Comment by haxrob

1 year ago

> Victims that were being paid to participate

I believe you might be referring to what happened in 2019? [1] This is a separate issue. [2]

I do clarify this in the blog post, although it might be better to move the relevant text near the introduction rather then in the middle of the post.

EDIT: I have also added a remark to the post that it is not clear if all users were MITM'd or just a subset

[1] https://techcrunch.com/2019/01/29/facebook-project-atlas/

[2] https://techcrunch.com/2024/03/26/facebook-secret-project-sn...

2 comments

haxrob

Reply
eightysixfour  1 year ago

I think what is missing is a timeline and clarity about the actual steps users had to take.

1) Onavo was a (free?) VPN app acquired by FB in 2014. Facebook used it to collect “market research data.” People chose to download this, but thought it was a security product.

2) At some point (it looks like 2016?) they launched an iOS app called Research, using the same tech, which required users to install a certificate meant for internal Facebook employees. They paid these users to monitor their traffic.

Are you saying that the MITM was happening for users of (1) or (2) or both?