"Man-in-the-middle" method: Facebook has probably bypassed Snapchat encryption
Scandal docs emerge in Facebook lawsuit; Snapchat action likely harsher than expected.
(Bild: BigTunaOnline/Shutterstock.com)
Mark Zuckerberg was allegedly more involved in a project to spy on Facebook competitors than previously known. In addition, outright "man-in-the-middle" attacks were carried out against Snapchat. At least that is what publicly accessible court documents now suggest, which were compiled as part of a class action lawsuit against the Facebook group Meta. The documents cite emails according to which Zuckerberg instructed employees to obtain reliable usage data despite the encryption of Snapchat traffic. As a result, work was done to decrypt SSL-encrypted data from Snapchat using the company's own VPN application, Onavo. The decision to discontinue the program was later made in conjunction with Zuckerberg. The documents shed new light on a scandal that broke years ago.
Examined by dozens of lawyers
The allegations relate to Facebook's aggressive approach against its then up-and-coming competitor, Snapchat. According to the documents, a so-called "Project Ghostbusters" was set up at Facebook – now Meta – to find out what was happening there. The name "Ghostbusters" appears to refer to the Snapchat logo, a white ghost on a yellow background. In an email dated June 9, 2016, Zuckerberg stated that it was important to obtain reliable analytics data on Snapchat. He suggested that special software might need to be written and added: "You need to figure out how to do this." Just a few days later, a team from the subsidiary Onavo suggested intercepting internet traffic on users' smartphones using the VPN app of the same name to bypass encryption: This is the "man-in-the-middle" approach, summarized one manager.
Documents and witness statements prove that this approach was actually used on a large scale, according to the plaintiffs' team. They refer to a period between June 2016 and the beginning of 2019. Later, encrypted traffic from YouTube and Amazon was also analyzed. Facebook used the data collected in this way to understand how Snapchat is used and to revise its products based on this. Dozens of lawyers were involved with Facebook and assured that the procedure was legal. This raises the question whether it is not a violation of hacking laws.
It had been known for years that Facebook used Onavo to gain important insights into competitors' apps and to react to them. Onavo offered the Onavo Protect app, which routed mobile device traffic through a VPN and analyzed it for security threats. It was prominently advertised with this promise. At the beginning of 2019, Apple took action against the application, whereupon Facebook withdrew the app and closed the subsidiary responsible for it. The legal proceedings are now being conducted as part of a class action lawsuit against Facebook (Ref.: 3:20-cv-08570-JD). The documents have now been brought to light.
(mho)
