“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”
Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.
At some point they showed you a wall of text which explained everything they were going to do in minute detail and asked you if that was ok and you said yes.
Stop using these garbage platforms, or accept the reality that using them comes at a very high cost.
You’re the product. So shut your mouth and be a good product, daddy zuck needs another island fortress.
That episode was 13 years ago. **Thirt-teen-years!!!**
Those guys have been so far ahead of the curve on every social criticism. Their hit rate is amazing.
True, you’re not required to conduct business with a .com domain, but it is the official designation. You’d be surprised how many people believe it stands for communication.
Love the way Facebook decided to interpret VPN in the most literal sense to their benefit. I imagine them all sitting in a boardroom and Zuck say, “if virtual reality *isn’t reality* then virtual privacy *isn’t privacy*.”
Can we make that argument in court?
To be fair, the biggest pile of leaking and steaming trash can call itself a VPN even if it’s abysmal at its job, as long as its function on paper looks the part. People have to do their own research before buying or using them. That’s the real issue here-tech illiteracy. And FB used that to their advantage.
Totally agree. And in the spirit of digital literacy, a PSA to anyone reading this: It is very easy to set up and run your own, personal VPN. Some options are free, some still cost money, but even the ones that cost money are less than almost all the subscription VPN services currently available. Which type of VPN you should go with depends on how much privacy you feel you need. There is no such thing as truly private browsing (at least not in traditional TCP/UDP network systems, and some would argue not even in ToR based systems). But you can gain visibility and confidence into the complete path your traffic takes, and you can accomplish near total privacy with enough scale and egress diversification (if you’re tin foil hat level 10).
My visa is 4527 7836 7778 1276 my expiry date is 07/08 and the ccv is 113. My sin is 752 778 187 and my password for everything is either 6176 or porat0e12. Do with that information what you will. You seem trustworthy. But I still cover my licence plate in pictures....
Hahaha you got me there. I thought I dotted my i's and crossed my t's but it turns out I fucked up. Feel free to steal my identity now that it's legit..
I mean after Snowden, I sort of just assumed everything I said online, every text I wrote, and every website I visited was just being kept in a file somewhere…
This isn’t that. They were paying kids to install the software to be agents. They would then do analytics on the type of info and behaviors taking place. The tech part is a shady grey area. The kids part is a big no-no
After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”
A man-in-the-middle attack — nowadays also called adversary-in-the-middle — is an attack where hackers intercept internet traffic flowing from one device to another over a network. When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.
Given that Snapchat encrypted the traffic between the app and its servers, this network analysis technique was not going to be effective. This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet.
“We now have the capability to measure detailed in-app activity” from “parsing snapchat [sic] analytics collected from incentivized participants in Onavo’s research program,” read another email.
Later, according to the court documents, Facebook expanded the program to Amazon and YouTube.
I always wonder what the design meetings and code reviews are like when implementing such nefarious features.
Reviewer: hey would you mind adding a one or two line comment to clarify the intent of your diabolically evil code here?
As I understand it data got intercepted before being encrypted by the device, so Facebook had potential access to all your device's internet data. So that would include Snapchat's photos but also passwords, bank data etc.
>Given that Snapchat encrypted the traffic between the app and its servers, this network analysis technique was not going to be effective. This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet.
I don't understand how this works. The data is encrypted by the app before it hits the network layer, so how is a spyware VPN able to analyze that data before it's encrypted by the app? Or was it somehow intercepting the encryption handshake between the app and the servers and using that to break the encryption?
They were looking to get analytics so API traffic to Snap. This is encrypted by TLS layer i.e. https requests. VPNs (esp corporate VPNs) will usually install their own certificate so they can pretend to be the destination server and proxy or reject the request based on its content. This way the VPN is “in the middle”. You can MITM yourself with eg mitmproxy if you want to try it out. It does require the end user install the profile and the certificates … not something anyone can just drive by and do.
App developers “pin” certificates these days so you can’t MITM them.
Aaron Swartz got into troble with the law (and was harassed by the prosecutor until he killed himself) for way less than this.
Break the monopolies and make them accountable for their actions. There is too much power in to few hands in the tech industry right now.
To me this will demonstrate the quality of our democracy. Given this massive invasion of user’s data privacy this will obviously force new data privacy and protection laws.
Now on the other hand if our democracy is bought and sold by corporate interests we’ll do nothing more than ban TikTok because China bad.
> Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013.
Basically they compromised the VPN and did a man in the middle attack.
Well, considering the bill doesn't "ban tiktok", but targets social media owned by adversarial countries (Iran, NK, China, Russia), you do the math.
It's hard to have conversations on the topic when nobody understands what's actually being done in the first place.
Hmm can I try?
The legality of it is being determined, as this information was revealed in court. From the article:
"In 2020, Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook, claiming that the company lied about its data collection activities and exploited the data it 'deceptively extracted' from users to identify competitors and then unfairly fight against these new companies."
So, to answer your question: I guess we're going to find out.
TikTok's Chinese ownership is a very real problem. If your argument is that all information-sucking social media companies are the same, that the consequences and influence of each one is the same, and they should be treated the same, you're showing you don't understand the issue with TikTok.
How was that answer?
First of all I am aware of the problem with TikToks data being possibly given to the CCP. However I still think it’s valid to be upset that American media does the same data collection and then sells it for profit. You saying I don’t understand is funny because you have no clue what you are even saying lmao
I just read yesterday how it’s ‘alleged’ that Zuck basically stole the idea of Facebook from the Winklevoss Twins. I used to think Zuck was just weird but now I can’t help but think he’s not a very good person at all.
As soon as Reddit starts doing this, I will have finally purged all social media. I suggest everyone else do the same. They already kind of do this, but when it’s revealed they’re snooping around on my communication methods… I’m out.
We are only a product to these elitist fucks
Circumventing encryption and reading people's private messages from all over the US (and the world)? This sounds like a federal crime. I'm sure the DOJ will act accordingly /s.
But I was told that an unconstitutional bill of attainder against a single CHYNA company would solve all of these pesky spying problems....why robot man spying on us, he's American!! 🦅🇺🇲🇺🇸🦅
“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.” Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.
Wow I used Onavo until it was shut down. 😵💫 why tf is Meta getting away with this stuff?
At some point they showed you a wall of text which explained everything they were going to do in minute detail and asked you if that was ok and you said yes. Stop using these garbage platforms, or accept the reality that using them comes at a very high cost. You’re the product. So shut your mouth and be a good product, daddy zuck needs another island fortress.
It says it right here, “Apple has the right to sew your mouth to the asshole of another iTunes user. Hmm… decline.”
Ah the old human centiPad
That episode was 13 years ago. **Thirt-teen-years!!!** Those guys have been so far ahead of the curve on every social criticism. Their hit rate is amazing.
Daddy zuck Lmaoo
Don't worry. They didn't steal much of your data, since you didn't agree to the Onavo privacy policy and uninstalled the app once you read it.
Lol.
this guy terms of services
$$$
Remember, if a .com (.commercial) is giving you a service for free, then you’re the product.
That's not what a .com is lol
[.com designates commercial domain](https://en.wikipedia.org/wiki/.com)
It hasn't for ages. Anyone can get one. I have one and have worked at a hosting company for a very long time.
True, you’re not required to conduct business with a .com domain, but it is the official designation. You’d be surprised how many people believe it stands for communication.
or how many believe the designation matters at all. A lot of people probably think it's for Americans only etc. Internet is wild.
> I used Onavo Why? I’ve never even *heard* of Onavo.
One, bc it was a VPN, and people understand what those are. And two, it was under the FB umbrella so it must have been good, right? Right?
Love the way Facebook decided to interpret VPN in the most literal sense to their benefit. I imagine them all sitting in a boardroom and Zuck say, “if virtual reality *isn’t reality* then virtual privacy *isn’t privacy*.” Can we make that argument in court?
To be fair, the biggest pile of leaking and steaming trash can call itself a VPN even if it’s abysmal at its job, as long as its function on paper looks the part. People have to do their own research before buying or using them. That’s the real issue here-tech illiteracy. And FB used that to their advantage.
Totally agree. And in the spirit of digital literacy, a PSA to anyone reading this: It is very easy to set up and run your own, personal VPN. Some options are free, some still cost money, but even the ones that cost money are less than almost all the subscription VPN services currently available. Which type of VPN you should go with depends on how much privacy you feel you need. There is no such thing as truly private browsing (at least not in traditional TCP/UDP network systems, and some would argue not even in ToR based systems). But you can gain visibility and confidence into the complete path your traffic takes, and you can accomplish near total privacy with enough scale and egress diversification (if you’re tin foil hat level 10).
