pull down to refresh

I hadn't heard of this story before. tl;dr is that you really need to think through the apps you use. Wikipedia page on the Onavo has more details.
Facebook once bought a VPN app for $120M and turned it into a surveillance tool that spied on 33M+ users' entire phones for years.
This app helped Zuck buy WhatsApp for a whopping $19B and break Snapchat's encryption.
The name of this Israeli app was Onavo.
It promised to “secure your data” and reduce mobile data usage.
When Facebook bought it in 2013, Zuck said the app would help them connect more people to the internet.
Facebook even promised to keep Onavo running as a standalone brand.
But Onavo operated as a VPN that routed all your phone's internet traffic through Facebook's servers before sending it anywhere else.
Facebook could see:
• Every app you opened • How long you used it • Which websites you visited • And at what time you used each app
But Onavo operated as a VPN that routed all your phone's internet traffic through Facebook's servers before sending it anywhere else.
Facebook could see:
• Every app you opened • How long you used it • Which websites you visited • And at what time you used each app
What did this mean for Facebook?
It meant that Zuck could see exactly which one of Facebook's competitor was growing popular among people.
Look how Facebook was tracking these apps (revealed in the court later):
What did this mean for Facebook?
It meant that Zuck could see exactly which one of Facebook's competitor was growing popular among people.
Look how Facebook was tracking these apps (revealed in the court later):
By 2016, this data revealed Snapchat was exploding in popularity.
But there was one problem: Snapchat's traffic was encrypted, so Facebook couldn't see how people were using it.
In an email, Zuck says: It seems important to figure out a way to get reliable analytics about them
Facebook's started "Project Ghostbusters" - named after Snapchat's ghost logo.
They would use "man-in-the-middle" attacks to break Snapchat's encryption.
Within a month, Facebook's engineers built "kits" that could intercept Snapchat's data before it got encrypted.
Facebook created custom client & server side code based on Onavo’s VPN proxy app.
This code included a client-side “kit” that installed a root certificate on Snapchat users’ mobile devices.
Then Facebook’s servers created fake digital certificates to impersonate Snapchat analytics servers to redirect & decrypt secure traffic from those apps to Facebook.
Seeing Snapchat's success, Zuckerberg offered to buy it for $3 billion.
But when Snap's CEO refused the offer, Facebook launched Snap's most famous feature on Instagram - Stories.
But this wasn't just about Snapchat.
Facebook used Onavo to systematically monitor Houseparty, YouTube, Amazon, and dozens of other apps.
Any rising competitor was identified, analyzed, and neutralized.
Apple forced Onavo off the App Store for violating privacy rules.
So Facebook rebranded it as "Facebook Research" and started paying teens $20/month to install it on their phones.
When Apple found out, they revoked Facebook's certificates, breaking ALL of Facebook's iOS apps.
100 sats \ 1 reply \ @sox 13h
This is absurd, not surprising, just absurd. How did I even miss this back then?
reply
I’m wondering the same thing. I don’t think I’ve heard of this
reply
182 sats \ 2 replies \ @k00b 31 Jul
I just read this too. Absolutely bonkers.
reply
It seems like it was a known thing (at least since March 2024). I'm surprised I had never heard of it before.
reply
152 sats \ 0 replies \ @k00b 1 Aug
Same. I found other tweet threads from a year ago about it. There must've been some other big news story that drowned it out.
reply
0 sats \ 1 reply \ @nolem 15h
Flash shared this on Nostr, did they rip your work or is this a shared article
reply
I found the post on X. Not my work.
reply
0 sats \ 0 replies \ @398ja 23h
I'm so disgusted, and feel vindicated that I've been off of that social network for about a decade now...
reply
0 sats \ 0 replies \ @xz 1 Aug
How is Meta not even not paying out billions for breaches of privacy and antitrust generally?
reply
What an absolute snake of a man! I sometimes hope there is hell.
reply