A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.
It’s a proprietary platform … what do people expect?
It’s visiting someone’s business and you are in their property and you are watching TV on their TV set. You are reading newspapers and books that are on their property. And everyone acts surprised when the property owner keeps track of what you watched and what you read on their property.
You have no rights to do anything on their property … other than the rights they give you, which they can also take away, or just kick you out.
This was one company spying on the users of its competitor via unofficial means. Even in the furthest stretch of the corporate boot licking bullshit that “you signed up for the app so you deserve to be spied on” exists in, I don’t see how this scenario is covered.
This is just typical Lemmy. User doesn’t read the article but has very strong opinions based on what they imagine it to be about. Comment gets upvoted by a bunch of other users who also didn’t read the article but imagine they know what happened too. Rinse and repeat.
It’s a proprietary platform … what do people expect?
It’s visiting someone’s business and you are in their property and you are watching TV on their TV set. You are reading newspapers and books that are on their property. And everyone acts surprised when the property owner keeps track of what you watched and what you read on their property.
You have no rights to do anything on their property … other than the rights they give you, which they can also take away, or just kick you out.
Are you under the impression that Facebook owns Snapchat? Because they don’t. Nothing about this little “blame people for using proprietary services” rant is actually relevant to what happened. At all.
You should read the article because you clearly didn’t. Hell, all you’d have to do is read the first paragraph to understand they were spying on the users of a competitor.
Are you under the impression that Facebook owns Snapchat? Because they don’t. Nothing about this little “blame people for using proprietary services” rant is actually relevant to what happened. At all.
You should read the article because you clearly didn’t. Hell, all you’d have to do is read the first paragraph to understand they were spying on the users of a competitor.
The spying was done by a proprietary service (Facebook’s VPN). Blaming the users for anything on that scale is dumb and futile, but it still reinforces the idea of avoiding proprietary services as much as possible, especially anything on the client side.
The article didn’t explain how the attack worked though. Did the Snapchat client not use anything like TLS to connect to the Snapchat server? Did the Facebook VPN somehow still intercept it, e.g. with a certificate that Snapchat trusted but that Facebook used for spying? Die that cert also work in browsers and did it somehow pass a third party audit, that at least Mozilla requires? I do know Mozilla looks very askance at such things, and they booted out at least one cert vendor over something like that a few years ago.
If Snapchat used some kind of device-wide TLS stack that Facebook managed to subvert, that should be treated as an OS vulnerability (assuming we’re talking about mobile devices). There’s a bunch of stuff that apps simply cannot do unless the user first goes through some complex procedure to root the phone. Messing with the TLS stack should be one of them.
What I really dislike in this way of thinking is that when Facebook is doing it, the reaction is what do you expect and when TikTok are doing it, people are outraged and call for banning the whole platform.
I think you are thinking of Instagram. Facebook doesn’t own Snapchat.
Oh it’s Onavo. Onavo was the “Facebook VPN” software they shuttered in 2019. So it had access to network traffic on-device before it was sent out.
Seems like it was more than a VPN, and put its claws deep into the network stack if it was reading packet buffers before they were encrypted. Not good; I’m sure that users were not made aware of this but in light of this possibility, your point stands.
It’s a proprietary platform … what do people expect?
It’s visiting someone’s business and you are in their property and you are watching TV on their TV set. You are reading newspapers and books that are on their property. And everyone acts surprised when the property owner keeps track of what you watched and what you read on their property.
You have no rights to do anything on their property … other than the rights they give you, which they can also take away, or just kick you out.
…what?
This was one company spying on the users of its competitor via unofficial means. Even in the furthest stretch of the corporate boot licking bullshit that “you signed up for the app so you deserve to be spied on” exists in, I don’t see how this scenario is covered.
This is just typical Lemmy. User doesn’t read the article but has very strong opinions based on what they imagine it to be about. Comment gets upvoted by a bunch of other users who also didn’t read the article but imagine they know what happened too. Rinse and repeat.
Are you under the impression that Facebook owns Snapchat? Because they don’t. Nothing about this little “blame people for using proprietary services” rant is actually relevant to what happened. At all.
You should read the article because you clearly didn’t. Hell, all you’d have to do is read the first paragraph to understand they were spying on the users of a competitor.
The spying was done by a proprietary service (Facebook’s VPN). Blaming the users for anything on that scale is dumb and futile, but it still reinforces the idea of avoiding proprietary services as much as possible, especially anything on the client side.
The article didn’t explain how the attack worked though. Did the Snapchat client not use anything like TLS to connect to the Snapchat server? Did the Facebook VPN somehow still intercept it, e.g. with a certificate that Snapchat trusted but that Facebook used for spying? Die that cert also work in browsers and did it somehow pass a third party audit, that at least Mozilla requires? I do know Mozilla looks very askance at such things, and they booted out at least one cert vendor over something like that a few years ago.
If Snapchat used some kind of device-wide TLS stack that Facebook managed to subvert, that should be treated as an OS vulnerability (assuming we’re talking about mobile devices). There’s a bunch of stuff that apps simply cannot do unless the user first goes through some complex procedure to root the phone. Messing with the TLS stack should be one of them.
What I really dislike in this way of thinking is that when Facebook is doing it, the reaction is what do you expect and when TikTok are doing it, people are outraged and call for banning the whole platform.
So why the double standards?
removed by mod
“Foreign oligarchs are taking over!” - domestic oligarchs probably
I think you are thinking of Instagram. Facebook doesn’t own Snapchat.Oh it’s Onavo. Onavo was the “Facebook VPN” software they shuttered in 2019. So it had access to network traffic on-device before it was sent out.
Seems like it was more than a VPN, and put its claws deep into the network stack if it was reading packet buffers before they were encrypted. Not good; I’m sure that users were not made aware of this but in light of this possibility, your point stands.
I like your analogy but from my perspective it isn’t fitting.
It would be more like the postal service opening your letters.