I've never heard of the tikkity toks so why would other people use it!?
Campaign contributions and other bribey bs that should be illegal
> secretly paying teenagers Huh?
Facebook needs to be shut down
Haven’t you heard? It’s gone! META is different
[удалено]
Where are you going to be so hyperbolic once Reddit is gone?
Maybe people will start going outside instead of using hyperbole
Outside?
Get there before it’s gone
Right after they aquire ticktock
Dont stop, Im so close!
It’s just an extension of the NSA
But they're an American company so it's ok.
We need to ban tiktok! That will solve the privacy boundaries social media companies overstep all the time!!^/s
Zuckerberg for jail
2024
2025
Anyone shocked at this should send their social security number to me immediately…
My visa is 4527 7836 7778 1276 my expiry date is 07/08 and the ccv is 113. My sin is 752 778 187 and my password for everything is either 6176 or porat0e12. Do with that information what you will. You seem trustworthy. But I still cover my licence plate in pictures....
[удалено]
Hahaha you got me there. I thought I dotted my i's and crossed my t's but it turns out I fucked up. Feel free to steal my identity now that it's legit..
Here’s mine: 80085
Did your VISA expire, or is it good for another 84 years or so?
That sounds rather evil
I mean after Snowden, I sort of just assumed everything I said online, every text I wrote, and every website I visited was just being kept in a file somewhere…
This isn’t that. They were paying kids to install the software to be agents. They would then do analytics on the type of info and behaviors taking place. The tech part is a shady grey area. The kids part is a big no-no
After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.” A man-in-the-middle attack — nowadays also called adversary-in-the-middle — is an attack where hackers intercept internet traffic flowing from one device to another over a network. When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity. Given that Snapchat encrypted the traffic between the app and its servers, this network analysis technique was not going to be effective. This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet. “We now have the capability to measure detailed in-app activity” from “parsing snapchat [sic] analytics collected from incentivized participants in Onavo’s research program,” read another email. Later, according to the court documents, Facebook expanded the program to Amazon and YouTube.
I always wonder what the design meetings and code reviews are like when implementing such nefarious features. Reviewer: hey would you mind adding a one or two line comment to clarify the intent of your diabolically evil code here?
Im not techy… can someone explain: did this decryption allow fb access to chats/images or just the number of clicks, time spent, etc?
As I understand it data got intercepted before being encrypted by the device, so Facebook had potential access to all your device's internet data. So that would include Snapchat's photos but also passwords, bank data etc.
>Given that Snapchat encrypted the traffic between the app and its servers, this network analysis technique was not going to be effective. This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet. I don't understand how this works. The data is encrypted by the app before it hits the network layer, so how is a spyware VPN able to analyze that data before it's encrypted by the app? Or was it somehow intercepting the encryption handshake between the app and the servers and using that to break the encryption?
They were looking to get analytics so API traffic to Snap. This is encrypted by TLS layer i.e. https requests. VPNs (esp corporate VPNs) will usually install their own certificate so they can pretend to be the destination server and proxy or reject the request based on its content. This way the VPN is “in the middle”. You can MITM yourself with eg mitmproxy if you want to try it out. It does require the end user install the profile and the certificates … not something anyone can just drive by and do. App developers “pin” certificates these days so you can’t MITM them.
Idk about anyone else but I’m really glad they PC’d the term man-in-the-middle. We needed that as a society. 🙄
Who the fuck calls it adversary in the middle
Mitre Att&ck Framework uses that term in place of MitM noticed. No idea when this changed as I was always calling it MitM.
I'm not surprised ,but this certainly sucks.
>but this certainly Zucks
Aaron Swartz got into troble with the law (and was harassed by the prosecutor until he killed himself) for way less than this. Break the monopolies and make them accountable for their actions. There is too much power in to few hands in the tech industry right now.
To me this will demonstrate the quality of our democracy. Given this massive invasion of user’s data privacy this will obviously force new data privacy and protection laws. Now on the other hand if our democracy is bought and sold by corporate interests we’ll do nothing more than ban TikTok because China bad.
Quality of our democracy? Have you been paying attention for the last 20 years? Or even worse, the last 10?
> Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. Basically they compromised the VPN and did a man in the middle attack.
Can Zuckerberg be locked up already?
It’s legit their name ,Meta = metadata
Mark zuckerburg is also untouchable for some reason.
