Zuckerberg personally ok'ed wiretapping both Amazon and YouTube [pdf]
50 points by brianaker 1 year ago | 24 comments- jitl 1 year ago“Wiretap” without additional context is a bit misleading since in conjures an image of listening to phone conversations between employees of the competitor. I think it may be fair to call it wiretapping but it’s different from that image.
They paid users to install an app on smartphones that spied on network requests made by those users. In iPhone this app used OS VPN support to intercept traffic, and a root CA certificate to treat the intercepted connection as legitimate.
“Proxyman” is an iOS app that does the same thing on behalf of the user - it’s super helpful for debugging your own app or reverse engineering someone else’s app. I used it to reverse engineer the API of my smart home gym app Tempo Fitness so I could build my own dashboards from my workout metrics.
Facebook used this technique to “wiretap” the analytics log events that Snap and the other apps were sending to themselves - events probably look like “user swiped to next video after viewing video id=1234 for 3 seconds” or “user clicked ad id=5678”.
TechCrunch report on Facebook Research (2019): https://techcrunch.com/2019/01/29/facebook-project-atlas/?gu...
The Wikipedia page for Onavo (the startup Facebook bought that that powered this stuff) is pretty clear and has good citations for additional reading:
- dec0dedab0de 1 year agoI think Wiretap is a fair analogy for intercepting and decrypting traffic for other apps.
- spacemanspiff01 1 year agoExcept if I install by choice, a app that records what my device is doing, I would not call that wiretapping.
Wiretapping is what you do to others, generally without knowledge. Facebook paid individuals to record what data their devices sent out.
- 1vuio0pswjnm7 1 year agoUnless Facebook obtained lawful consent to intercept communications between the computer owner and another party, using an app by choice is not a defense to wiretapping. That the plaintiffs are alleging wiretapping suggests that the VPN terms of use contained no such consent to intercept communications between the computer owner and other parties.
- dec0dedab0de 1 year agoFacebook paid individuals to record what data their devices sent out.
Ahh, yes. That is a huge distinction I was not aware of.
- 1vuio0pswjnm7 1 year ago
- jitl 1 year agoI agree it’s fair as an analogy, and I used the word in my summary of the situation. All I wanted to say was that what Facebook actually did didn’t match my initial expectation when I read “wiretap”
- spacemanspiff01 1 year ago
- 4WVmSrmEyGr 1 year agoFootnote #1 in the linked document states: "It is Advertisers’ position—backed up by voluminous evidentiary background and analysis, which Advertisers would welcome the opportunity to share with the Court should Meta dispute any aspect of Advertisers’ contention—that Meta’s IAAP program didn’t just harm competition, but criminally violated 18 U.S.C. § 2511(1)(a) and (d) by intentionally intercepting SSL-protected analytics traffic addressed to secure Snapchat, YouTube, and Amazon servers."
18 U.S.C. § 2511(1)(a) and (d) are provisions of the federal Wiretap Act.
Subsection (1)(a) makes it a crime to intentionally intercept, endeavor to intercept, or procure any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication.
Subsection (1)(d) makes it a crime to intentionally use, or endeavor to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection.
For criminal prosecutions, the general five-year statute of limitations for non-capital federal crimes applies, as per 18 U.S.C. § 3282(a).
- 1vuio0pswjnm7 1 year ago""Wiretap" without additonal context is a bit misleading since it conjures an image of listening to phone conversations between employees of the competitor."
What is the context. Litigation. The submission comes from courtlistener.com "Wiretap" here has a specific meaning. The definition is provided in the citation in footnote 1: 18 USC 2511(1)(a) and (d).
"intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;"
What's perplexing about the HN fixation on the term "wiretap" in this case is that the criminal offence of wiretapping is not a claim in this particular litigation. The case is concerned with anticompetitive conduct. The plaintiffs are proceding on a "monopoly broth" theory. The issue is whether Facebook's conduct re: the VPN is anti-competitive. Why would Facebook do something it knows is illegal or even might be illegal.
In the plaintiffs first amended complaint, they cite a quote from a US senator who specifically referred to the Onavo situation as "wiretapping teenagers". Even if the term was not being used to refer to the specific federal crime of wiretapping, it was already being used to refer to what Facebook was doing.
