154
submitted 7 months ago by sabreW4K3@lazysoci.al to c/fediverse@lemmy.ml
top 14 comments
sorted by: hot top controversial new old
[-] admin@lemmy.my-box.dev 39 points 7 months ago

What the title and bot don't mention: They did so by installing spyware on phones of users of a vpn they acquired:

After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”

What's more:

Later, according to the court documents, Facebook expanded the program to Amazon and YouTube.

Obligatory this is why you shouldn't use a free/cheap vpn.

[-] Danterious@lemmy.dbzer0.com 5 points 7 months ago

Can’t all vpns do this though?

[-] admin@lemmy.my-box.dev 4 points 7 months ago

Yups. You're usually better off running one yourself.

[-] Synnr@sopuli.xyz 6 points 7 months ago

This only works if you don't want the privacy enhancing aspect of advertisers not tying your activity to an IP address.

Beyond more safely using open Wi-Fi or bypassing a censoring ISP, there isn't much reason there.

[-] admin@lemmy.my-box.dev 4 points 7 months ago

That's debatable. In my estimation, by using a "service vpn" you're giving advertisers some other kind of demographic information, namely that you're the kind of person that pays for a vpn.

[-] Synnr@sopuli.xyz 3 points 7 months ago* (last edited 7 months ago)

Is that better or worse than giving advertisers the data point that you're high-tech knowledgable and browse personal accounts from a server in a datacenter?

[-] admin@lemmy.my-box.dev 2 points 7 months ago* (last edited 7 months ago)

Yeah, that's why I think it's debatable. It's a lot easier to make those decisions on traffic coming from a known vpn ip, versus all vps providers in the world - many of which have corporate uses.

On the other hand - if you're smart enough to set up a vpn, you'll also be smart enough to set up ad blocking, so the point is kinda moot anyway. Plus you'll be a lot less likely to have your traffic logged opposed to a service vpn.

[-] Synnr@sopuli.xyz 1 points 7 months ago

That's true. I'd only use a VPN service that's been audited (either by a security company or, preferably, law enforcement) not to keep logs. There are only a small handful of those however. It really all depends on your needs. There are far more VPN services that do log and sell the data, and/or turn your host device into a proxy for other users/services.

[-] jmcs@discuss.tchncs.de 20 points 7 months ago

How the fuck is no one in jail over this?

[-] jherazob@beehaw.org 6 points 7 months ago

Because money

[-] admin@lemmy.my-box.dev 4 points 7 months ago

My guess is they put it in the terms and conditions of the vpn.

[-] ULS@lemmy.ml 15 points 7 months ago* (last edited 7 months ago)

People don't mind that mainstream society is built by abusing them. It's not for us, it's for them. This isn't freedom?

[-] 7eter@feddit.de 6 points 7 months ago

How does that work?

Snapchat uses TLS - right?! Did Onavo install a CA? Can every VPN-App do so? Did Snapchat not use certificate pinning?

[-] autotldr@lemmings.world 6 points 7 months ago

This is the best summary I could come up with:


In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers.

On Tuesday, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit.

When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.

This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet.

“We now have the capability to measure detailed in-app activity” from “parsing snapchat [sic] analytics collected from incentivized participants in Onavo’s research program,” read another email.


The original article contains 671 words, the summary contains 175 words. Saved 74%. I'm a bot and I'm open source!

this post was submitted on 27 Mar 2024
154 points (95.8% liked)

Fediverse

17729 readers
137 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS