14 comments

[ 3.5 ms ] story [ 30.7 ms ] thread
TFA is from 2024, so the title is wrong
Quote:

A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights.

On a side, but related note; all our societies need to reevaluate the corporate protections from personal liability when the activities breach the articles of incorporation, the so called veil; barring demonstrated accident or mistake.

This "corporate veil" and protection is really the same basis as the legal fiction called "qualified immunity"... in the case of police officers, they can even quite literally murder you with impunity in far too many cases that is acceptable. Isn't it odd how a "citizen" who is supposed to actually be in control of the government through self-determination, has approaching zero power, bu the putrid agents of the despotic power of illegitimate government have literal immunity to commit murder.

This kind of activity is not just a corporate whoopsie, it's active, deliberate, criminal activity, and organized criminal activity at that; making in this case (but there are many other examples) Meta an organized criminal outfit.

Are you personally immune from prosecution if a "corporation" tells you to murder someone? Why would you then not be personally criminally liable for perpetrating other crimes because the "corporation" told you to do it; regardless of whether that is committing cybercrimes, committing financial fraud, or even just something as simple as breach of the peace if a manager is accosting an employee?

I don't see what the big deal is. SSL MITM is CloudFlare's whole business model.
Don't run a VPN from a company whose entire business model is knowing everything about you and what you do online.
How is it not a criminal offence to impersonate a different company to decrypt customer data?
It was a criminal offencefor Aaron Swartz to download books.

But when Zuckerberg did it at an industrial scale, he was just "training his AI model", which made it just fine.

Same thing here.

> Onavo Protect Android app, which had over 10 million Android installations, contained code to prompt the user to install a CA (certificate authority) certificate issued by "Facebook Research" in the user trust store of the device. This certificate was required for Facebook to decrypt TLS traffic.

I mostly can't think of a legitimate reason to install your own root certificate for a VPN, so I'm inclined to buy that this is Facebook being Facebook. I would also run as fast as I can if I installed an app and it started prompting me to install a certificate, but 99% of people have absolutely zero idea how TLS and PKI work, so maybe this is taking advantage of their ignorance.

I saw this story linked from a twitter post, really interesting. It makes a lot of sense, make purchases based upon data / metrics
Just keep in mind that Meta has not changed a bit since then.

This is from two months ago, when it was found that their Android app listens on a localhost port in order to send identifiers from webpages to their app via WebRTC so that they can still track users.

Covert web-to-app tracking via localhost on Android - https://news.ycombinator.com/item?id=44169115

Meta pauses mobile port tracking tech on Android after researchers cry foul - https://news.ycombinator.com/item?id=44175940

> This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users’ web activity.

I wonder how it feels to be an engineer at Meta. Do you leave your conscience at the door when you start the workday? Make no mistake, if this company pays your salary, you are an accomplice no matter if you personally did take part in it. How do you look yourself in the eyes?
With enough money it's possible to turn off your conscience.

That combined with people whoa are more into the technical challenge of it and won't be thinking about the moral implications.

The stories I could tell you about Onavo. Ask anyone from the Facebook Growth Org. There's so much undisclosed dirt here it's insane...