The company's MitM attack is disclosed in court documents.
In 2016, Facebook launched a secret project called "Project Ghostbusters," which aimed to intercept and decrypt traffic between Snapchat users and its servers. The information came to light thanks to documents disclosed in a class-action lawsuit against Meta*, the parent company of Facebook*.
The goal of the project, which is part of the In-App Action Panel (IAPP) program, was to analyze user behavior in order to strengthen Facebook's competitiveness in the face of the growing influence of Snapchat. Meta subsequently tried to use similar methods against other competitors, including Amazon and YouTube, while bypassing their encryption.
The Onavo app, acquired by Facebook in 2013, played a key role in the implementation of the project. It functioned as a VPN service, allowing the company to read all of the device's Internet traffic before encrypting it and sending it to the network. However, in 2019, Facebook had to shut down Onavo after an investigation revealed that the company secretly paid teenagers to use the service to access their web activity.
In an internal email, Mark Zuckerberg expressed the need to find new ways to get reliable analytics about Snapchat due to their rapid growth. Engineers suggested using Onavo to implement the so-called Man-in-the-Middle attack (MitM attack), which would allow reading encrypted traffic.
Court documents allege that Facebook then expanded the program to Amazon and YouTube. There was no unanimous opinion within the company regarding the ethics and legality of the project. At the time, the head of the security department, Pedro Canahuati, expressed his opposition, saying that the public simply did not understand how it worked and therefore could not consent to such actions.
Amazon representatives declined to comment, while Google, Meta and Snap did not respond to requests for comment.
In 2016, Facebook launched a secret project called "Project Ghostbusters," which aimed to intercept and decrypt traffic between Snapchat users and its servers. The information came to light thanks to documents disclosed in a class-action lawsuit against Meta*, the parent company of Facebook*.
The goal of the project, which is part of the In-App Action Panel (IAPP) program, was to analyze user behavior in order to strengthen Facebook's competitiveness in the face of the growing influence of Snapchat. Meta subsequently tried to use similar methods against other competitors, including Amazon and YouTube, while bypassing their encryption.
The Onavo app, acquired by Facebook in 2013, played a key role in the implementation of the project. It functioned as a VPN service, allowing the company to read all of the device's Internet traffic before encrypting it and sending it to the network. However, in 2019, Facebook had to shut down Onavo after an investigation revealed that the company secretly paid teenagers to use the service to access their web activity.
In an internal email, Mark Zuckerberg expressed the need to find new ways to get reliable analytics about Snapchat due to their rapid growth. Engineers suggested using Onavo to implement the so-called Man-in-the-Middle attack (MitM attack), which would allow reading encrypted traffic.
Court documents allege that Facebook then expanded the program to Amazon and YouTube. There was no unanimous opinion within the company regarding the ethics and legality of the project. At the time, the head of the security department, Pedro Canahuati, expressed his opposition, saying that the public simply did not understand how it worked and therefore could not consent to such actions.
Amazon representatives declined to comment, while Google, Meta and Snap did not respond to requests for comment.
