Penka Hristovska
Published on: April 3, 2024
Meta illegally monitored its users through the Onavo VPN product while they accessed Snapchat and other competing apps, newly unsealed court filings reveal.
The surveillance was done as part of an initiative called Project Ghostbusters, an alleged reference to Snapchat’s corporate logo. Project Ghostbusters was run by Onavo, a company Facebook acquired in 2013, that operated under the guise of providing a VPN service. Ironically, this service was discontinued in 2019 due to its failure to ensure privacy.
The initiative began in June 2016 when Mark Zuckerberg, Meta’s founder and CEO, asked his team to find a way to reliable analytics from Snapchat’s encrypted data, as the platform was gaining increased market attention.
A month later, the Onavo team developed a solution — to employ an “SSL man-in-the-middle” attack to decrypt Snapchat’s secured traffic. In a man-in-the-middle attack, attackers insert themselves between a user and an application, allowing them to intercept and decrypt data transmissions.
They later expanded the project to target other Facebook competitors, including YouTube in 2017 and Amazon in 2018.
More specifically, Facebook conducted studies that rewarded participants, who had agreed to take part, for installing a research app developed by Onavo. This app tracked their smartphone usage and provided the tech giant with insights into user behavior across devices. The app allegedly installed a root Certificate Authority on participants’ devices, enabling Facebook to intercept participants’ encrypted SSL/TLS connections.
This setup also allowed the company to reroute analytics traffic from Snapchat (and later from Amazon and YouTube) to Onavo’s servers. Upon arrival, this data was decrypted and analyzed for commercial benefits, then re-encrypted and sent back to Snapchat, all without the knowledge of the photo-sharing app’s creators, the complaint explains.
The court documents detailing Meta’s alleged actions are part of a lawsuit filed against Meta in California by Facebook advertisers. The lawsuit alleges that Meta/Facebook’s anti-competitive actions, such as data interception, led to higher advertising costs and damaged competition.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://www.safetydetectives.com/news/metas-onavo-vpn-removed-ssl-encryption-to-spy-on-competitors/
