Now Facebook gets into a privacy mess over its Onavo VPN app

Guy Daniels
By Guy Daniels

Aug 23, 2018

© Flickr/cc-licence/Avaaz

© Flickr/cc-licence/Avaaz

  • Facebook’s anus horribiliscontinues
  • Its VPN app is found guilty of harvesting too much user data
  • Apple pulls the app from its store over policy violations
  • Facebook uses the data for advertising profiles and competitor tracking

Goodbye Onavo, we just didn’t get a chance to know each other well – although you and your Facebook creators probably know us far, far better than we could possibly imagine. And you thought you could suck up all our app usage activity and then use this priceless and personal data to build advertising profiles of us? All the while masquerading as a free VPN that promised to "keep you and your data safe”. Have you not seen any news this year? Do you not realise that the entire world is appalled by such insidious behaviour?

We love Facebook’s networking prowess and its ability to build out data centres and infrastructure at scale and at the lowest cost – it’s something that telcos are eager to learn from and try and use themselves – but we are not so in love with the company’s social media slash advertising platform slash spyware.

Case in point is Onavo Protect. Facebook acquired the company behind the app in 2013 for a rumoured $150 million. Onavo started life as an Israeli mobile analytics company based in Tel Aviv. The Wall Street Journal broke the news that Facebook has removed the VPN app from the App Store after Apple concluded that it violated its data collection policies. It is suggested that the app exceeded its remit in terms of data collection, and was collecting far more information than was good for it. Apparently, Apple met with Facebook and, in a rather pleasant, old school fashion, gently suggested that Facebook remove the app voluntarily, which it subsequently did.

We, the mass hordes of meek and compliant users, are turning to VPNs in an effort to try and improve the safety of our data and prevent malicious tracking and profiling of ourselves and our online activity. We are suddenly blindly trusting the claims of VPNs (of which there are now huge numbers) and their developers that they are the champions of data privacy. Onavo Protect promised to “keep you and your data safe when you browse and share information on the web.” I’m sure many of them do so, and have honourable intentions.

Unfortunately, that was not the case with Onavo, which used its VPN service to track user activity across other third-party and unconnected apps – all to feed back into the great profiling and marketing engine that is Facebook. You see, these VPNs reroute traffic through their own servers, which is where every single user interaction can be logged. You then scale this up and aggregate data and you can create pretty accurate pictures of app usage. According to reports, earlier this year Onavo had an installed base of more than 33 million mobile devices. That’s a lot of data.

Yet before we all go bashing Facebook (again), we should take a good hard look at ourselves. Facebook was open about its data collection practises in the online description of the Onavo app, so we all had the means to read this and decide for ourselves if we thought it fair and acceptable. 33 million obviously did. 

The Wall Street Journal reported last August – a year ago – that Facebook was using data from the Onavo VPN app to track the popularity of competitive start-ups. But still we did nothing. The only reason the app was removed was because Apple changed its data policies since it was first approved for the App Store. What does that say about us, the users? That we don’t read the small print, or the implications are too difficult to understand, or that we just aren’t bothered? We sometimes get exactly what we deserve.

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.