undefined | Better HN

0 pointsitopaloglu831y ago0 comments

Two issues. 1) Did Snapchat consented to this? And 2) did the users know what they were consenting to?

Saying we’re going to do “ traffic monitoring” doesn’t carry the weight of “we are going to listen to your private conversations”.

0 comments

UncleMeat1y ago

Why would Snapchat need to consent? It's my traffic.

I'd wager that most participants don't know the full details of the program, but "company pays you for your usage information" is a very old thing. You could (maybe you still can) get paid to install a box on your TV that recorded all of your viewing statistics to be used for market research.

To me, the biggest concern is that this is only really viable because Facebook had nontrivial market penetration of a more-or-less unrelated product to their main offering. This isn't something that Snapchat could have easily done to get market research on Facebook usage, for example. This feels (to me) more like an anticompetition concern rather than a privacy concern.

itopaloglu83OP1y ago

Here’s how I see it. This is akin to opening your USPS mail and reading your correspondence with a friend. When instead they could’ve checked who the mails were addressed.

If Facebook wanted to learn the protocol Snapchat uses, they only needed a single test device. If they only needed to learn usage patterns, they could’ve checked where the traffic is sent to or app usage time etc.

Installing a root certificate is very intrusive and they behavior shows that if they are ever given the opportunity to be become a root certificate authority, they are likely to issue malicious certificates. As far as I know, no website can pin their certificates, so this takes us back to pre-HTTPS days where ISPs and network operators had a lot of fun reading user traffic.

ddol1y ago

That box on your TV would have been a Nielsen box which sat on your TV and was connected to your landline. It didn’t collect anything automatically: every time you turned the TV on you were contractually obligated to press a button every 20 minutes to have the box call Nielsen and log a datapoint.

Those boxes have been phased out in favour of “Personal People Meters”[0], which are basically a pager with a SIM card that you wear which has a microphone listening 24/7 for TV broadcasts. You must keep it on you, listening at all times.

Nielsen will pay you $250/year (less than a dollar a day) for the data you provide.

[0] https://en.wikipedia.org/wiki/Portable_People_Meter

_joel1y ago

Had them here in the UK, used to get a free TV license for the inconvenience. My mate always pressed the same button despite what channel we were watching though, so there is that...

1 more reply

figassis1y ago

They would because the communications involve 2 parties. Your consent to someone snooping on my calls with you should not be enough, because for example, you still need my consent to record calls I have with you.

Now, Meta decides to MITM the communications that I intentionally encrypted so that it can gain a competitive advantage…well, remember when meta kicked out researchers what had obtained consent from users to perform research on its platform? That was not even illegal. This is.

ndriscoll1y ago

At least in the US, most states are single party consent.

The whole thing's a mess, but it's funny to me that people would get indignant over a user letting another party intercept analytics data. "Hey, that's my data from spyware! Get your own!" As if their "consent" to collect the data in the first place were any less flimsy than Facebook's.

j / k navigate · click thread line to collapse