Meta is going bananas to try to keep the facts revleaed in this litigation from seeing the light of day. Why. Let the reader decide.
Pretending that the word "wiretapping" is misleading is like SBF refusing to acknowledge that he has committed any crime. Being evasive, trying to redefine words will not work. The definition is provided via citation in the document. This is an antitrust case, not a wiretapping case. Judge Donato is all too familiar with the unethical conduct of so-called "tech" companies. This "tech company" nonsense is occupying an increasing portion of the court's time.
A computer user MITM'ing apps on her own computer is not wiretapping. Facebook is MITM'ing apps on someone else's computer.
- dec0dedab0de 1 year ago
- andthenzen 1 year agoWhere is this headline coming from? I haven't been following this case, and unfortunately, either my poor legal or technical comprehension prevents me from finding the points in this brief which substantiate the submission title.
- dang 1 year agoYes, it looks like this title was badly editorialized. From https://news.ycombinator.com/newsguidelines.html: "Please use the original title, unless it is misleading or linkbait; don't editorialize."
Submitters: if you want to say what you think is important about an article, that's fine, but do it by adding a comment to the thread. Then your view will be on a level playing field with everyone else's: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
- sp332 1 year agoYouTube is mentioned a couple of times on page 2 where Zuckerberg is informed of the specifics of the program.
- andthenzen 1 year agoThanks! I assume it's referencing this sentence and surrounding info: > "Dozens of documents from across the company reveal that Zuckerberg had spoken to the company’s head of security, its then-CTO, and others about the risks and rewards of the IAAP program—which involved the interception and decryption of secure analytics traffic from Snapchat, YouTube, and Amazon for competitive reasons—and would personally make a decision about whether to continue it."
I'm not sure where it jumps to "wiretapping" (just from a layperson's standpoint). The image I had in my head was Meta tapping the phones or devices of Amazon and Youtube employees which was probably a silly interpretation of the title.
- sp332 1 year agoThe headlines around this have definitely blown things up. Running a VPN service so you can snoop on how customers use other services is plenty scummy, no need for the catastrophising.
- sp332 1 year ago
- andthenzen 1 year ago
- dec0dedab0de 1 year agoDozens of documents from across the company reveal that Zuckerberg had spoken to the company’s head of security, its then-CTO, and others about the risks and rewards of the IAAP program—which involved the interception and decryption of secure analytics traffic from Snapchat, YouTube, and Amazon for competitive reasons—and would personally make a decision about whether to continue it
It seems as though none of these people got a reply email, even though they all were looking for his response.
- dang 1 year ago
- brian_cloutier 1 year agoI have absolutely no context beyond reading this document but it appears they only did SSL decryption on their Facebook Research App where users were explicitly paid for running the app and giving facebook access to their network traffic. I... would probably not accept that deal but it doesn't seem accurate to call this "spyware" or "wiretapping", both of which imply non-consensuality.
- 1 year ago
- ChrisArchitect 1 year ago[dupe]
Lots of discussion: https://news.ycombinator.com/item?id=39832952
- brianaker 1 year agoThat story links to a different document filed with the courts.
Additionally, the scope is wider than just what Onavo did for Facebook.
There are comments being made in that post as well where people are assuming all of the communication on one side, which was not the case at all.
- ChrisArchitect 1 year agoIt's the same discussion. The other article mentions the youtube and amazon aspect also. Share the court doc link over there. Discuss over there.
- ChrisArchitect 1 year ago
- brianaker 1 year ago
- spacemanspiff01 1 year agoSo I am not really following what this is about, but it seems like Facebook wanted to know what information Snapchat and others were collecting from users.
So with the users permission (for a testing group), they created something to be installed along side so that they could see what data was actually being collected by third parties.
I don't understand the issue, If I as a user want to monitor what is being sent about me, I should have the right to do so. If I then want to send that information to some other company, in exchange for money (or whatever) that's my choice.
The headline seems disingenuous.
- whoevercares 1 year agoI mean…Zuckerberg knew they can walk away legally, right?