Facebook Spied on Snapchat Users Just To Collect Competitive Analytics. -

Post Views: 518

Facebook Spied on Snapchat Users Just To Collect Competitive Analytics.

The social media giant Facebook has taken into practice some unfair means to gather the Competitive Analytics of Snapchat users.

In addition to engaging in anti-competitive conduct or unfair practices and exploiting user data through fraudulent techniques, the social media giant Facebook monitored the network traffic of Snapchat users. A court document that was submitted on March 23, 2024, states that this is the case.

The paper makes reference to the initiative that Facebook referred to as the In-App Action Panel (IAAP), which was operational from June 2016 to around May 2019. An adversary-in-the-middle technique was utilized by the IAAP program in order to intercept and decrypt SSL-protected analytics traffic from Snapchat, as well as subsequent analysis traffic from YouTube and Amazon.

This was done in order to supply Facebook with information that would assist it in making competitive decisions. SSL stands for Secure Sockets Layer, which is a standard security technique that allows for the establishment of an encrypted connection between a client and a server.

Mark Zuckerberg, the CEO of Facebook, voiced his dissatisfaction with the lack of metrics made available by Snapchat, a competitor, on June 9, 2016.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them. . . .

Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”

Consequently, the corporation employed Onavo in order to initiate Project Ghostbusters as a component of the IAAP initiative. In 2013, Facebook purchased Onavo, a research tool that was similar to a virtual private network (VPN). Following the findings of an investigation conducted by TechCrunch, Facebook terminated Onavo in 2019. The investigation found that Facebook had been covertly bribing teens to use Onavo in order to gain access to all of their interactions on the internet.

In order to accomplish its goals, the Project Ghostbusters method utilized a technology known as a server-side SSL bump, which was carried out on Facebook’s Onavo servers. SSL bumping, which is also referred to as SSL interception, is the process of intercepting and decrypting SSL/TLS traffic, examining it for harmful content or policy violations, and then re-encrypting it and sending it to the destination that was meant for it.

Facebook provided users with an incentive to install “kits” on their Android and iOS devices. These “kits” impersonated legitimate servers and encrypted communications that Facebook had no legal authority to access. This allowed Facebook to acquire access to the data that was about their competition.

Through the use of these kits, Facebook was able to intercept traffic for particular sub-domains. This enabled the company to read traffic that would have been encrypted otherwise and to measure the amount of time users spent within their competitors’ applications. However, the operators were able to view and analyze the communication before it was encrypted, despite the fact that the users had no idea what the kits actually did.

Advertisers who are suing Meta assert, as stated in the court records, that Facebook later expanded the scheme to include Amazon and YouTube. This behavior is “potentially criminal” and most likely constitutes a breach of laws pertaining to eavesdropping.

Due to the fact that the Wiretap Act bans intentionally intercepting electronic communications with no relevant exception and the use of such intercepted communications, it is highly likely that Facebook’s covert operation broke this law.

On the basis of how this goes ahead, we will keep you updated.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.

READ MORE ARTICLE HERE