What the title and bot don’t mention: They did so by installing spyware on phones of users of a vpn they acquired:
After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”
What’s more:
Later, according to the court documents, Facebook expanded the program to Amazon and YouTube.
Obligatory this is why you shouldn’t use a free/cheap vpn.
Can’t all vpns do this though?
Yups. You’re usually better off running one yourself.
This only works if you don’t want the privacy enhancing aspect of advertisers not tying your activity to an IP address.
Beyond more safely using open Wi-Fi or bypassing a censoring ISP, there isn’t much reason there.
That’s debatable. In my estimation, by using a “service vpn” you’re giving advertisers some other kind of demographic information, namely that you’re the kind of person that pays for a vpn.
Is that better or worse than giving advertisers the data point that you’re high-tech knowledgable and browse personal accounts from a server in a datacenter?
Yeah, that’s why I think it’s debatable. It’s a lot easier to make those decisions on traffic coming from a known vpn ip, versus all vps providers in the world - many of which have corporate uses.
On the other hand - if you’re smart enough to set up a vpn, you’ll also be smart enough to set up ad blocking, so the point is kinda moot anyway. Plus you’ll be a lot less likely to have your traffic logged opposed to a service vpn.
That’s true. I’d only use a VPN service that’s been audited (either by a security company or, preferably, law enforcement) not to keep logs. There are only a small handful of those however. It really all depends on your needs. There are far more VPN services that do log and sell the data, and/or turn your host device into a proxy for other users/services.
How the fuck is no one in jail over this?
Because money
My guess is they put it in the terms and conditions of the vpn.
People don’t mind that mainstream society is built by abusing them. It’s not for us, it’s for them. This isn’t freedom?
How does that work?
Snapchat uses TLS - right?! Did Onavo install a CA? Can every VPN-App do so? Did Snapchat not use certificate pinning?
This is the best summary I could come up with:
In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers.
On Tuesday, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.
“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit.
When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.
This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet.
“We now have the capability to measure detailed in-app activity” from “parsing snapchat [sic] analytics collected from incentivized participants in Onavo’s research program,” read another email.
The original article contains 671 words, the summary contains 175 words. Saved 74%. I’m a bot and I’m open source!
