Facebook caught snooping on SnapChat users. What is going on?
Facebook caught abusing its app privileges to spy on SnapChat users and now it has shared your FB messages with Netflix.
Meta: Facebook, WhatsApp, Instagram
A leading Big Tech giant, Meta, the parent company of Facebook, WhatsApp, and Instagram is known for their questionable data privacy policies. As people would like to protect their privacy on these platforms, rumors have spread about how posting a certain disclaimer in your FB status will act as a repellent against their aggressive collection and sale of your data. But unfortunately these rumors fail the smell test.
Meta’s primary business model is not selling a physical product, but rather they have monetized the collection and sale of information about their users. By carefully tracking your behavior both on their social media platforms and across the web, via tracking cookies, Meta has positioned themselves to be a billion dollar advertising machine.
Poor privacy protections from the start
Facebook, and later Meta, are not known for protecting the privacy of their users. Quite the opposite. From it’s earliest beginnings Facebook was built upon the creepy collecting and sharing of data posted by unassuming Harvard students. As Facebook grew it took advantage of the public’s ignorance of the potential profits to be made by large scale data collection.
Shady Beginnings
The origins of the Facebook we know to day started as a small website written by Mark Zuckerberg in 2003 called “Facemash” and was originally designed to display the faces of Harvard students who were otherwise only listed in paper “face books” maintained by the university. His website was quickly shutdown and Zuck was faced with potentially being thrown out of university for the stunt.
The following year Zuckerberg was back and this time worked to create a fully digitalized web version of the university face books, this time beginning with Harvard before later expanding to include other Ivy League universities. The project attracted attention from Napster founder Sean Parker and later Peter Thiel. With venture capital investors on board the public explosion of Facebook in 2006 was inevitable.
Now nearly two decades later, Facebook is still going strong and operates one of the largest tech companies on the planet. While their scale may have changed, the relative disregard for privacy did not.
The SnapChat Debacle: Who You Gonna Call? Project Ghostbusters!
Recently released court documents share startling details of actions allegedly taken by Facebook in 2016 as the (then) new social networking app SnapChat was rapidly growing its user base. SnapChat was posing a potential threat to Facebook’s advertising revenue and in order to gather more information on what SnapChat was doing Mr. Zuckerberg proposed the following in an email:
“Given how quickly they’re growing, it seems important to figure out a new way to gt reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”
This call to action was a direct push by Zuckerberg for the development of software which could decrypt the encrypted analytics which were being sent by SnapChat to sc-analytics.appspot.com.
Man-in-the-Middle Style Monitoring
In response to this call to action, the In-App Action Panel (IAAP) was created. The Facebook project IAAP also expanded to include YouTube and Amazon. The included aspect of this project was, according to court documents:
“intercepting and decrypting SSL-protected traffic from the Snapchat app…”
The main technological means of making this man-in-the-middle attack was by pushing users to install “kits” on their devices to intercept this traffic. A TechCrunch report in 2019 brought to light how teenagers were being paid to install these kits on devices, at which point Facebook promptly halted the program.
Civil dispute or criminal wiretapping?
When malicious hackers take such actions to view network traffic without the express written consent of the network owner/operator, this is a direct violation of 18 U.S. Code §2511 - Interception and disclosure of wire, oral, or electronic communications prohibited.. In such cases, malicious actors are also prosecuted in a criminal lawsuit.
There is on-going discussion of whether the actions taken by Facebook do merit a criminal investigation.
If this is the penalty for violating the wire tapping laws within the United States they must be enforced uniformly. It cannot be the case that a student like Aaron Swartz is prosecuted for trying to distribute knowledge, but Mark Zuckerberg gets little more than a slap on the wrist for hacking the devices of Facebook users. This is not justice.
Meta has responded to the recent disclosure of their “Project Ghostbusters” claiming that “Snapchat’s ‘witness on advertising confirmed that Snap cannot ‘identify a single ad sale that [it] lost from Meta’s use of user research products’…”
Meta has no remorse for introducing malware to devices around the world, but these actions are wrong and violate the trust of millions. Facebook has failed to issue any apology for these actions. The bottom line seems to be that everything is permitted as long as Facebook can turn a profit.
Netflix “What am I watching” sharing functionality
Meta’s digital sharing gathered additional criticism this week when it was also making certain private message data available to Netflix. What seems to be at play here is that Facebook offers an API access to partner tech companies to offer features like sharing what you might be watching on Netflix directly with your Facebook friends. This would seem to mean that Netflix did have some degree of access to the personal inboxes of Facebook users who were using the Netflix sharing feature.
This story is on-going, but the interconnected nature of FAANG (Facebook, Apple, Amazon, Netflix, Google) companies building and maintaining a shared tech monopoly seems to be taking place in clear view.
Big Tech is anti-competition and pro-monopoly
It is clear that Big Tech companies are actively working to limit the growth and spread of competitors to their hegemony. The tried and true practice of buying up competition has now become commonplace that many startups have the goal of being bought out by one of these companies, rather than becoming direct competitors themselves. Facebook’s CEO pushing spyware to monitor a growing competitor is just another example of the toxic business practices which have come to embody Big Tech.
EU’s DMA needs to strip gatekeepers of unfair power
There is some hope here though. With the new EU Digital Markets Act there is finally a legal entity seeking to stand up to the monopolistic and unfair practices of Big Tech companies. The DMA has already pushed Apple to open their previously restricted App Store software distribution system. With future moves to examine Google’s search dominance by the EU, it is only a matter of time before Facebook finds themselves facing similar pressure.
Want better privacy? Drop Meta’s apps entirely.
If you want to avoid Big Tech’s invasive neglect of your privacy the best thing you can do is avoid their products and apps entirely. If you are using WhatsApp, why not drop it in favor of an open source encrypted messenger like Signal. You can drop Facebook in favor of any of the Fediverse platforms. And of course, you can start to de-Google your life by choosing a private search engine and an encrypted email solution like Tuta Mail.
At Tuta your privacy and security comes first. There are no ads, no hidden fees, and no collection of user data.
You can create a free Tuta account in seconds and start taking back your privacy today!