175

I'm not sure if this fully fits into TechTakes mission statement, but "CEO thinks it's a-okay to abuse certificate trust to sell data to advertisers" is, in my opinion, a great snapshot of what brain worms live inside those people's heads.

In short, Facebook wiretapped Snapchat by sending data through their VPN company, Onavo. Installing it on your machine would add their certificates as trusted. Onavo would then intercept all communication to Snapchat and pretend the connection is TLS-secure by forging a Snapchat certificate and signing it with its own.

"Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted, we have no analytics about them," Facebook CEO Mark Zuckerberg wrote in a 2016 email to Javier Olivan.

"Given how quickly they're growing, it seems important to figure out a new way to get reliable analytics about them," Zuckerberg continued. "Perhaps we need to do panels or write custom software. You should figure out how to do this."

Zuckerberg ordered his engineers to "think outside the box" to break TLS encryption in a way that would allow them to quietly sell data to advertisers.

I'm sure the brave programmers that came up with and implemented this nonsense were very proud of their service. Jesus fucking cinammon crunch Christ.

top 5 comments
sorted by: hot top controversial new old
[-] halcyoncmdr@lemmy.world 71 points 8 months ago* (last edited 8 months ago)

forging a Snapchat certificate and signing it with its own.

Sounds to me like that should be a violation of Title 18 U.S. Code § 1030, the Computer Fraud and Abuse Act. A violation for every individual message that was intercepted.

All C-level employees or board members that knew of the program and did not blow a whistle should be tried, in addition to the company itself being fined.

Yes this would likely kill Facebook on fines alone. The fact nothing even remotely close to this will never happen shows how much power we've willingly given up as citizens by electing politicians for businesses and refusing to remove money from politics.

[-] Darkassassin07@lemmy.ca 34 points 8 months ago

I'm interested to see what, if anything, comes from this case.

Seems like pretty cut and dry; large scale criminal wire tapping by a private corporation...

I'm glad I abandoned Facebook/Meta and all its affiliates long ago. Just not long ago enough... :/

[-] cornflake@awful.systems 4 points 8 months ago

So are we on the precipice of the worlds largest lawsuit from Snap or do they have an interest in letting this slide?

[-] gerikson@awful.systems 4 points 8 months ago

The Onavo app used by FB to MitM traffic is just a VPN, as long as FB can reasonably argue it was installed by users willingly they should be in the clear.

[-] autotldr 1 points 8 months ago

This is the best summary I could come up with:


The documents were filed in a class-action lawsuit from consumers and advertisers, accusing Meta of anticompetitive behavior that blocks rivals from competing in the social media ads market.

"Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted, we have no analytics about them," Facebook CEO Mark Zuckerberg (who has since rebranded his company as Meta) wrote in a 2016 email to Javier Olivan.

The IAAP program's purpose was to gather granular insights into users' engagement with rival apps to help Facebook develop products as needed to stay ahead of competitors.

Olivan was told that these so-called "kits" used a "man-in-the-middle" attack typically employed by hackers to secretly intercept data passed between two parties.

Mike Schroepfer, then-chief technology officer, argued that Facebook wouldn't want rivals to employ a similar program analyzing their encrypted user data.

While the unsealed emails detailing the project have recently raised eyebrows, Meta's spokesperson told Ars that "there is nothing new here—this issue was reported on years ago.


The original article contains 925 words, the summary contains 169 words. Saved 82%. I'm a bot and I'm open source!

this post was submitted on 12 Apr 2024
175 points (100.0% liked)

TechTakes

1483 readers
108 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS