Newly unsealed court documents reveal Facebook's secretive project, 'Project Ghostbusters,' aimed at intercepting and decrypting network traffic between users of Snapchat's app and servers. These documents surfaced in a federal court in California as part of a class action lawsuit against Meta, Facebook's parent company.
The project, part of Facebook's In-App Action Panel program, involved intercepting and decrypting encrypted app traffic from Snapchat, YouTube, and Amazon users, aiming to gain insight into user behaviour and compete with Snapchat.
Meta's CEO, Mark Zuckerberg, expressed the need for reliable analytics on Snapchat due to its rapid growth. Facebook engineers proposed using Onavo, a VPN-like service acquired in 2013, to circumvent encryption. Onavo's team devised a solution using kits installed on iOS and Android devices to intercept traffic for specific subdomains, enabling the reading of otherwise encrypted traffic. This approach, akin to a man-in-the-middle attack, allowed Facebook to access detailed in-app activity data, particularly from Snapchat.
Despite the project's development, internal dissent emerged within Facebook, with some employees expressing concerns about its ethical implications. Pedro Canahuati, then-head of security engineering, voiced discomfort, highlighting the public's need for more awareness regarding such data collection practices.
The class action lawsuit, initiated by Sarah Grabert and Maximilian Klein in 2020, alleges that Facebook misled users about its data collection practices and utilised extracted data deceptively to identify and combat competitors. While Amazon declined to comment, Google, Meta, and Snap did not respond to requests for comment.