article link
Facebook may have exploited user devices to spy on competitors, documents show
More at the linkIn 2016, Facebook launched a secret project to acquire, decrypt, transfer, and use private, encrypted in-app analytics from Snapchat, YouTube, and Amazon, according to a new set of unsealed court documents. The Mark Zuckerberg-owned tech empire discussed paying teenagers to install “kits” on their devices, according to plaintiffs.
Facebook was caught using a cyberattack method, “SSL man-in-the-middle,” to intercept and decrypt Snapchat, YouTube, and Amazon encrypted analytics traffic.
Codenamed “Ghostbusters,” the project aimed at intercepting rivals’ encrypted app traffic for analytics despite some internal dissent. This practice is likely in violation of wiretapping laws and “potentially criminal,” advertisers suing Meta claim.
Facebook developed custom technology, so-called “kits,” on both Android and iOS devices that impersonated official servers and decrypted traffic Facebook wasn't authorized to access. The data allowed Facebook to plan competitive moves against Snapchat and other companies.
“We developed “kits” that can be installed on iOS and Android that intercept traffic for specific sub-domains, allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage (i.e., specific actions that people are performing in the app, rather than just overall app visitation). This is a “man-in-the-middle” approach,” the internal email made public in the court document reads.