Meta tried to gain a competitive advantage over its competitors, including Snapchat and later Amazon and YouTube, by analyzing the network traffic of how its users were interacting with Meta’s competitors. Given these apps’ use of encryption, Facebook needed to develop special technology to get around it.
Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.
After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”
A man-in-the-middle attack — nowadays also called adversary-in-the-middle — is an attack where hackers intercept internet traffic flowing from one device to another over a network. When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.
And people want to let these parasites integrate into the fediverse
honest question: why does it matter? all data in any fediverse project is public anyways
For me it’s not really about the data, it’s unforseen malicious maneuvers outside data. Sabotaging instances, manipulating feeds for their gain, or try to still centralize the fediverse undermining the whole concept. My point is, we don’t know what bad thing they could/would do, they are creative. But we sure as fuck know it’s an evil organization and they can’t be trusted.
that’s fair. I fully believe they could pull some fuckery that would make everything worse
Please tell me what governing body exists for the fediverse that would let us deny them access?
How is this a relevant question? Nobody said anything about some governing body. There have been discussions on many instances about whether to federate with them or not, and it’s accurate to say that some people think we should.
For example, I’m personally of the opinion that instances should be allowed to federate until they prove themselves to be bad actors, but in Meta’s case there’s a lot of existing evidence that shows they shouldn’t be allowed to federate in the first instance.
Meta is the textbook definition of a bad actor. Plenty of precedent there.
Who do you imagine is (or should be) making these rules for the Fediverse?
Every instance gets to decide on its own, there’s no set of rules governing the whole thing. That’s why I stated this is my opinion, not some hard and fast rule.
You stated it very much as a set of rules that should exist. Twice.
For example, I’m personally of the opinion …
Are you replying to the correct person?
its also accurate to say some people are fucking idiots and think we should federate.
on the wax winged hope in hell that the bad actor suddenly, miraculously, becomes a good actor…for reasons no one can explain.
Do you know how the Fediverse works? Instance maintainers who are less than thrilled with Meta can choose to defederate from Threads.
Exactly my point. It’d be on an instance by instance basis, there is no “singular group” that can block them from the entire fediverse.
Im more specifically thinking about the big ones when this debate was going on about a couple of months ago.
Diaspora allows for whitelisting visibility of posts to certain users(and servers… depending on where users are hosted)
This is blatantly circumventing encryption and a violation of the DMCA but lets see the DoJ do fuck all about it.
Right, Biden? Facebook, Good, Tiktok, bad?
Two things can be bad at once.
What Meta did/is doing here is unbelievably shitty (but not that shocking).
That in no way diminishes the incredibly serious implications of TikTok being wholly owned and operated by a PRC-based company, which comes with the implicit but very real and crucial caveat of the CCP will tell you to do just quietly things with your company sometimes, and if you don’t do it, you go to jail indefinitely.
But then it just comes off hypocritical and disingenuous if you selectively apply pressure. Then it just looks like you’re trying to give a competitive edge to US evil social media and preventing youth from learning about the situation in Palestine.
Then it just looks like you’re trying to give a competitive edge to US evil social media.
This is not just probable but certain; the whole thing is a very long way of saying this. In a world where the US worked for its citizens, this is a national security no-brainer. But we don’t live in a world where the spirit of things is followed when you can enrich yourself skirting the letter. Shit sucks, but this not a secret conspiracy; it’s realpolitik.
and preventing youth from learning about the situation in Palestine.
This one is more subjective…and also still probable for the same fucking reasons and good luck sharing the fact that you can act in a so called ‘security’ driven purpose and this is the perfect time to do sneaky shit. As if all of History wasn’t rife with examples with the Patriot Act being the first USA centric coming to mind amongst fuck what, hundreds?
That is also realpolitik, and all the players know it. Shit sucks.
It is absolutely giving an edge to “evil” (morality doesn’t matter in politics, especially international politics, and TikTok isn’t good anyway) US social media. China literally blocks all western social media. Everyone plays this game, and TikTok shouldn’t be on a pedestal just because you like using it.
preventing youth from learning about the situation in Palestine
OK, I really don’t think this has anything to do with it. There are many more places people’s are discussing this, like Lemmy for instance, that aren’t targeted. I’m sure you can find the same conversations happening on Reddit, Facebook, or whatever other social media. TikTok, though increasingly used for news, is not the only source of news about Palestine, nor is it the best. Short format content will never be good for detailed discussion of news and anyone thinking they’re getting thorough news in that format should reconsider.
