In 2016, Facebook initiated a secret initiative to intercept and decrypt network traffic between Snapchat users and the company's servers. According to recently revealed court filings, the purpose was to better analyse user behaviour and help Facebook compete with Snapchat. Facebook dubbed it "Project Ghostbusters," an apparent homage to Snapchat's ghost-like emblem.
On Tuesday of this week, a federal court in California disclosed fresh documents acquired during the class action case between consumers and Meta, Facebook's parent company.
The newly revealed documents show how Meta attempted to gain a competitive advantage over its competitors, namely Snapchat and later Amazon and YouTube, by analysing network traffic to see how its users interacted with Meta's competitors. Given that these apps use encryption, Facebook had to design specific technology to get around it.
Facebook's Project Ghostbusters is described in one of the documents. In the letter, the customers' attorneys stated that the project was a part of the company's In-App Action Panel (IAPP) programme, which employed a method for "intercepting and decrypting" encrypted app traffic from users of Snapchat, and later from users of YouTube and Amazon.
The document includes internal Facebook emails about the project.
“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”
Facebook developers' idea was to employ Onavo, a VPN-like service that the company acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that the business had been secretly paying teens to use Onavo so that it could monitor all of their web activity.
Following Zuckerberg's email, the Onavo team took on the project and proposed a solution a month later: so-called kits that can be installed on iOS and Android to intercept traffic for specific subdomains, "allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage," reads a July 2016 email. "This is a 'man-in-the-middle' approach.”
A man-in-the-middle attack, also known as adversary-in-the-middle, is one in which hackers intercept internet communication passing from one device to another over a network. When network communication is not encrypted, hackers can read data such as usernames, passwords, and other in-app activity.
Given that Snapchat's traffic between the app and its servers is encrypted, this network research technique is ineffective. This is why Facebook developers advocated adopting Onavo, which, when engaged, scans all of the device's network data before it is encrypted and transferred over the internet.
Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook in 2020, alleging that the company misled about its data collecting activities and used the data it "deceptively extracted" from users to find competitors and then unfairly compete with the new firms.
