Facebook is Pushing Its Data-tracking Onavo VPN Within Its Main Mobile App (techcrunch.com)

← Back to Stories (view on slashdot.org)

Facebook is Pushing Its Data-tracking Onavo VPN Within Its Main Mobile App (techcrunch.com)

Posted by msmash on Tuesday February 13, 2018 @09:30AM from the creepier-by-the-day dept.

TechCrunch reports: Onavo Protect, the VPN client from the data-security app maker acquired by Facebook back in 2013, has now popped up in the Facebook app itself, under the banner "Protect" in the navigation menu. Clicking through on "Protect" will redirect Facebook users to the "Onavo Protect -- VPN Security" app's listing on the App Store. We're currently seeing this option on iOS only, which may indicate it's more of a test than a full rollout here in the U.S. Marketing Onavo within Facebook itself could lead to a boost in users for the VPN app, which promises to warn users of malicious websites and keep information secure as you browse. But Facebook didn't buy Onavo for its security protections. Instead, Onavo's VPN allow Facebook to monitor user activity across apps, giving Facebook a big advantage in terms of spotting new trends across the larger mobile ecosystem. For example, Facebook gets an early heads up about apps that are becoming breakout hits; it can tell which are seeing slowing user growth; it sees which apps' new features appear to be resonating with their users, and much more. Further reading: Do Not, I Repeat, Do Not Download Onavo, Facebook's Vampiric VPN Service (Gizmodo).

40 comments

Min score:

Reason:

Sort:

VPN all the things by Anonymous Coward · 2018-02-13 09:37 · Score: 0

maybe with a side helping if blockchain and AI
A VPN owned by Facebook... by Bobrick · 2018-02-13 09:37 · Score: 5, Insightful

In other news, the NSA will now be offering software to keep your data hidden from the NSA.
1. Re:A VPN owned by Facebook... by PolygamousRanchKid+ · 2018-02-13 11:09 · Score: 1
  
  Yes, it is definitely a better move to wait for Oprah Winfrey's VPN service.
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
2. Re:A VPN owned by Facebook... by AHuxley · 2018-02-13 11:19 · Score: 1
  
  Securing PRISM v 2.0 with better encryption all the way from the user to the NSA.
  
  --
  Domestic spying is now "Benign Information Gathering"
Finally! by Anonymous Coward · 2018-02-13 09:38 · Score: 2, Funny

As a non-user of Facebook, I felt left out of the privacy invasion party. Now I can be like all the cool kids and have my most intimate personal information hoarded by a corporation!
Don't trust Facebook by Anonymous Coward · 2018-02-13 09:38 · Score: 1

I wouldn't trust Facebook with anything. We will keep you secure from others but not from ourselves.
1. Re:Don't trust Facebook by Anonymous Coward · 2018-02-13 09:50 · Score: 5, Funny
  
  Lighten up, Mark.
2. Re:Don't trust Facebook by uCallHimDrJ0NES · 2018-02-13 09:57 · Score: 3, Insightful
  
  Take your cynical attitude and ram it straight up your stinkhole. I for one am willing to give it a try, who knows, it may be better than nothing at all. We don't need your anti-social rants here, please die in a fire.
  You are calling anti-Facebook sentiments "anti-social"? Do you know what anti-social means? It means you. I didn't see the guy you are rebutting telling anyone to die, much less in a fire. Look up anti-social in a dictionary before you type more.
  
  --
  Cloudiot: A person who does not see offsite storage as a way to lose control over access to his or her own data.
3. Re:Don't trust Facebook by Anonymous Coward · 2018-02-13 10:28 · Score: 0
  
  Take your cynical attitude and ram it straight up your stinkhole. I for one am willing to give it a try, who knows, it may be better than nothing at all. We don't need your anti-social rants here, please die in a fire.
  Lighten up, Mark.
  I see what you did there.
4. Re:Don't trust Facebook by Anonymous Coward · 2018-02-13 22:59 · Score: 0
  
  Christ, you're an asshole.
b-but net neutrality?! by Anonymous Coward · 2018-02-13 09:49 · Score: 0

If you just use this helpful VPN Facebook has provided you can dodge the evil net caps and packet sniffing that comcast will impose on you.
Surf the web freely and safely with Facebook!
And remember... we care!
Secure VPN! by viperidaenz · 2018-02-13 09:51 · Score: 3, Insightful

Facebook wants to make sure your information stays secure, by redirecting all traffic from your mobile device through their servers to be analysed.
Google dns by Anonymous Coward · 2018-02-13 09:59 · Score: 0

