Meta tried to gain a competitive advantage over its competitors, including Snapchat and later Amazon and YouTube, by analyzing the network traffic of how its users were interacting with Meta’s competitors. Given these apps’ use of encryption, Facebook needed to develop special technology to get around it.

Facebook’s engineers solution was to use Onavo, a VPN-like service that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”

A man-in-the-middle attack — nowadays also called adversary-in-the-middle — is an attack where hackers intercept internet traffic flowing from one device to another over a network. When the network traffic is unencrypted, this type of attack allows the hackers to read the data inside, such as usernames, passwords, and other in-app activity.

  • RedFox@infosec.pub
    link
    fedilink
    English
    arrow-up
    22
    ·
    7 months ago

    I’m sure corporations like this would give you free Internet if they could collect and sell all your data. I’m also sure people would still do it, regardless of how much they are being monetized as a product.

    Since companies like Facebook own legislators, our only real choice is to stop using it. Unpopular opinion, but If you really want fuck Zuck, delete your account, and get all your friends and family to as well. Maybe there’s some alternatives for the people who truly use the service to connect with friends/family?

    • rtxn@lemmy.world
      link
      fedilink
      English
      arrow-up
      25
      ·
      7 months ago

      corporations like this would give you free Internet if they could collect and sell all your data

      Facebook Zero is more or less what you described.

    • Senseless@feddit.de
      link
      fedilink
      English
      arrow-up
      8
      ·
      7 months ago

      The free Internet if you give use your data is already a thing. I saw an ad in germany where you get unlimited free internet access (can’t remember if it was a data plan for phones or cable / fibre service) if you use their “payment partner” for your usual payments like rent, loans and salary. So they basically can see your daily payments and will use and sell this data im exchange for “free” Internet access.

      The company and its investors and corporation lead to a weird network of people and a corp in dubai. It’s all quite shady really.

      • RedFox@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        7 months ago

        Wow, that is weird. I honestly just made that up in my head when I wrote it.

        The saying is true, if it’s free, you’re the product.

        I don’t actually know why I care about that level of privacy. Some of us are quite fine with companies or their government having any information about them. Some are very opposed.

        Maybe I dislike the idea that information could be used against me somehow or they’re making even more money than I’m already paying in some hypothetical case. Not sure.

        • Senseless@feddit.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          7 months ago

          I work in IT so you might think I might be more into the topic and thus more careful with my data. There are a lot of colleagues of mine that don’t care one bit. Some even jokingly call me paranoid.

          Sure, I use GrapheneOS, a de-googled Android OS, made the switch from Gmail to Tuta (formerly tutanota), a privacy ans security focused mail provider and use my own domain for mailing.

          Then there are some other measurements in place like AdGuard and Pihole to block ads and trackers. I think that’s the bare minimum, especially if you’re working in IT. It doesn’t cost much, the setup is straight forward and the benefits are huge. I haven’t had any ads in my network for years.

          I’m currently switching from windows to Linux as daily driver. There are some issues with getting some games to run, but as soon as they do I’m switching for good.

          There are some easy thing one can do, even without any expertise in IT. There are even things you can do that aren’t finicky (like linux troubleshooting). People are just way to comfortable.

          Maybe they should watch the documentary about Edward Snowden, Citizenfour. That might change their mind.

          • RedFox@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            I watched that. Didn’t surprise me one bit.

            The overreaching government apparatus doesn’t inherently bother me, but we’re really placing a lot of power and trust in those people, and that does concern me.

    • neutron@thelemmy.club
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 months ago

      I’m sure corporations like this would give you free Internet if they could collect and sell all your data.

      Already a thing. I see them advertised everywhere for prepaid plans and people go ‘omg Facebook/Whatsapp/Instagram/TikTok for free!!1!’.

    • webghost0101@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      I dunno, seem like the goal is to get you to buy a subscription to collect your data hostage in their cloud.

      And somehow for enough gullible customers its actually working.