Facebook's Onavo Takes Spyware to a Whole New Level
Facebook and privacy really don't go hand in hand together, and given its long, contentious storied history of breaching users' trust time and again, you would think the company would get its act together, ensuring some sort of transparency about its far-ranging data collection practices. But nope! The social network apparently thought it was cool to incorporate an App Store link to Onavo Protect VPN, a service it acquired in 2013, in its own flagship iOS app under a menu item called Protect. (Note: Facebook's Android app has had this so called "feature" for over a year.)
Since then the iOS version of the VPN app has been picked apart, revealing it to be nothing more than spyware, collecting all website traffic in order to "improve Facebook products and services, gain insights into the products and services people value, and build better experiences." But a new analysis by security researcher Will Strafach reveals that the VPN is a lot more nefarious than previous thought, amassing extensive details like when the mobile device screen is on/off, "cellular carrier name, mobile network code, mobile country code, locale/language, iOS version and Onavo app version," raising troubling questions about how Facebook plans to use this information for purposes of user tracking.
From Gizmodo, "VPNs work by forcing your laptop or mobile device to establish a connection to a third-party server before then connecting you to any websites or online services. Using an encrypted tunnel, a VPN can prevent your broadband or wireless provider (AT&T, Comcast, et al) from keeping track of the websites you visit. What's more, a VPN service can mask your own IP address from those websites, helping you to traverse the net without surrendering locational data. VPNs also help users in authoritarian countries bypass censors by convincing websites their country of origin is, for example, the US or Switzerland, the latter of which has some of the world's strictest privacy laws."
But Facebook's (and Onavo's) primary interest isn't user privacy and security, as reported last year by The Wall Street Journal (paywall), but rather about finding more ways to track users and gather deeper insights into how they are dividing their time on mobile phones and figuring out which apps demand their attention apart from Facebook, Instagram and WhatsApp. So, no, don't ever install this app — doing so isn't just falling prey to Facebook's vampiric data sucking machine, but also defeats the very purpose of attaining anonymity on the web.
Since then the iOS version of the VPN app has been picked apart, revealing it to be nothing more than spyware, collecting all website traffic in order to "improve Facebook products and services, gain insights into the products and services people value, and build better experiences." But a new analysis by security researcher Will Strafach reveals that the VPN is a lot more nefarious than previous thought, amassing extensive details like when the mobile device screen is on/off, "cellular carrier name, mobile network code, mobile country code, locale/language, iOS version and Onavo app version," raising troubling questions about how Facebook plans to use this information for purposes of user tracking.
From Gizmodo, "VPNs work by forcing your laptop or mobile device to establish a connection to a third-party server before then connecting you to any websites or online services. Using an encrypted tunnel, a VPN can prevent your broadband or wireless provider (AT&T, Comcast, et al) from keeping track of the websites you visit. What's more, a VPN service can mask your own IP address from those websites, helping you to traverse the net without surrendering locational data. VPNs also help users in authoritarian countries bypass censors by convincing websites their country of origin is, for example, the US or Switzerland, the latter of which has some of the world's strictest privacy laws."
But Facebook's (and Onavo's) primary interest isn't user privacy and security, as reported last year by The Wall Street Journal (paywall), but rather about finding more ways to track users and gather deeper insights into how they are dividing their time on mobile phones and figuring out which apps demand their attention apart from Facebook, Instagram and WhatsApp. So, no, don't ever install this app — doing so isn't just falling prey to Facebook's vampiric data sucking machine, but also defeats the very purpose of attaining anonymity on the web.
Comments
Post a Comment