Technology

58011 readers

3199 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

817

Facebook snooped on users' Snapchat traffic in secret project, documents reveal (techcrunch.com)

submitted 5 months ago by [email protected] to c/[email protected]

110 comments fedilink hide all child comments

Meta tried to gain a competitive advantage over its competitors, including Snapchat and later Amazon and YouTube, by analyzing the network traffic of how its users were interacting with Meta’s competitors. Given these apps’ use of encryption, Facebook needed to develop special technology to get around it.

Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”

A man-in-the-middle attack — nowadays also called adversary-in-the-middle — is an attack where hackers intercept internet traffic flowing from one device to another over a network. When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 5 months ago

This is the best summary I could come up with:

In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers.

On Tuesday, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit.

When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.

This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet.

“We now have the capability to measure detailed in-app activity” from “parsing snapchat [sic] analytics collected from incentivized participants in Onavo’s research program,” read another email.

The original article contains 671 words, the summary contains 175 words. Saved 74%. I'm a bot and I'm open source!