A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.
This is the problem with using VPN services in general, you have to have complete trust in the service provider.
@yogthos Is anyone surprised by this anymore? Facebook is evil- full stop. We don't need any more reasons to obstain from using their products but "mArKeTplAcE" and "mY cOuSiNs WoNt SwiTcH."
Maybe the idea is to show the folks who keep complaining about defederating from Threads that they either don't know or have forgotten just exactly what kind of company Meta is.
I feel you. I've spent the last couple years building up self hosted replacements for these enshittified services as they flop. But despite all the work I've put in, I can't even get them to log off facebook to look at what I've got.
There is a lot of confusion amongst plenty people here, in how they are perceiving VPNs.
It is correct that VPNs are not designed for complete anonymity, security or privacy. However, they absolutely are designed for privacy and anonymity against certain actors, ISPs and regular script kiddies being one of them.
It is also correct that VPNs are not easy to trust, but that is the case with most, NOT all VPNs. Mullvad, IVPN are solid paid options, and Windscribe, AirVPN, ProtonVPN and Cryptostorm are slightly below but good to use as free/paid options. Most other VPNs either have poor technical management, poor uptime or poor track record (affiliate ads, user data leaks) or may be shady.
I agree, it's all about understanding what the actual value these services provide is and what the risks are. There are legitimate use cases, but it's important to be aware that it's not a panacea.
"No security person is ever comfortable with this, no matter what consent we get from the general public. The general public just doesn’t know how this stuff works"
Apparently there was some debate among the Facebook leadership about whether getting clueless people to sign a consent form was good enough for them.
There is no way to know whom the trustworthy VPN provider shares data with. That's just the reality. And sure you're back to square one if you don't use a VPN, but the point here is that people think that using a VPN is much safer than it actually is. Furthermore, another option is always to just run your own VPN that you can host in whatever jurisdiction you want.
If Mullvad got raided by the Swedish police and was not able to provide them with a single bit of data, then I think it is very safe to assume they are not providing the data to ANYONE
In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers.
On Tuesday, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.
“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit.
When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.
This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet.
“We now have the capability to measure detailed in-app activity” from “parsing snapchat [sic] analytics collected from incentivized participants in Onavo’s research program,” read another email.
The original article contains 687 words, the summary contains 175 words. Saved 75%. I'm a bot and I'm open source!
Because "adversary" is clearly gender neutral and "man" is not, so "man" isn't able to continue it's double meaning as being short for "mankind" which itself is short for "humankind," for fears that it's exclusionary.
So (and im asking for technical clarification as a layman) Facebook didn't put this data miner on unknowing user's phones but did pay teenagers to install one (onavo) on their phones that worked to decrypt traffic for everyone those users interacted with... Right?