this post was submitted on 27 Mar 2024
817 points (99.0% liked)

Technology

58011 readers
3222 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
817
Facebook snooped on users' Snapchat traffic in secret project, documents reveal (techcrunch.com)
submitted 5 months ago by [email protected] to c/[email protected]
110 comments fedilink hide all child comments
 

Meta tried to gain a competitive advantage over its competitors, including Snapchat and later Amazon and YouTube, by analyzing the network traffic of how its users were interacting with Meta’s competitors. Given these apps’ use of encryption, Facebook needed to develop special technology to get around it.

Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”

A man-in-the-middle attack — nowadays also called adversary-in-the-middle — is an attack where hackers intercept internet traffic flowing from one device to another over a network. When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 5 months ago (1 children)

I definitely see why this would be illegal, but how would the DMCA apply?

[–] [email protected] 32 points 5 months ago (1 children)

It's illegal to bypass encryption for the purpose of breaking DRM, which is what the app specifically does with Snapchats DRM.

https://www.dmlp.org/legal-guide/circumventing-copyright-controls

[–] [email protected] -2 points 5 months ago (1 children)

That would be if they downloaded the uploaded Snapchats. This takes out web traffic, aka which "locations" your device visited, which 1. isn't protected by copyright since it's not a work 2. hasn't been to Snapchat's encryption yet. That time Bethesda accidentally shipped a DRM-free version of doom along with the main version, I don't think opening the DRM-free one would count as circumventing.

The relevant laws here should be about privacy and hacking.

[–] [email protected] 6 points 5 months ago* (last edited 5 months ago) (1 children)

Why did you ask if you already had your answer then? The DMCA has no carve outs.

[–] [email protected] 10 points 5 months ago* (last edited 5 months ago) (1 children)

Because you may have seen some angle I didn't anticipate.

Not sure what you mean about carveouts.

[–] [email protected] 3 points 5 months ago (2 children)

There's no exceptions for fair use, if you break the encryption at all then you're in violation of the DMCA.

[–] [email protected] -1 points 5 months ago (1 children)
  1. They technically (and legally) didn't break it as they're intercepting the traffic before it gets encrypted.
  2. Not all encryption is DRM and covered by the DMCA. Hacking into and decrypting an encrypted database of passwords is violating hacking laws, not the DMCA. Same would apply to traffic data.

Note that IANAL.

[–] [email protected] 6 points 5 months ago (2 children)

The DMCA is also not specific to the method. Bypassing encryption is legally the same as breaking it.

[–] [email protected] 1 points 5 months ago

Is there a case law that you know about that supports this? I ask, sincerely, because every one that I know of that deals with dmca was a copyright case. Wiretap act or section 5 of the FTC act, sure, but dmca?

[–] [email protected] -1 points 5 months ago (2 children)

Hmm, I'll take your word for that, but this data is still not covered by the DMCA.

[–] [email protected] 3 points 5 months ago (1 children)

The DMCA specifically prohibits breaking or bypassing any kind of access controls.

The only way this could not be a DMCA violation is if they only ever used it to monitor traffic for their own subdomains.

[–] [email protected] -2 points 5 months ago (1 children)

The DMCA does not have anything to do with uncopyrighted data.

[–] [email protected] 3 points 5 months ago (1 children)

Private communications are covered by copyright.

[–] [email protected] -1 points 5 months ago (1 children)

Network data requests aren't exactly private communications.

[–] [email protected] 4 points 5 months ago (1 children)

Wiretapping laws would seem to disagree. XD

[–] [email protected] 0 points 5 months ago* (last edited 5 months ago) (1 children)

Wiretapping laws aren't enforced because of copyright. Such communication isn't the type of private communications that is copyrighted.

[–] [email protected] 2 points 5 months ago (3 children)

Wiretapping laws aren't enforced because of copyright.

Sure, but Facebook would prefer a copyright case over anything that might suggest a bill of privacy rights would be a good idea.

[–] [email protected] 1 points 5 months ago (1 children)

Facebook's preference doesn't change the nature of existing law.

[–] [email protected] 0 points 5 months ago (1 children)

Precisely.

[–] [email protected] 0 points 5 months ago

So do we agree that this has nothing to do with the DMCA?

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago) (1 children)

Mate, the whole point of Snapchat, the application, is limiting, digitally, the rights of your friends and others to view your photo, with a built in expiration on those rights. If you think the DMCA doesn't apply then you're out of your fucking mind. Copyright is granted to the photographer the second you press the shutter button.

EULA:

Copyright Policy

This section describes how to provide notice to Snapchat of content on Snapchat that infringes the intellectual property rights of another and Snapchat’s rights with respect to that notice. Snapchat respects the intellectual property rights of others. In accordance with the Digital Millennium Copyright Act (“DMCA”) and other applicable laws, we have adopted a policy of, upon notice, restricting access to or deleting content that infringes a third party’s copyright and, in appropriate circumstances and in our sole discretion, terminating account holders or other users of the Services who are deemed to be repeat infringers of a third party’s copyrighted work.

If you believe that anything on the Services infringes any copyright that you own or control, you may file a notice of such infringement, in compliance with the requirements of 17 U.S.C. § 512(c)(3), with our designated agent:

Snapchat, Inc. Attn: Copyright Agent 523 Ocean Front Walk Venice, CA 90291 [email protected] Fax: (310) 943-1793

[–] [email protected] 0 points 5 months ago* (last edited 5 months ago)

They're sniffing on users' traffic data, basically browsing history, not the works on Snapchat. Meta wasn't caring about their photos; they were seeing how foreign platforms' users interact.