Next thing you know google will be offering DNS, or even become an ISP, or if they really have some brass hold peoples e-mail and documents.
1. Re:Google dns by Anonymous Coward · 2018-02-13 10:08 · Score: 0
  
  How about a cloud storage provider? Since they have backups of everything, people storing stuff there would just mean easy deduplication on their side.
2. Re: Google dns by johnsnails · 2018-02-13 10:30 · Score: 1
  
  How about AMP for email. https://m.slashdot.org/story/3...
3. Re:Google dns by Anonymous Coward · 2018-02-13 13:36 · Score: 0
  
  Next thing you know google will be offering DNS
  8.8.8.8
  8.8.4.4
  Google has been offering DNS for over a decade now.
4. Re:Google dns by Anonymous Coward · 2018-02-13 13:39 · Score: 0
  
  Woosh!
What does a vpn provide over https by goombah99 · 2018-02-13 10:07 · Score: 1

Does a vpn provide much security over https?
Perhaps a vpn also shields the dns lookup from scrutiny. But in this case Facebook is pilfering your vpn lookups too, so thatâ(TM)s moot as a distinction.
Whatâ(TM)s the benefit of vpn in the age of https everywhere

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:What does a vpn provide over https by Anonymous Coward · 2018-02-13 10:11 · Score: 3, Interesting
  
  It allows Facebook to track ALL of your traffic, not just Facebook traffic. I'm guessing this VPN also installs a CA Certificate that allows them to MITM all of your traffic.
2. Re:What does a vpn provide over https by CodeHog · 2018-02-13 10:16 · Score: 3, Interesting
  
  It depends on the vpn. I suspect in this case the answer is no, not really any better than https. If you want 'secure' vpn look for ones that log nothing. And use HTTPS and don't use their DNS. https://www.pcmag.com/article2...
  
  --
  Fat, drunk, and stupid is no way to go through life, son.
3. Re:What does a vpn provide over https by gnick · 2018-02-13 10:24 · Score: 2
  
  Whatâ(TM)s the benefit of vpn in the age of https everywhere
  It keeps my ISP off my back when I download Game of Thrones.
  
  --
  He's getting rather old, but he's a good mouse.
4. Re:What does a vpn provide over https by Anonymous Coward · 2018-02-13 12:37 · Score: 1
  
  It depends on the vpn. I suspect in this case the answer is no, not really any better than https. If you want 'secure' vpn look for ones that log nothing. And use HTTPS and don't use their DNS. https://www.pcmag.com/article2...
  
  I'll save readers a quick Google check and say ExpressVPN, PIA, and Nord are all VPN services that keep ZERO logs.
5. Re:What does a vpn provide over https by green1 · 2018-02-13 14:30 · Score: 0
  
  That CLAIM to keep zero logs, how can you be sure? It certainly wouldn't be the first time a VPN that claimed not to log things was later found to log lots of things.
6. Re: What does a vpn provide over https by Anonymous Coward · 2018-02-13 15:43 · Score: 0
  
  https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/
  https://www.comparitech.com/blog/vpn-privacy/expressvpn-server-seized-in-turkey-verifyies-no-logs-claim/
What fresh hell is this? by Pyramid · 2018-02-13 10:13 · Score: 4, Informative

You'd have to be absolutely mental to VPN all your traffic through Facebook's servers. They have direct access to all your traffic as it leaves their VPN concentrator. Their wet dream.
People really need to educate themselves about how VPNs work, what they are and aren't good for.
Secure, encrypted traffic between two endpoints? GOOD!
Secure, encrypted traffic between yourself and an actor with unknown motives who by default has to decrypt it before sending it on it's way to the Internet? DOUBLE PLUS UNGOOD!

--
~Any apparent grammatical or typographic errors are caused by defects in your display device.
1. Re:What fresh hell is this? by sexconker · 2018-02-13 10:30 · Score: 2
  
  No, it's just ungood, not double plus ungood.
  HTTPS within the VPN tunnel will still prevent the VPN operator from reading your traffic. They'll see where you're going and when, of course, but not what you're doing.
2. Re:What fresh hell is this? by Anonymous Coward · 2018-02-13 13:35 · Score: 0
  
  I'm sure they'll still be able to see that you enjoy watching middle aged Chinese midget circus performers genre of porn... Such exacting and refined tastes!
3. Re:What fresh hell is this? by green1 · 2018-02-13 14:34 · Score: 1, Informative
  
