New Meta Scandal: Spying on Snapchat and YouTube with “Project Ghost Hunters”

Based on leaked court documents, Meta launched Project Ghost Hunters in 2016 to spy on Snapchat users.

In 2016, Meta (formerly Facebook) launched a secret project to track and decrypt network traffic between Snapchat servers and its users. The main goal was to identify Snapchat user behavior and help Meta compete more seriously with the platform.

According to court documents, Meta referred to the project of tracking Snapchat activity as “Ghost Hunters.” Snapchat has a ghost-like logo, and the project name is clearly a reference to Snapchat.

Documents released by a federal court in California show how Meta has tried to compete more heavily with other social networks by analyzing network traffic and how people interact with platforms like Snapchat, Amazon, and YouTube.

Meta’s rival platforms use encryption, so Meta had to develop new technology to bypass the security system.

One of the documents focuses on Project Ghost Hunters. The project was part of Meta’s IAPP initiative, which used a special technique to “track and decrypt encrypted app traffic.”

Project Ghost Hunters initially focused on Snapchat, but later expanded to Amazon and YouTube. The court document refers to internal Meta emails.

In an email dated June 9, 2016, which was revealed in court, Meta CEO Mark Zuckerberg wrote: “Whenever someone asks about Snapchat, the answer is usually that we don’t have any information about them because their traffic is encrypted. Given their rapid growth, it is important that we find a way to get reliable analytical data about them. Maybe we should use the panel or write custom software. You need to figure out how to do this.”

Mark Zuckerberg has a poor track record of respecting people’s privacy.

Meta engineers’ solution was to use Onavo, a VPN-like service that Meta acquired in 2013.

Meta completely shut down the Onavo service in 2019 after investigations revealed that the company had secretly paid teenagers to use Onavo, giving Meta access to their browsing history.

After Zuckerberg’s email in 2016, the Onavo team took over management of the project and a month later came up with a working solution: special kits that could be installed on iPhones and Android phones that had the ability to track traffic for some subdomains.

An internal Meta email states: “These kits allow us to see encrypted traffic so we can analyze in-app usage. This is the man-in-the-middle approach.”

A man-in-the-middle attack, also known as an enemy-in-the-middle attack, is a type of cyber attack in which hackers intercept internet traffic between two devices. Once the network traffic is decrypted, the enemy-in-the-middle attack allows the hacker to identify important data such as usernames, passwords, and in-app activities.

Snapchat had encrypted the traffic between its app and its servers, and Meta couldn’t access the analytical data. This is exactly why Facebook engineers suggested using Onavo.

When Onavo was activated, it could see all network traffic on the device before it was encrypted and sent over the internet.

According to court documents, some Meta employees, such as Jay Parikh (former head of the company’s infrastructure engineering team) and Pedro Canahuati (former head of the security engineering team), had expressed concerns about using Onavo.

It is unclear what happened to Project Ghost Hunters, but given the shutdown of Onavo in 2019, it is likely that the project also ended at that time.

Back to top button