Facebook snooped on users' Snapchat traffic in secret project, documents reveal | TechCrunch
techcrunch.com
A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.

Meta tried to gain a competitive advantage over its competitors, including Snapchat and later Amazon and YouTube, by analyzing the network traffic of how its users were interacting with Meta’s competitors. Given these apps’ use of encryption, Facebook needed to develop special technology to get around it.

Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”

A man-in-the-middle attack — nowadays also called adversary-in-the-middle — is an attack where hackers intercept internet traffic flowing from one device to another over a network. When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.

      • Aatube@kbin.melroy.org
        79·
        3 months ago

        That would be if they downloaded the uploaded Snapchats. This takes out web traffic, aka which “locations” your device visited, which 1. isn’t protected by copyright since it’s not a work 2. hasn’t been to Snapchat’s encryption yet. That time Bethesda accidentally shipped a DRM-free version of doom along with the main version, I don’t think opening the DRM-free one would count as circumventing.

        The relevant laws here should be about privacy and hacking.

        • Aniki 🌱🌿English
          93·
          3 months ago

          Why did you ask if you already had your answer then? The DMCA has no carve outs.

          • Aatube@kbin.melroy.org
            111·
            3 months ago

            Because you may have seen some angle I didn’t anticipate.

            Not sure what you mean about carveouts.

            • knightly@pawb.socialEnglish
              3·
              3 months ago

              There’s no exceptions for fair use, if you break the encryption at all then you’re in violation of the DMCA.

              • Aatube@kbin.melroy.org
                23·
                3 months ago
                1. They technically (and legally) didn’t break it as they’re intercepting the traffic before it gets encrypted.
                2. Not all encryption is DRM and covered by the DMCA. Hacking into and decrypting an encrypted database of passwords is violating hacking laws, not the DMCA. Same would apply to traffic data.

                Note that IANAL.

                • knightly@pawb.socialEnglish
                  6·
                  3 months ago

                  The DMCA is also not specific to the method. Bypassing encryption is legally the same as breaking it.

                  • jupiter_jazz@lemmy.dbzer0.comEnglish
                    1·
                    3 months ago

                    Is there a case law that you know about that supports this? I ask, sincerely, because every one that I know of that deals with dmca was a copyright case. Wiretap act or section 5 of the FTC act, sure, but dmca?