Mark Zuckerberg was allegedly more involved in a project to spy on Facebook competitors than previously known. In addition, real “man-in-the-middle” attacks were carried out against Snapchat. At least that's what publicly accessible court documents now suggest, which were compiled as part of a class action lawsuit against the Facebook group Meta. It cites emails according to which Zuckerberg instructed employees to obtain reliable usage data despite the encryption of Snapchat traffic. As a result, work was carried out to decrypt SSL-encrypted data from Snapchat using the in-house VPN app Onavo. The question of whether this program should be stopped was later decided together with Zuckerberg. The documents shed new light on a scandal that became public years ago.
Advertisement
Reviewed by dozens of lawyers
The allegations made relate to Facebook's aggressive actions against its then-emerging competitor Snapchat. In order to find out what happened there, according to the documents, a so-called “Project Ghostbusters” was launched on Facebook – now Meta. The name “Ghost Hunters” seems to refer to Snapchat’s logo, a white ghost on a yellow background. In an email dated June 9, 2016, Zuckerberg declared it important to receive reliable analysis data for Snapchat. Maybe you need to write special software, he suggests, adding: “You have to figure out how to do it.” Just a few days later, a team from the subsidiary Onavo suggested intercepting Internet traffic on users' smartphones using the VPN app of the same name in order to circumvent the encryption: This is the “man-in-the-middle” approach , summed up a manager.
According to the plaintiffs' team, documents and witness statements prove that this approach was actually used on a large scale. There we are talking about a period between June 2016 and the beginning of 2019. Later, encrypted traffic from YouTube and Amazon was also analyzed. At Facebook, the data collected in this way was used to understand how Snapchat is used and to revise its own products based on this. Dozens of lawyers were involved in Facebook and assured that the procedure was legal. The question arises as to whether this is a violation of hacking laws.
It has been known for years that Facebook used Onavo to gain important insights into and respond to competitors' apps. Onavo offered the Onavo Protect app, which funneled mobile device traffic through a VPN and analyzed it for security threats. It was prominently advertised with this promise. At the beginning of 2019, Apple took action against the application, whereupon Facebook withdrew the app and closed the subsidiary responsible for it. The legal processing is now taking place as part of a class action lawsuit against Facebook (ref.: 3:20-cv-08570-JD). The documents have now been brought to light.
(my)