Facebook secretly looked at user data to help better understand how users behave on competitor sites, according to documents released by a federal court in California. The documents, unsealed on Tuesday as part of an ongoing class action lawsuit between Meta and consumers, show that Facebook pursued a secret project to analyze the traffic and analytics of its rivals, first focusing on Snapchat, and later Amazon and YouTube.
The documents, submitted by lawyer Brian J. Dunne for U.S. District Judge James Donato in May 2023, are part of the lawsuit filed with the U.S. District Court for the Northern District of California in 2020, which alleges that Facebook engaged in anticompetitive behavior and used deceptive practices to acquire user data.
In the documents, the tech giant is shown to have worked to get around encrypted data, launching "Project Ghostbusters" — a reference to Snapchat's cartoonish ghost logo. The project was a part of the company's In-App Action Panel (IAPP), a program run between 2016 and 2019 "at [CEO Mark] Zuckerberg's direct request". Project Ghostbusters is described by Dunne to have used "incredibly aggressive technological measures — including intercepting and decrypting SSL-protected traffic" on Snapchat, applying this later to Amazon and YouTube.
A Meta spokesperson responded with a statement to Mashable, saying, "There is nothing new here - this issue was reported on years ago. The plaintiffs’ claims are baseless and completely irrelevant to the case."
Court documents in the case notably include internal emails between Zuckerberg and Meta employees. In an email from June 9, 2016, Zuckerberg wrote:
"Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them.
"Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this."
The solution to Zuckerberg's request came from Onavo, a controversial VPN service acquired by Facebook in 2013, which shut down six years later after it was found that Facebook secretly paid teenagers to use the service in order to access their web activity. In the case of Project Ghostbusters, the Onavo team proposed technology to intercept traffic for specific subdomains, that could be installed on both iOS and Android. These "kits" allowed Facebook to intercept encrypted data.
"We now have the capability to measure detailed in-app activity," reads an email from the head of the Onavo IAAP team, described in the documents as a "note and deck to Mark". Some members of the Facebook team, however, expressed concern about what was going on. Pedro Canahuati, the head of security engineering at the time, wrote in an email: "I can’t think of a good argument for why this is okay. No security person is ever comfortable with this, no matter what consent we get from the general public. The general public just doesn’t know how this stuff works."
The new documents uncover more of how Facebook uses — and abuses — user data. Back in 2018, internal documents released by UK lawmakers also shed light on Facebook snooping on its competitors, including Snapchat (which the company failed to acquire) and WhatsApp (a part of the Meta family since 2014). The data, also collected by Onavo, examined Facebook's reach in comparison to rising social platforms.