"Documents and testimony show that this “man-in-the-middle” approach – which relied on a technology known as a server-side SSL bump performed on Facebook's Onavo servers – was in fact implemented, at scale, between June 2016 and early 2019,” plaintiffs claim.
The spyware capable of acquiring, decrypting, and transferring the data was allegedly deployed against YouTube in 2017-2018 and against Amazon in 2018.
The code included a client-side “kit” that installed a root certificate on Snapchat users' mobile devices. Server-side code allegedly used Facebook's servers to create fake digital certificates to impersonate the apps' trusted analytics servers in order to redirect and decrypt the analytics traffic for Facebook's own analysis.
Facebook's secret program likely violated the Wiretap Act, which prohibits intentionally intercepting electronic communications and using such intercepted communications.
TL;DR apps using facebook/meta api (and some VPN they have bought up) to collect data from millions of users and spy on competition. Naturally, a minuscule fine was applied, a slap on the wrist would have been excessive, judges say.
Jump in the discussion.
No email address required.
Jfc they literally used a man-in-the-middle attack on users phones? That's insane.
!codecels
Follower of Christ Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
hundreds of billions of dollars allow people to do some pretty wacky things!
Jump in the discussion.
No email address required.
Follower of Christ Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Facebook cannot be removed from phones for totally innocent reasons I'm sure
Jump in the discussion.
No email address required.
Sammy moment
Follower of Christ Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
So did this only work when navigating to sites from facebook? I dont see how their bogus root certificate would allow them to intercept traffic for https://xyz.youtube.com unless they also overrode dns
Jump in the discussion.
No email address required.
It looks like it was via that VPN app they were paying teens to use:
https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/
https://news.ycombinator.com/item?id=39832952
VPN lets you control TLS certs (and DNS but that seems orthogonal)
Follower of Christ Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
All of the r-slurs using VPNs for privacy are getting spied on.
Jump in the discussion.
No email address required.
Yeah the only one I recommend is Mulvad. Expensive but they know what they're doing.
Follower of Christ Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
They're probably spying on you too.
Jump in the discussion.
No email address required.
In good faith
Jump in the discussion.
No email address required.
More options
Context
I don't use a vpn, I also CC [email protected] on all my emails
Follower of Christ Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
At least bcc them so the recipient doesn't know.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
I like airvpn
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Jump in the discussion.
No email address required.
Hacker News moment
Follower of Christ Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Wtf lmao, did they want to analyze favorite porn sites?
Jump in the discussion.
No email address required.
Snapchat first then YouTube and Amazon later.
They totally could've though. Installing a root cert like that means they can see everything.
Follower of Christ Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
Thats kinda hot
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Oh ok, not even impressive then. VPN is like choosing a man to be in your middle
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
I mean their ad targeting has always been very very suspiciously effective
Jump in the discussion.
No email address required.
We don't actively listen to your convo bro trust us
Here's an add to our vpn if you feel insecure
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
I feel like the only person on the planet with no social media apps on my phone.
Krayon sexually assaulted his sister.
Jump in the discussion.
No email address required.
Unless u got a pinephone or smth facebook is still there
Jump in the discussion.
No email address required.
I have an iPhone, poor
Jump in the discussion.
No email address required.
I didn't want read receipts on my texts anyway
Jump in the discussion.
No email address required.
You only leave read receipts on for people you want to ignore and want them to know.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
I have a pixel, no Facebook app installed. Is it some sdk that comes with any version of Android or something?
Jump in the discussion.
No email address required.
Idk about all androids but it's integral to samsung
I feel my old LG didnt have it and neither did my korean smartphone
Jump in the discussion.
No email address required.
Where do you think Samsung and LG are from?
Jump in the discussion.
No email address required.
The phone kiosk at the mall
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Isn't it just default if you get it as part of a contract?
Like carriers reduce costs by letting companies pay them for a default slot
A stock unlocked phone usually doesn't have it iirc
Jump in the discussion.
No email address required.
I've only ever gotten unlocked poorphones and it only ever can be disabled. If you factory reset it then it's back on the homescreen
Jump in the discussion.
No email address required.
Poorphones are probably the same, suppress the price through brand deals
It's like how you can get 50$ off a kindle or Motorola phone if you're willing to let them put amazon ads on the lock screen
Jump in the discussion.
No email address required.
More options
Context
uninstall via adbtools
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
It is?
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
The closest I have is Teams because work and then the groomercord I use with IRL friends
Jump in the discussion.
No email address required.
I despise Teams. I prefer Zoom but somehow Teams took over corporate and some of my clients are all about their Teams. Haven't installed it on my phone though.
Krayon sexually assaulted his sister.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
But tiktok is getting banned
Jump in the discussion.
No email address required.
It's ok you see Facebook spied to gain unfair advantage/destroy competition, not for the chinese goverment (which is actually kinda based TBQH)
Jump in the discussion.
No email address required.
I haven't followed this at all and I've never used TikTok. Is there actual evidence that they give data to the CCP or is it just theoretical?
Either way, banning it is based because it makes people mad.
Jump in the discussion.
No email address required.
They have to, they're a Chinese company.
Jump in the discussion.
No email address required.
More options
Context
It's a Chinese company, why do you think they have an option?
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
It's not getting banned. They just have to have US operations run by an American company. The 'ban' is tiktok propaganda
Jump in the discussion.
No email address required.
herro we ar american comparrry
We here to be suhe oul grorious reader Bing Bong Ching Chong doesn't spy on Amerrrican citizen yes
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Tiktok is Chinese government spying, not American government.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
I am pretty sure installing gentoo will fix this
Snapshots:
https://cybernews.com/news/facebook-spying-snapchat-youtube-amazon-installing-kits/:
ghostarchive.org
archive.org
archive.ph (click to archive)
Jump in the discussion.
No email address required.
No it will naaawt
Jump in the discussion.
No email address required.
More options
Context
More options
Context
This was theft, plain and simple. They should've paid Alpabet for the analytics data, people should go to jail over this
Jump in the discussion.
No email address required.
More options
Context
It's so great that I have to look over my shoulder when I praise Nasim.
Jump in the discussion.
No email address required.
More options
Context
Facebook and Apple are two of the scummiest, grimiest companies around. The inevitable revelations in a few decades about how truly corrupt and evil they are will be heartening.
Jump in the discussion.
No email address required.
More options
Context
Again?
Jump in the discussion.
No email address required.
More options
Context
BASED
Jump in the discussion.
No email address required.
More options
Context
This reminds me, did anyone ever figure out how they broke Apple's do not track sandboxing and shit?
Jump in the discussion.
No email address required.
More options
Context