[dylan604]

seriously, how does this not violate wire tapping laws? does agreeing to ToS mean you also agree to being spied on in a way that protects them? you are deliberately circumventing encryption for malicious purposes. if people got in trouble for DeCSS for circumventing encryption, how is this okay?

pithy "because they have all the monies" replies not wanted.

[Aurornis]

> seriously, how does this not violate wire tapping laws? does agreeing to ToS mean you also agree to being spied on in a way that protects them?

It’s not really spelled out clearly in the article, but this was a specific program where people had to choose to opt-in in exchange for compensation.

This wasn’t simply Facebook hijacking random people’s traffic because they accepted the ToS or used the Facebook app

Not defending the program, but it’s not what a lot of comments are assuming.

[KennyBlanken]

The article details how users were lied to about what was being collected and why.

If you lie to someone to get them to sign an agreement, that agreement is voided in nearly any sane jurisdiction on the planet.

[haxrob]

> This wasn’t simply Facebook hijacking random people’s traffic because they accepted the ToS or used the Facebook app

Do you have further insights or references on what was the "trigger condition"? This is a new case, separate to the previous litigation related to the VPN app.

[hypeatei]

Big tech and telecommunications companies are effectively miniature arms of the U.S. government at this point.

As seen by the "Protect America Act" of 2007[0], the government will retroactively cover their own ass and your companies' ass if deemed important enough to the intelligence apparatus. There isn't a chance in hell that Meta would be brought criminal charges for wiretapping.

0: https://en.wikipedia.org/wiki/Protect_America_Act_of_2007

[Scoundreller]

I think The Onion nailed it in 2011:

https://www.theonion.com/cias-facebook-program-dramatically-...

[dylan604]

Which is clearly a red flag operation so that whenever someone serious tries to tout this, they'll be rebuffed as it's an article in the Onion. Those clever bastards!

[talldayo]

That, or scathing satire has been a mainstay at The Onion longer than political consternation.

[giancarlostoro]

I'm assuming they were doing it for the federal government at this point. There's no reason for them to spy on another app, they can hire almost any developer they want.

[dylan604]

Hiring another dev does not give them access to the raw numbers. It's not the same thing at all

[wannacboatmovie]

What is described in the article is not some elaborate scheme or novel work of software engineering. Rather, it's exactly what 99% of corporate networks do (proxy server with SSL inspection using a custom root certificate) "to combat cyber threats".

As coincidence would have it, this is the perfect alibi provided by a snake oil "cybersecurity" app by one of the world's largest companies.

Every tech company that has promulgated the lie that a VPN operated by a third party provides added security is indirectly responsible for this. Funneling all your traffic through a shady intermediary does no such thing, and in fact often does the opposite.

[620gelato]

99% of corporate networks? That can't be true.

I do know that this is done - in fact worked at a pretty major smartphone manufacturer and never logged in to any personal account on work devices. It was pretty obvious by even just looking at the security info on chrome/firefox that the certificate used was a root signed by the company itself. I used to shout at the top of my lungs to my friends, that hey, _this_ is how your information is vulnerable to the corporate overlords, but I guess they weren't as paranoid as I.

The first thing I checked when moving to my next employer was if they were intercepting SSL traffic like this. (They weren't - they used Falcon)

[tjoff]

Doesn't change anything, consent and whether you own the device is everything.

The comparison with VPNs doesn't hold either, because for all their faults VPNs do not decrypt traffic going through them.

[Terr_]

> does agreeing to ToS mean you also agree to being spied on in a way that protects them?

This relates to a much bigger problem of courts upholding contracts even when nobody actually believes they represent an informed and voluntary agreement.

We aren't quite at the Looney-Tunes step of enforcing extra clauses that were hidden in invisibly small print, but things are drifting in that direction.

See also: https://www.law.cornell.edu/wex/adhesion_contract_(contract_...

[_heimdall]

It isn't because they have the money, it's because they have given the government access to whatever data they want. When it comes to three letter agencies it really isn't about money, it's about power and in today's digital world data is power.

To answer your specific question, this isn't okay. Both the government and large corporations have been given way too much power and we really have no hope of making any meaningful change until the people reclaim this power and put those in charge out on their ass.