- Unsealed court documents have revealed that Facebook had a secretive “Project Ghostbusters” that spied on its users’ Snapchat traffic
- Recovered emails suggest that the spying started in 2016 after Facebook recognized the growth potential of Snapchat
- Later, they also spied on Amazon and YouTube
Facebook is in trouble for snooping on users’ Snapchat traffic. On Tuesday, a federal court in California released new documents along with some internal emails from the company that exposed ‘Project Ghostbusters’ – Facebook’s best-kept secret…until now.
These court documents were revealed as a part of a class action lawsuit filed against Meta by Sarah Grabert and Maximilian Klein. The duo accused Facebook of anticompetitive behavior and misusing user data collected through deceptive means. The lawsuit was filed in 2020.
What is Project Ghostbusters: A Brief Timeline
This data was then used to understand customer behavior and see how these users interact with Snapchat to gain a competitive advantage over it.
The snooping began sometime after June 2016. The biggest evidence of this is an email dated June 9, 2016, where Mark Zuckerberg asked his team to get data on Snapchat’s analytics.
Zuckerberg said in the email that since Snapchat’s traffic was encrypted, they have never had any information about their user base. However, considering its growing popularity, it was time to find a workaround.
That’s when the engineers at Facebook came up with the idea to use Onavo, a VPN-like service that the company had acquired in 2013.
Just a month after ‘Project Ghostbusters’ began, the Onavo team created a ‘kit’ that could be installed in Androids and iOS devices to intercept the traffic of certain subdomains.
This kit worked a lot like how ‘man-in-the-middle’ attacks function. In a man-in-the-middle attack, the hacker intercepts the traffic when it’s flowing from one server to another and then is able to access all the data therein.
The only difference is that a ‘man-in-the-middle’ attack targets unencrypted traffic whereas Onavo’s technique targeted the traffic before it was encrypted and sent over the internet.
However, Onavo was shut down in 2019 after an investigation revealed that Facebook was paying teenagers to use the app just so they could track web activities. However, the damage has already been done by then.
How Did Facebook Employees React to the Project?
However, not everyone within Facebook was in favor of this move. For example, Jay Parikh (then-head of infrastructure engineering at Facebook) and Pedro Canahuati (then-head of security engineering at Facebook) were both against the project.
This is evident by the fact that one of the recovered emails from Canahuati showed he clearly expressed his concerns to the company.
Amazon has refused to comment on the matter whereas Meta, Google, and Snapchat are yet to respond.
Meta Just Doesn’t Care About User Privacy
What’s also interesting (and particularly worrisome) is that this isn’t Meta’s first case regarding its questionable privacy practices and actions. Earlier this month, it was accused of running a massive data processing business.
And in addition to being unbothered about account hijackings on Facebook and Instagram, both Meta’s new AI glasses as well as its Twitter rival Threads ignited privacy concerns not that long ago.
