Not since the Sony Email Leak have I been so entertained by incriminating emails as I have with the Facebook memos that effectively instruct staff to spy on private user communications.
The kinds of (illegal) things that high-profile business leaders are willing to put into emails will never cease to amuse me.
The Independent reported: "Facebook carried out a secret spying campaign into Snapchat user data, according to unsealed court filings.
The operation, known internally as ‘Project Ghostbusters’, was initiated by chief executive Mark Zuckerberg in 2016 after he became frustrated with the privacy measures of his competitor.
“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Mr Zuckerberg wrote in an email to company executives on 9 June, 2016."
In what is sure to be a solid example of the now-established privacy term Zuckering, the eponymous founder literally wrote:
"Perhaps we need to <...> write custom software. You should figure out how to do this. <...> allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage <...>This is a ‘man-in-the-middle’ approach.” (referring to Meta/Facebook creating technology to read encrypted SnapChat user traffic without anyone's consent using a MITM attack).
According to TechCrunch: "A man-in-the-middle attack — nowadays also called adversary-in-the-middle — is an attack where hackers intercept internet traffic flowing from one device to another over a network. When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.
Given that Snapchat encrypted the traffic between the app and its servers, this network analysis technique was not going to be effective. This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet."
According to the Independent: "Following MrZuckerberg’s 2016 email, Onavo engineers developed kits to carry out ‘man-in-the-middle’ monitoring that allowed them “to read what would otherwise be encrypted traffic”.
The spying technique, which gave the ability to “measure detailed in-app activity’, was later used on Amazon and YouTube."
For investigators, it's no doubt helpful to see that he is well-versed in the terminology specific to the security attack being proposed.
According to TechCrunch: "Inside Facebook, there wasn’t a consensus on whether Project Ghostbusters was a good idea. Some employees, including Facebook’s then-head of infrastructure engineering and the then-head of security engineering, expressed their concern.
“I can’t think of a good argument for why this is okay. No security person is ever comfortable with this, no matter what consent we get from the general public. The general public just doesn’t know how this stuff works,” Canahuati wrote in an email, included in the court documents.
In 2020, Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook, claiming that the company lied about its data collection activities and exploited the data it “deceptively extracted” from users to identify competitors and then unfairly fight against these new companies."
Gizmodo and Quarts reported: "Facebook didn’t immediately respond to a request for comment on the court filings.
Access to a competitor’s traffic analytics would have allowed Facebook a significant advantage when it comes to selling to advertisers. Meta has become a dominant force in the advertising industry in the last decade, and competitors like Snapchat don’t hold a candle to Meta’s analytics. Prosecutors allege Project Ghostbusters harmed competition in the ad industry, adding weight to their central argument that Meta is a monopoly in social media."
Member discussion: