Project Ghostbusters: How Facebook Got Caught Snooping on Users’ Snapchat Traffic

Facebook launched a secret project designed to snoop on users’ Snapchat data in a bid to help them compete with the social app, according to newly unsealed court documents. 

Titled Project Ghostbusters (a clear reference to Snapchat’s logo), the project was part of the company’s In-App Action Panel (IAPP) program, which used a technique for “intercepting and decrypting” encrypted app traffic from users of Snapchat.

On Tuesday, a federal court in California released these documents as part of the class action lawsuit between Meta, Facebook’s parent company, and its users. 

Project Ghostbusters: Facebook’s ‘man-in-the-middle’ attack

The unsealed court documents also included several internal Facebook emails on Project Ghostbusters, including from Zuckerberg himself. 

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, according to TechCrunch.

“Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”

Meta also hold all of user personal data from their other owned platforms, Instagram and Whatsapp

Meta also hold all of user personal data from their other owned platforms, Instagram and Whatsapp

And Facebook’s engineers did figure it out. Using Onavo, a VPN-like service that Facebook acquired in 2013, the team created kits installed into iOS and Android that intercept traffic for specific subdomains, allowing them to read encrypted traffic.. 

“We now have the capability to measure detailed in-app activity” from “parsing snapchat [sic] analytics collected from incentivised participants in Onavo’s research program,” read another email.

A team of senior executives and roughly 41 lawyers worked on Project Ghostbusters, according to court filings. The group was heavily concerned with whether to continue the program in the face of press scrutiny. Facebook ultimately shut down Onavo in 2019 after Apple booted the VPN from its app store.

“I can’t think of a good argument for why this is okay”

Inside Facebook, the emails showed several senior employees voicing their concerns about Project Ghostbusters. 

“I can’t think of a good argument for why this is okay. No security person is ever comfortable with this, no matter what consent we get from the general public. The general public just doesn’t know how this stuff works,” Pedro Canahuati, then-head of security engineering, wrote in one email. 

Prosecutors also allege that Facebook violated the United States Wiretap Act, according to Gizmodo, which prohibits the intentional procurement of another person’s electronic communications. Onavo could also be considered straight spyware, but also seems to fall under the definition of wiretapping, according to prosecutors.

The court filings show chats and emails that depict Zuckerberg as being directly involved in these communications. In 2019, an email was sent to Zuckerberg explicitly asking for his decision on whether SSL decryption (Project Ghostbusters) should stop. However, Meta denies its CEO was anywhere near this.

Both Meta and Snapchat have not responded to requests for comment. 


Looking to grow your data team? Get in touch: https://www.harnham.com/contact-page/  

Posted in