|
|
|
|
|
|
by rpdillon
820 days ago
|
|
|
This is the first sentence of the article: > In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. I read the rest of the article as well, and saw only confirmation: > Given that Snapchat encrypted the traffic between the app and its servers, this network analysis technique was not going to be effective. This is why Facebook engineers proposed using Onavo, which when activated had the advantage of reading all of the device’s network traffic before it got encrypted and sent over the internet. Where do you see the ambiguity? Other than the weasel words about proposing these programs (versus actually running them), it seems clear that they were decrypting the traffic (or reading it before it was encrypted). Did I miss a piece? |
|
|
This doesn't make sense, they wouldn't see the traffic before it was encrypted. They would see it encrypted, but using the MITM certificate instead of Snapchat's. Given the inaccuracies in the article, it makes me wonder what else they got wrong.
Using a VPN client to monitor how much, when, and where traffic is going is bad, but MITM'ing a user's connection is much, much worse. I'm really skeptical that's what happened, especially given TC's inability to articulate accurately what Facebook did.