Facebook snooped on users' Snapchat traffic in secret project, documents reveal | TechCrunch
techcrunch.com
external-link
A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.
IninewCrow
link
fedilink
English
129M

It’s a proprietary platform … what do people expect?

It’s visiting someone’s business and you are in their property and you are watching TV on their TV set. You are reading newspapers and books that are on their property. And everyone acts surprised when the property owner keeps track of what you watched and what you read on their property.

You have no rights to do anything on their property … other than the rights they give you, which they can also take away, or just kick you out.

Elise
link
fedilink
English
29M

I like your analogy but from my perspective it isn’t fitting.

It would be more like the postal service opening your letters.

@4am@lemm.ee
link
fedilink
English
7
edit-2
9M

I think you are thinking of Instagram. Facebook doesn’t own Snapchat.

Oh it’s Onavo. Onavo was the “Facebook VPN” software they shuttered in 2019. So it had access to network traffic on-device before it was sent out.

Seems like it was more than a VPN, and put its claws deep into the network stack if it was reading packet buffers before they were encrypted. Not good; I’m sure that users were not made aware of this but in light of this possibility, your point stands.

@filister@lemmy.world
link
fedilink
English
119M

What I really dislike in this way of thinking is that when Facebook is doing it, the reaction is what do you expect and when TikTok are doing it, people are outraged and call for banning the whole platform.

So why the double standards?

“Foreign oligarchs are taking over!” - domestic oligarchs probably

removed by mod

@ZeroCool@slrpnk.net
link
fedilink
English
22
edit-2
9M

It’s a proprietary platform … what do people expect?

It’s visiting someone’s business and you are in their property and you are watching TV on their TV set. You are reading newspapers and books that are on their property. And everyone acts surprised when the property owner keeps track of what you watched and what you read on their property.

You have no rights to do anything on their property … other than the rights they give you, which they can also take away, or just kick you out.

Are you under the impression that Facebook owns Snapchat? Because they don’t. Nothing about this little “blame people for using proprietary services” rant is actually relevant to what happened. At all.

You should read the article because you clearly didn’t. Hell, all you’d have to do is read the first paragraph to understand they were spying on the users of a competitor.

@solrize@lemmy.world
link
fedilink
English
5
edit-2
9M

Are you under the impression that Facebook owns Snapchat? Because they don’t. Nothing about this little “blame people for using proprietary services” rant is actually relevant to what happened. At all.

You should read the article because you clearly didn’t. Hell, all you’d have to do is read the first paragraph to understand they were spying on the users of a competitor.

The spying was done by a proprietary service (Facebook’s VPN). Blaming the users for anything on that scale is dumb and futile, but it still reinforces the idea of avoiding proprietary services as much as possible, especially anything on the client side.

The article didn’t explain how the attack worked though. Did the Snapchat client not use anything like TLS to connect to the Snapchat server? Did the Facebook VPN somehow still intercept it, e.g. with a certificate that Snapchat trusted but that Facebook used for spying? Die that cert also work in browsers and did it somehow pass a third party audit, that at least Mozilla requires? I do know Mozilla looks very askance at such things, and they booted out at least one cert vendor over something like that a few years ago.

If Snapchat used some kind of device-wide TLS stack that Facebook managed to subvert, that should be treated as an OS vulnerability (assuming we’re talking about mobile devices). There’s a bunch of stuff that apps simply cannot do unless the user first goes through some complex procedure to root the phone. Messing with the TLS stack should be one of them.

Nate Cox
link
fedilink
English
509M

…what?

This was one company spying on the users of its competitor via unofficial means. Even in the furthest stretch of the corporate boot licking bullshit that “you signed up for the app so you deserve to be spied on” exists in, I don’t see how this scenario is covered.

@ZeroCool@slrpnk.net
link
fedilink
English
18
edit-2
9M

This is just typical Lemmy. User doesn’t read the article but has very strong opinions based on what they imagine it to be about. Comment gets upvoted by a bunch of other users who also didn’t read the article but imagine they know what happened too. Rinse and repeat.

Create a post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…


Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don’t ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don’t repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

  • 1 user online
  • 1 user / day
  • 4 users / week
  • 45 users / month
  • 395 users / 6 months
  • 1 subscriber
  • 675 Posts
  • 11.2K Comments
  • Modlog