Hacker News new | ask | show | jobs
by jitl 812 days ago
“Wiretap” without additional context is a bit misleading since in conjures an image of listening to phone conversations between employees of the competitor. I think it may be fair to call it wiretapping but it’s different from that image.

They paid users to install an app on smartphones that spied on network requests made by those users. In iPhone this app used OS VPN support to intercept traffic, and a root CA certificate to treat the intercepted connection as legitimate.

“Proxyman” is an iOS app that does the same thing on behalf of the user - it’s super helpful for debugging your own app or reverse engineering someone else’s app. I used it to reverse engineer the API of my smart home gym app Tempo Fitness so I could build my own dashboards from my workout metrics.

Facebook used this technique to “wiretap” the analytics log events that Snap and the other apps were sending to themselves - events probably look like “user swiped to next video after viewing video id=1234 for 3 seconds” or “user clicked ad id=5678”.

TechCrunch report on Facebook Research (2019): https://techcrunch.com/2019/01/29/facebook-project-atlas/?gu...

The Wikipedia page for Onavo (the startup Facebook bought that that powered this stuff) is pretty clear and has good citations for additional reading:

https://en.m.wikipedia.org/wiki/Onavo
3 comments
dec0dedab0de 812 days ago
I think Wiretap is a fair analogy for intercepting and decrypting traffic for other apps.
link
spacemanspiff01 812 days ago
Except if I install by choice, a app that records what my device is doing, I would not call that wiretapping.

Wiretapping is what you do to others, generally without knowledge. Facebook paid individuals to record what data their devices sent out.

link
1vuio0pswjnm7 812 days ago
Unless Facebook obtained lawful consent to intercept communications between the computer owner and another party, using an app by choice is not a defense to wiretapping. That the plaintiffs are alleging wiretapping suggests that the VPN terms of use contained no such consent to intercept communications between the computer owner and other parties.
link
dec0dedab0de 812 days ago
Facebook paid individuals to record what data their devices sent out.

Ahh, yes. That is a huge distinction I was not aware of.

link
jitl 812 days ago
I agree it’s fair as an analogy, and I used the word in my summary of the situation. All I wanted to say was that what Facebook actually did didn’t match my initial expectation when I read “wiretap”
link
4WVmSrmEyGr 812 days ago
Footnote #1 in the linked document states: "It is Advertisers’ position—backed up by voluminous evidentiary background and analysis, which Advertisers would welcome the opportunity to share with the Court should Meta dispute any aspect of Advertisers’ contention—that Meta’s IAAP program didn’t just harm competition, but criminally violated 18 U.S.C. § 2511(1)(a) and (d) by intentionally intercepting SSL-protected analytics traffic addressed to secure Snapchat, YouTube, and Amazon servers."

18 U.S.C. § 2511(1)(a) and (d) are provisions of the federal Wiretap Act.

Subsection (1)(a) makes it a crime to intentionally intercept, endeavor to intercept, or procure any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication.

Subsection (1)(d) makes it a crime to intentionally use, or endeavor to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection.

For criminal prosecutions, the general five-year statute of limitations for non-capital federal crimes applies, as per 18 U.S.C. § 3282(a).

link
1vuio0pswjnm7 812 days ago
""Wiretap" without additonal context is a bit misleading since it conjures an image of listening to phone conversations between employees of the competitor."

What is the context. Litigation. The submission comes from courtlistener.com "Wiretap" here has a specific meaning. The definition is provided in the citation in footnote 1: 18 USC 2511(1)(a) and (d).

"intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;"

What's perplexing about the HN fixation on the term "wiretap" in this case is that the criminal offence of wiretapping is not a claim in this particular litigation. The case is concerned with anticompetitive conduct. The plaintiffs are proceding on a "monopoly broth" theory. The issue is whether Facebook's conduct re: the VPN is anti-competitive. Why would Facebook do something it knows is illegal or even might be illegal.

In the plaintiffs first amended complaint, they cite a quote from a US senator who specifically referred to the Onavo situation as "wiretapping teenagers". Even if the term was not being used to refer to the specific federal crime of wiretapping, it was already being used to refer to what Facebook was doing.

Meta is going bananas to try to keep the facts revleaed in this litigation from seeing the light of day. Why. Let the reader decide.

Pretending that the word "wiretapping" is misleading is like SBF refusing to acknowledge that he has committed any crime. Being evasive, trying to redefine words will not work. The definition is provided via citation in the document. This is an antitrust case, not a wiretapping case. Judge Donato is all too familiar with the unethical conduct of so-called "tech" companies. This "tech company" nonsense is occupying an increasing portion of the court's time.

A computer user MITM'ing apps on her own computer is not wiretapping. Facebook is MITM'ing apps on someone else's computer.

link