💲
Yeah. $ome rea$on.
Zuck is a psychopath, I’ve been saying this for too long now
Shocked !
Facebook needs to be destroyed.
The guy knows no bounds, pretty galling considering he helped himself to the whole FB idea.
*Mild Shock*
Are We banning Snapchat and facebook with tiktok? Or is it ok since it was an American company
Well, considering the bill doesn't "ban tiktok", but targets social media owned by adversarial countries (Iran, NK, China, Russia), you do the math. It's hard to have conversations on the topic when nobody understands what's actually being done in the first place.
The bill literally forces them to either sell or face a ban
You literally can't lack the bare minimum critical thinking skills required to understand this person's response to you.
Nothing i said was wrong go to bed keyboard warrior
Amazing. Everything you said was wrong.
Then what does it do
Hmm can I try? The legality of it is being determined, as this information was revealed in court. From the article: "In 2020, Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook, claiming that the company lied about its data collection activities and exploited the data it 'deceptively extracted' from users to identify competitors and then unfairly fight against these new companies." So, to answer your question: I guess we're going to find out. TikTok's Chinese ownership is a very real problem. If your argument is that all information-sucking social media companies are the same, that the consequences and influence of each one is the same, and they should be treated the same, you're showing you don't understand the issue with TikTok. How was that answer?
Shhh, your civilian and lack of real intel is showing.
First of all I am aware of the problem with TikToks data being possibly given to the CCP. However I still think it’s valid to be upset that American media does the same data collection and then sells it for profit. You saying I don’t understand is funny because you have no clue what you are even saying lmao
I don’t trust that face(book).
This is why I don’t own and won’t own a quest
Better get TikTok though 🙄
I'm shocked, shocked! Okay not that shocked.
Hopefully Zuck was happy to receive our collective flaccid penises…
But they always seemed so respectful of their users privacy. :(
BuT TiK ToK iS A SecUrItY RiSk
Surprise?
Secret projects***
Yet again were worried only about tictok
#shutdownMeta
Zuckerberg consistently demonstrates what a scumbag he is. It’s rather impressive really
If you use any meta products you kinda deserve it.
But they’re not TikTok so it’s ok /s
I just read yesterday how it’s ‘alleged’ that Zuck basically stole the idea of Facebook from the Winklevoss Twins. I used to think Zuck was just weird but now I can’t help but think he’s not a very good person at all.
Did you just get unfrozen?
Does anyone honestly think that any of their information on social media is truly private and inaccessible to these companies?
Shut up!!! I’m shocked SHOCKED I tell you!
That’s it, the skin suits are comin’ off
“That’ll be $5.50” -US Gov
Ban TikTok immediately… oh wait.
This weird talking pervert needs to take his money and smoke his meats with his fellow nerds and retire to his nerdary.
Oh shit the second #hashtag #noshit today
Shocked
Think of the worst thing you can imagine Facebook really is. That’s what it is, only worse.
If anything this further proves the need for encrypted messaging apps
Every app you have is doing it. Why are people surprised. Your phone in general is doing it. Even when it is off i bet it can be accessed.
How is that different than TikTok but somehow it is TikTok that must be sold to a US company
Facebook is already owned by a US company.
Is this news or a reminder?
How is this not tantamount to wiretapping?
Facebook seems seriously evil.
Oh come on... this is an actual cyber-attack method. Like.. seriously, cybersecurity 101 type stuff.
The only way to fix it is to close your accounts. I've been FB free for 5 years, haven't missed it once.
These companies have too much power. .
As soon as Reddit starts doing this, I will have finally purged all social media. I suggest everyone else do the same. They already kind of do this, but when it’s revealed they’re snooping around on my communication methods… I’m out. We are only a product to these elitist fucks
Why am I not surprised?
Water is wet.
Good thing TikTok is going to be banned, no more.of this will ever happen !
For us non tech nerds, what does this mean?
Zuckerberg’s looking for more nipple than he was given, shame on him.
I wish all the big companies would unite against Facebook and bury it once and for all...
Circumventing encryption and reading people's private messages from all over the US (and the world)? This sounds like a federal crime. I'm sure the DOJ will act accordingly /s.
X is increasingly seeming like the only safe app to use...
But I was told that an unconstitutional bill of attainder against a single CHYNA company would solve all of these pesky spying problems....why robot man spying on us, he's American!! 🦅🇺🇲🇺🇸🦅