In 2016, Facebook initiated a top-secret project called “Project Ghostbusters” to intercept and decrypt the network traffic between Snapchat users and its servers. The ultimate goal was to gain valuable insights into user behavior and to surpass Snapchat as a competitor.
Recently, new documents were unsealed as part of a class-action lawsuit between consumers and Meta, Facebook’s parent company. These documents reveal how Facebook attempted to gain a competitive advantage over its rivals, including Snapchat, Amazon, and YouTube, by analyzing the network traffic of how its users were interacting with these apps. Facebook developed specialized technology to bypass the encryption used by these apps, demonstrating their technological prowess.
One of the documents provides a detailed account of Facebook’s Project Ghostbusters, which was a part of its In-App Action Panel (IAPP) program. It used sophisticated techniques to intercept and decrypt encrypted app traffic from Snapchat, as well as later from users of Amazon and YouTube. The document also includes internal Facebook emails discussing the project, which demonstrate the company’s determination to succeed.
According to techcrunch.com:
“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”
In 2013, Facebook acquired Onavo, a service similar to a VPN, which its engineers later utilized to intercept and read all network traffic on the device before encryption and transmission over the internet. This project, known as Project Ghostbusters, aimed to analyze detailed in-app activity by parsing Snapchat analytics, but it proved ineffective due to Snapchat’s encryption of traffic between its app and servers.
The Onavo team proposed a resolution within a month, designing kits to be installed on iOS and Android platforms, capable of intercepting traffic for specific subdomains. Referred to as a “man-in-the-middle” method, this approach allowed Facebook to access data such as usernames, passwords, and other in-app activities from unencrypted network traffic.
Facebook later expanded this program to encompass Amazon and YouTube, according to court documents. However, opinions within Facebook regarding Project Ghostbusters varied. Some employees, including Jay Parikh, Facebook’s former head of infrastructure engineering, and Pedro Canahuati, the former head of security engineering, voiced concerns.
Canahuati’s email expressed discomfort with the project, stating that no security person is ever comfortable with this, no matter what consent is obtained from the general public, who may not understand how this technology works.
In 2019, Facebook discontinued Onavo following a TechCrunch investigation that exposed the company’s clandestine practice of compensating teenagers to use Onavo, thereby granting Facebook access to their entire web browsing activities. In 2020, Facebook faced a class-action lawsuit alleging that the company deceived users about its data collection practices and exploited the extracted data to identify competitors and unfairly compete against them.
When approached for comment, an Amazon spokesperson declined, while Google, Meta, and Snap did not respond to requests for comment.
