Thursday, March 28, 2024

Facebook’s Project Ghostbusters

Lorenzo Franceschi-Bicchierai (tweet, via Nick Heer):

In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents. Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo.


The document includes internal Facebook emails discussing the project.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”

Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.


Later, according to the court documents, Facebook expanded the program to Amazon and YouTube.

Jason Kint (PDF):

Yellow highlight indicates redactions just lifted in nine unsealed plaintiffs briefs in private antitrust lawsuit. Wild stuff.


You can read the press back in Jan 2019 spoon fed by Facebook PR to friendlies with no mentions of decrypting SSL then compare to this internal email below sent to Facebook’s most senior executives - “currently includes SSL decryption”…


court also unsealed (in yellow) a brief re: Netflix whose CEO sat on Facebook’s board. The lawsuit allegations are Netflix was one of the companies where Facebook backed off competing in exchange for data to boost its ad targeting signals.

Jesse Squires:

When I worked at Instagram/FB, I routinely saw presentations with data harvested from the Onavo “VPN”.

I remember asking “how do we know this user data about YouTube and SnapChat?”

The answer: “Onavo.”

I still don’t know how this wasn’t illegal and anti-competitive. Surely it was.


Update (2024-03-29): Karl Bode:

Fast forward to 2020, when Facebook users Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook for spying on users and lying about it. And here we are; maybe Facebook will see accountability, maybe not. It’s a dice roll in a country that doesn’t take consumer privacy seriously.

Scharon Harding (Hacker News):

As spotted via Gizmodo, a letter was filed on April 14 in relation to a class-action antitrust suit that was filed by Meta customers, accusing Meta of anti-competitive practices that harm social media competition and consumers. The letter, made public Saturday, asks a court to have Reed Hastings, Netflix’s founder and former CEO, respond to a subpoena for documents that plaintiffs claim are relevant to the case. The original complaint filed in December 2020 [PDF] doesn’t mention Netflix beyond stating that Facebook “secretly signed Whitelist and Data sharing agreements” with Netflix, along with “dozens” of other third-party app developers. The case is still ongoing.

The letter alleges that Netflix’s relationship with Facebook was remarkably strong due to the former’s ad spend with the latter and that Hastings directed “negotiations to end competition in streaming video” from Facebook.

One of the first questions that may come to mind is why a company like Facebook would allow Netflix to influence such a major business decision. The litigation claims the companies formed a lucrative business relationship that included Facebook allegedly giving Netflix access to Facebook users’ private messages[…]

Update (2024-04-01): Matthew Green:

This thing Facebook did — running an MITM on Snapchat and other competitors’ TLS connections via their Onavo VPN — is so deeply messed up and evil that it completely changes my perspective on what that company is willing to do to its users.

John Gruber:

In 2018 Apple removed Onavo from the App Store, but the fact that Facebook was using Onavo in this way was known a year earlier.

See also: Internal Tech Emails, Hacker News.

3 Comments RSS · Twitter · Mastodon

Let's sit back and watch how this doesn't affect Zuckerberg in any way at all.

Old Unix Geek

Sharing private DMs? WTF won't Facebook do?

It's a bit strange that there seems to be a rivalry between some Silicon Valley CEOs to be the first to be sent to jail.

Leave a Comment