually shut down by Meta in 2019 after TechCrunch exposed Facebook for secretly paying teenagers to spy on their web activity.
Olivan suggested this as a solution to the Onavo team before the Ghostbusters project was started.
Some were concerned about the project, such as Pedro Canahuati, head of structural security engineering at the time.
He wrote in an email, âI canât think of a good argument for why this is okay. No security person is ever comfortable with this, no matter what consent we get from the general public. The general public just doesnât know how this stuff works.â
A class-action lawsuit was filed against Meta by Sarah Grabert and Maximilian Klein in 2020 for âanti-competitive conduct and exploiting user data through deceptive practices.â
sources:Facebook caught spying on Snapchat, YouTube and Amazon (mybroadband.co.za)
-
AuthorPosts
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.