[benreesman]

The cluster of allegations is that the Onavo acquisition put FB-designed and built rootkits underneath TLS on a significant fraction of all smartphones in the United States and that FB/IG (now Meta) used clear text access to ostensibly secure HTTPS sessions to extract arbitrary data from both competitors and partner companies to play poker with X-Ray glasses on as concerned all competition in an ostensibly free and fair and competitive marketplace while simultaneously creating scope for arbitrary other advanced actors to exploit the same intentionally crippled OS-level security at the cost of weakening the entire world’s digital security infrastructure for pure financial profit without so much as a FISA court order to justify such actions.

If substantiated, such accusations would be among the most damning in the history of technology.

[nemothekid]

>If substantiated, such accusations would be among the most damning in the history of technology.

If substantiated? Just search Onavo on HN search - I thought this was widely known for years.

[benreesman]

As a former employee until 2018, I heard the words “Project Ghostbusters” two days ago. I was peripherally aware of something called Onavo but I had no notion that anyone was talking about “kits”, we all thought it was some kind of metrics thing that was sort of iffy sounding but lots of iffy ideas got proposed by some PM looking to make a name and shot down by the grownups, what is alleged would have provoked a riot at the weekly all hands.

If any of this is true they didn’t tell people like me about it, and at one point there were three people on the org chart between myself and the CEO.

I’m very skeptical of the allegations, but I’d be lying if I said I found them to be flat impossible. I tread very lightly on this sort of thing and I didn’t even acknowledge I’d ever heard the word Onavo until I read it on TechCrunch.

I certainly hope they’re false: FAIR seems to be the last real hope for an Open future on AI short of a complete housecleaning of the whole Valley.

[nemothekid]

I had a friend tell me about Onavo in ~2015. I wont delve into what he told me, but at the time I had the "move fast and break things" spirit and thought it was a pretty cool tool that they had figured out to get competitive information. He never showed me anything, but allegedly they could even see what features were being used in other apps.

But I don't think this is something he made up, it's been discussed on HN.

https://news.ycombinator.com/item?id=16381812

>I wonder if it's be possible to make a social networking startup, optimise solely for Onavo metrics, and get bought out by Facebook.

https://news.ycombinator.com/item?id=16373339

>The Onavo VPN service from Facebook is disguised as a protection mechanism but tracks the user for the benefit of Facebook.

https://news.ycombinator.com/item?id=14971839

>The database stems from Facebook’s 2013 acquisition of a Tel Aviv-based startup, Onavo, which had built an app that secures users’ privacy by routing their traffic through private servers. The app gives Facebook an unusually detailed look at what users collectively do on their phones, these people say.

I am surprised that this accusation is at all controversial.

[1oooqooq]

My guess: you were in ads/targeting. And at most a Director. i.e. mostly operations.

The people in targeting/demand/supply knows absolutely nothing about profile building. And there is where all the competitive advantages lies. And also all the shady deals.

We usually keep everything very secret in profile building because that is the knowledge that allows people to leave and start competitors, but we disguise it as the usual think-of-the-children and say that profile building deals with all sort of borderline-PII and only the most vetted people should work on it.

Ask some sysadmin to list the ACL to the main ads profile HDFS or whatever it is today. it will show a couple architects who report to one SVP each.

[benreesman]

A remarkably astute analysis based on very limited information.

My job was to use information retrieval, machine learning / AI, auction theory, and pragmatic statistical sampling to both accurately model and stably price ads inventory and later dollarized organic inventory to drive specific policy agendas about what got clicked on, dwelled on, commented on, seen in recommender systems in equilibrium to achieve specific policy agendas of various kinds but all ultimately tying out at top-line revenue and engagement metrics.

It did not take me long to work out that PII was useless in this pursuit, there’s no entropy in the off-property like button table as concerns CTR.

It did not take me long to realize that I didn’t want to know what it was useful for.

I easily had the seniority to run queries against Hive tables that I had an explicit personal priority of never querying.

And I left the senior leadership track at the last stop before a directorship.

[1oooqooq]

oh the "monetization wizard" team. driving excel with hundreds of sheets to squeeze regulated products till the last drop. while documenting all the tweaks for the next round of certification with trepidly named forprofit industry self regulatory watch dogs.

all the sexy stuff like Bluetooth beacon, and reverse email targeting etc are all before your team, because they're still not regulated and are profitable. i bet the team just got to turn DOoH knobs last years?

[benreesman]

There’s a new thing happening in Silicon Valley particularly and technology generally: we don’t need people like you anymore.

As with a lot of terms, “brogrammer” is one that initially referred to something progressive but got co-opted by the kind of people whose value add is “shady games”.

There’s a breed of elite hackers now who understand power dynamics, the importance of optics, the value that accrues to which parts of the apparatus, and daydreams while outmaneuvering anyone who ever contemplated an MBA, which is an admission that you can’t hack it when the distributions go non-stationary or the wire-to-wire latency target at 7 nines is below a mike.

I don’t generally like to call attention to this, but my friend and former colleague Antonio Garcia Martinez of Goldman, Cal applied physics, Silicon Valley, and many other kinds of fame was very gracious to me in a NYT best-seller about a great many things but among them how I was a kind of synthesis of the kind of people who (as stereotyping would have it) were either basement-dwelling geeks or glib salesmen with Anglican/Presbyterian-sounding names.

Buy the book if you care. Nick Schrock had found my photograph on the Internet and made it a Facebook cult classic at least a year before I joined in the Palo Alto office. Which is pretty early that I was #336 on the SWE staff.

There is a lot of scope for value-add from the kinds of people who the ignorant and prejudiced stereotype as “nerds”: those people in my experience are generally kind, humane, humble, and brilliant.

I’m just humane and brilliant, and I’m going to personally salt the Earth where people who talk like you do once stood.

And I’ve got no compunctions about leveraging my appearance or height or dress sense or glib vocabulary, or ease in dominating a meeting to do so.

Selective pressures have produced a breed that is simultaneously the prom king and likely to end up with a Turing, and do it all without pillaging the commons or appealing to connections.

And if any of this rubs you the wrong way, we can step outside and handle it there. You don’t want that.

[sunshowers]

Ex-FB here -- I do feel like I knew about the general scope of what Onavo did, which was to incentivize people so FB could snoop on TLS traffic and grab data about competitor usage.

[benreesman]

Could be a question of what we worked on. I did Ads ML Infrastructure, Abuse Detection Systems (spam basically), and then more ML Infrastructure on IG Feed/Stories. I was deep enough in the engine room it was all more or less feature embeddings. So it’s probably fair to say I would have known less about strategic maneuvering than plenty of less tenured folks closer to the surface.

I knew it sounded vaguely sketchy but you remember how many vaguely sketchy things some frisky new PM tried to get pushed through a launch card meeting only to have someone on Sheryl’s radar detonate it on the launch pad. The timeframe is the main reason I’m skeptical: Sheryl didn’t put up with crap like that she knew what was at stake.

[sunshowers]

I was on devinfra/source control (worked 2012-2018 in that area before switching to Libra) so we weren't making decisions, but we got to saw a bunch of what happened as it happened. Onavo was always treated as pretty sus among the people I worked with, who were largely linux/free software/security types.

As Pedro said in the email described in [1], no sufficiently well-informed, security-minded person could ever be comfortable with Onavo.

[1]: https://techcrunch.com/2024/03/26/facebook-secret-project-sn...

[ahahahahah]

This article has nothing to do with onavo.

[ajdude]

If this is true that sounds really, really, bad.

[loeg]

> such accusations would be among the most damning in the history of technology.

You're putting this up there with IBM in the holocaust?