Newly revealed court documents from a federal case between consumers and Meta, Facebook’s parent company, have brought to light some concerning strategies employed by Facebook in its quest for a competitive edge. These documents unveil a covert operation dubbed “Project Ghostbusters,” initiated by Facebook back in 2016, with the aim of intercepting and decrypting network traffic between users of Snapchat’s app and its servers.
Uncovering Project Ghostbusters
Project Ghostbusters was a secretive component of Facebook’s In-App Action Panel (IAPP) program, conceived to dissect encrypted app traffic from rival platforms such as Snapchat, Amazon, and YouTube. With encrypted traffic presenting a formidable obstacle, Facebook’s engineers were compelled to devise ingenious solutions to bypass encryption barriers and glean crucial insights into user behavior. “Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”
The Directive from Zuckerberg and Onavo’s Involvement
Internal correspondences, including a notable email from Mark Zuckerberg, underscored the pressing need to decipher Snapchat’s encrypted traffic to procure indispensable analytics vital for competitive analysis. This directive spurred Facebook’s engineers to enlist the aid of Onavo, a VPN-like service assimilated into Facebook’s arsenal in 2013, in circumventing encryption hurdles.
Onavo’s Strategy: Decrypting Encrypted Traffic
The Onavo team formulated a plan involving the deployment of kits onto iOS and Android devices, capable of intercepting traffic for specific subdomains. This strategic approach empowered Facebook to scrutinize in-app usage by decrypting what would typically be encrypted traffic. Termed a ‘man-in-the-middle’ approach, this method afforded Facebook comprehensive insights into user engagements with rival apps.
Expanding Horizons to Amazon and YouTube
Originally fixated on decrypting Snapchat’s traffic, Facebook later broadened the scope of Project Ghostbusters to encompass Amazon and YouTube. Despite encountering encryption hurdles, Facebook engineers harnessed Onavo’s prowess to extend their network analysis techniques to these additional platforms.
Internal Misgivings and Legal Ramifications
Nevertheless, not all stakeholders within Facebook harbored unequivocal support for Project Ghostbusters. Concerns were vocalized by certain employees, including Jay Parikh and Pedro Canahuati, regarding the ethical implications and security vulnerabilities entailed in intercepting encrypted traffic sans transparent user consent.
Allegations of Lawsuits and Industry Response
In the year 2020, a class-action lawsuit was brought against Facebook, alleging the company’s engagement in deceptive data collection practices and unfair competitive maneuvers. While Meta chose to remain reticent on the matter, other tech behemoths ensnared in the lawsuit, comprising Amazon, Google, and Snap, opted to abstain from issuing official statements.
The revelation of Project Ghostbusters sheds light on Facebook’s assertive endeavors to amass competitive intelligence, prompting pertinent inquiries into ethical and legal ramifications. As the saga unfolds, it instigates a critical evaluation of data privacy protocols and the ethical boundaries delineating corporate competition in the digital era.