They should break meta up
deleted by creator
While I agree Facebook is also bad, the Tiktok thing is entirely different, because the legal issue is sending Amarican citizens data out to China, which the users agreed to give to Tiktok, but the government doesn’t want to be sent to China. The Facebook crime is secretly snooping without proper user consent.
Except TikTok is using oracle database in America
The point isn’t what they initially store it on. The point is workers in China can access the data and download it or do whatever they want. See here, for example: https://apnews.com/article/tiktok-ftc-investigation-china-data-e91e02db5c4f3f7d5836ecafedbf4714
Let that parasite rot in prison.
And can somebody split Meta already? Please and thank you.
Why split Meta? The poor mom and pop shop only makes 350 million in revenue… Every day…
Yeah, he wont
I was thinking of buying a Meta Quest 3, because of a lack of similar devices. I wasn’t really seriously considering it, but I sure as hell am not at all now.
I’ve got one. All I’ll say is don’t buy a VR headset anytime soon.
Shocked, I tell you
What a fucking piece of shit.
I’m sure corporations like this would give you free Internet if they could collect and sell all your data. I’m also sure people would still do it, regardless of how much they are being monetized as a product.
Since companies like Facebook own legislators, our only real choice is to stop using it. Unpopular opinion, but If you really want fuck Zuck, delete your account, and get all your friends and family to as well. Maybe there’s some alternatives for the people who truly use the service to connect with friends/family?
corporations like this would give you free Internet if they could collect and sell all your data
Facebook Zero is more or less what you described.
shitbook does that in the Philippines
I’m sure corporations like this would give you free Internet if they could collect and sell all your data.
Already a thing. I see them advertised everywhere for prepaid plans and people go ‘omg Facebook/Whatsapp/Instagram/TikTok for free!!1!’.
I dunno, seem like the goal is to get you to buy a subscription to collect your data hostage in their cloud.
And somehow for enough gullible customers its actually working.
Delete this shit from your phones asap
Zuck Fuckerberg
Can’t delete something that was never there in the first place
Yeah, they’re making it a system app now. Can’t be installed without
adb, and most people don’t know how.
I must be way out of the loop, cuz I had no idea this was possible. So does this mean the Facebook app on my phone has permission to view all of my network traffic? Why do Android and iOS allow this? Shouldn’t that be a special permission that can only be granted explicitly?
Nope, because Facebook app is not a VPN service so it cannot intercept traffic.
What it is unclear from the article is how they circumvented the certificate check on the app side. Probably (given this was many years ago, maybe these apps weren’t setupping certificate pinning/HPKP)
In theory, yes. In practice of they found some sort of exploit that allowed this I’d 100% not be surprised if Meta took advantage of it. Facebook app is malware
Every 60 seconds in Africa, a minute passes.
The world would be a better place if Mark Zuckerberg accidentally got sucked into a jetski engine somehow
Certainly they weren’t planning on actually planning on finding a way to get people to install a VPN to decrypt their traffic just to use Facebook, right?
That’s why they paid teenagers to use the VPN so they could get some “guerrilla market research”.
Even in 2013 apps didn’t have the permission access to install a device level VPN without some unspecified exploit. 0 chance Facebook would literally hack people’s phones, right?
Lock that turd up already
Wait, how does a VPN break TLS encryption?
it doesn’t, what this is suggesting is the vpn was routing traffic through it so they could analyze snapchat traffic. not the contents of it but essentially meta analysis of the traffic. how often it was sending data, how much data, where it was going etc.
this is the answer
This is the best summary I could come up with:
In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers.
On Tuesday, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.
“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit.
When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.
This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet.
“We now have the capability to measure detailed in-app activity” from “parsing snapchat [sic] analytics collected from incentivized participants in Onavo’s research program,” read another email.
The original article contains 671 words, the summary contains 175 words. Saved 74%. I’m a bot and I’m open source!