  And remember, unless the endpoint of the VPN is your own, it's ALWAYS an actor with unknown motives. I don't see why you'd trust any of the "VPN Providers" out there. You have no idea what they are doing with your information, and no line on their website about not logging means a thing as several have already been shown to be lying through their teeth about it.
4. Re:What fresh hell is this? by Anonymous Coward · 2018-02-14 00:28 · Score: 0
  
  You'd have to be absolutely mental to VPN all your traffic through Facebook's servers.
  Facebooks target audioence is absolutely mental. So that fits just fine.
5. Re:What fresh hell is this? by Pyramid · 2018-02-14 02:47 · Score: 1
  
  Yes, of course they won't be able to peer into HTTPS/TLS data streams, but they'll get *everything else*. All non-encrypted traffic, all DNS lookups, all app traffic, etc.
  It's still a goldmine for them. And should be a resounding, "HELL NO" for the consumer.
  
  --
  ~Any apparent grammatical or typographic errors are caused by defects in your display device.
I am shocked by Cajun+Hell · 2018-02-13 10:14 · Score: 2

I am shocked, shocked that a megacorp (not to mention that it just happens to be one that was already primarily known for being a piece-of-shit) offers a trojan horse VPN service.
Who could have predicted that Facebook would want to spy on people?! No, I wouldn't have guessed it to be untrustworthy, and you wouldn't have guessed either! Now if you'll excuse me, I'll go back to using something safe: my Google VPN (unless someone tells me that the FBI's VPN service is better).

--
"Believe me!" -- Donald Trump
1. Re:I am shocked by Anonymous Coward · 2018-02-14 03:57 · Score: 0
  
  I use my own VPN. Not for preventing tracking, but to ensure that all of the tracking points back to the same place. (I.e. I have strongswan set up on a box at home, along with a DDNS service.)
  Sure, it's still leaking some data I'm sure, but it does prevent them from being able to easily scrape metadata to find what they want. (Packets seem to come from my home, not where I'm at currently.) Which means unless they are the target server, they can get very little from each connection.
  (Also, yes, I use it to bypass a filter or two. :) )
Better than no VPN? by ctilsie242 · 2018-02-13 10:20 · Score: 4, Informative

I don't know what would be worse. No VPN, or a "free" VPN from a place doing heavy package analyzing. On one hand, I've seen Wi-Fi machinations, be it HTTP intercepts, attempts to get the device to accept an untrusted key as a trusted root CA, and other stuff, so any VPN would be useful to deter that. On the other hand, FB isn't someone whom I would trust to be a privacy provider.
Personally, I'll stick with with my Digital Ocean droplet for my VPN needs. There are fewer parties that can have access to snarfing my network logs... just the DO admins and me.
Protect the ads by AHuxley · 2018-02-13 11:18 · Score: 1

All the way from social media brand to the user, back from the user to social media brand.
A nice secure pathway from the approved ads.
A VPN by an ad company for "free"....

--
Domestic spying is now "Benign Information Gathering"
Roll Your Own by DaMattster · 2018-02-13 13:09 · Score: 1

If you're that concerned about privacy and security, you can spin up a BSD or Linux VM, install OpenVPN, and go to town. It will only really be beneficial if you're using insecure public hotspots, because at some point, your data has to exit the VPN and go out to the internet at large.
1. Re:Roll Your Own by green1 · 2018-02-13 14:41 · Score: 4, Insightful
  
  The question really becomes, which do you distrust more, your local ISP, or the ISP of the location you're hosting your VPN. If you trust neither, then there's no point bothering.
  VPN is useful for 2 things:
  1) creating a secure link between 2 separate locations over the public internet where you can't afford dedicated transport (e.g. My home, and my office)
  2) shifting your traffic from an ISP that's a known bad actor, to one that's only a suspected bad actor (because be honest, are there really any ISPs that are "known good"?)
  Number 2 is still relevant for many people, but VPNs are far too commonly used by people who don't understand the technology to try to simply make everything safe, when all it really does in most cases is add complication, cost, and latency.
Remember... by Pyramid · 2018-02-14 02:59 · Score: 1

Remember, if the service is free, YOU are the product.

--
~Any apparent grammatical or typographic errors are caused by defects in your display device.
Facebook is as trustworty as Windows 10 and Roomba by Anonymous Coward · 2018-02-14 04:01 · Score: 0

and Samsung TVs and Onkyo Stereos (All with horrifying privacy policies).
F that.
Just use a (protected) browser by UnixUnix · 2018-02-14 04:30 · Score: 1

Dedicated apps for Facebook or other popular sites have more cons than pros [both puns intended]