Comment by dilyevsky

1 year ago

That’s not sufficient - you also need to intercept traffic somehow which they successfully accomplished by buying this vpn company and using them to proxy victims traffic through their infra

5 comments

dilyevsky

eightysixfour 1 year ago

Victims that were being paid to participate?

Edit: Not excusing Facebook here, but feel like this whole thing is in a weird grey area. It is like getting paid to have a Nielsen box monitoring your TV and then complaining when you find out it also knew what you watched on your DVD player.

dilyevsky 1 year ago

Read the wording on the apk[0] - while it does mention they collect data to improve fb product it sure doesn’t mention the data includes telemetry for competitors’ apps.
[0] https://apkpure.com/onavo-protect-from-facebook/com.onavo.sp...
haxrob 1 year ago
> Victims that were being paid to participate
I believe you might be referring to what happened in 2019? [1] This is a separate issue. [2]
I do clarify this in the blog post, although it might be better to move the relevant text near the introduction rather then in the middle of the post.
EDIT: I have also added a remark to the post that it is not clear if all users were MITM'd or just a subset
[1] https://techcrunch.com/2019/01/29/facebook-project-atlas/
[2] https://techcrunch.com/2024/03/26/facebook-secret-project-sn...
- eightysixfour 1 year ago
  
  I think what is missing is a timeline and clarity about the actual steps users had to take.
  1) Onavo was a (free?) VPN app acquired by FB in 2014. Facebook used it to collect “market research data.” People chose to download this, but thought it was a security product.
  2) At some point (it looks like 2016?) they launched an iOS app called Research, using the same tech, which required users to install a certificate meant for internal Facebook employees. They paid these users to monitor their traffic.
  Are you saying that the MITM was happening for users of (1) or (2) or both?