Meta Has 'Project Ghostbusters' To Spy On Users Of Competitors: Man-In-The-Middle Attack

Facebook - Snapchat - Ghostbusters

Social media business is harsh, especially when it comes to the competition because rivalries in the business is tense.

This happens because all social media platforms offer the same thing: the ability to communicate between users through posts that can be engaged by the community. In 2016, Facebook was far from becoming the all-powerful Meta, and that it was only a 12-years-old social media.

Despite its relative young age, Facebook the company has already acquired both Instagram and WhatsApp.

It was already a giant.

But at the time, Mark Zuckerberg's company was having a hard time competing with one particular platform: Snapchat.

This time, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.

In the documents, it's revealed that Facebook had a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers.

It all started with Onavo.


Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo.

The project was part of the company’s In-App Action Panel (IAPP) program, and was initially used for "intercepting and decrypting" encrypted app traffic from users of Snapchat.

The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents.

The document, which includes internal Facebook emails discussing the project, explains that the method was needed because Snapchat encrypted its users' data.

"Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them," wrote CEO Mark Zuckerberg in an email dated June 9, 2016, which was published as part of the lawsuit.

In an email to three of his employees, Zuckerberg wrote:

"Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this."

Zuckerberg and his team tried to gain a competitive advantage Snapchat, by analyzing the network traffic of how its users were interacting the Snapchat app.

Initially, Facebook’s engineers used Onavo, a VPN-like service that Facebook acquired in 2013.

In 2019, Facebook shut down Onavo after it was found that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

Using the app that can be installed on mobile phones, the app can be used to intercept traffic for specific subdomains, "allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage," read an email from July 2016.

"This is a ‘man-in-the-middle’ approach."

Also called the "adversary-in-the-middle," it's referred to a method where an adversary intercepts internet traffic flowing from one device to another over a network.

This method is effective when spying on a network traffic that is unencrypted.

This method can allow hackers to read the data inside, such as usernames, passwords, and other in-app activity.

But given that Snapchat encrypted the traffic between the app and its servers, this network analysis technique was not that effective.

This is why Facebook engineers proposed using Onavo, but as a VPN.

When activated, a VPN has the ability to read a device’s network traffic, before it got encrypted and sent over the internet.

"We now have the capability to measure detailed in-app activity” from "parsing snapchat [sic] analytics collected from incentivized participants in Onavo’s research program," read another email.

Read: Facebook, Instagram Vs. Snapchat: Copying To Eliminate The Threats

Mark Zuckerberg in 2016
Mark Zuckerberg in 2016.

And because this project was a success, Facebook, and later Meta, also uses this approach to spy on users of other platforms, like YouTube and Amazon.

The social giant has to resort to this man-in-the-middle approach, just to get past these apps' encryption.

Meta had to resource to develop special technology to get around it.

While the project was a success, some people at company were still questioning the righteousness or this project.

There wasn’t a consensus on whether Project Ghostbusters was a good idea.

Some employees, including Jay Parikh, Facebook’s then-head of infrastructure engineering, and Pedro Canahuati, the then-head of security engineering, expressed their concerns.

"I can’t think of a good argument for why this is okay. No security person is ever comfortable with this, no matter what consent we get from the general public. The general public just doesn’t know how this stuff works," Canahuati wrote in an email, included in the court documents.

In 2020, Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook, claiming that the company lied about its data collection activities and exploited the data it "deceptively extracted" from users to identify competitors and then unfairly fight against these new companies.