Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook is Pushing Its Data-tracking Onavo VPN Within Its Main Mobile App (techcrunch.com)

Posted by msmash on from the creepier-by-the-day dept.

TechCrunch reports: Onavo Protect, the VPN client from the data-security app maker acquired by Facebook back in 2013, has now popped up in the Facebook app itself, under the banner "Protect" in the navigation menu. Clicking through on "Protect" will redirect Facebook users to the "Onavo Protect -- VPN Security" app's listing on the App Store. We're currently seeing this option on iOS only, which may indicate it's more of a test than a full rollout here in the U.S. Marketing Onavo within Facebook itself could lead to a boost in users for the VPN app, which promises to warn users of malicious websites and keep information secure as you browse. But Facebook didn't buy Onavo for its security protections. Instead, Onavo's VPN allow Facebook to monitor user activity across apps, giving Facebook a big advantage in terms of spotting new trends across the larger mobile ecosystem. For example, Facebook gets an early heads up about apps that are becoming breakout hits; it can tell which are seeing slowing user growth; it sees which apps' new features appear to be resonating with their users, and much more. Further reading: Do Not, I Repeat, Do Not Download Onavo, Facebook's Vampiric VPN Service (Gizmodo).

3 of 40 comments (clear)

  1. What fresh hell is this? by Pyramid · · Score: 4, Informative

    You'd have to be absolutely mental to VPN all your traffic through Facebook's servers. They have direct access to all your traffic as it leaves their VPN concentrator. Their wet dream.

    People really need to educate themselves about how VPNs work, what they are and aren't good for.

    Secure, encrypted traffic between two endpoints? GOOD!
    Secure, encrypted traffic between yourself and an actor with unknown motives who by default has to decrypt it before sending it on it's way to the Internet? DOUBLE PLUS UNGOOD!

    --
    ~Any apparent grammatical or typographic errors are caused by defects in your display device.
    1. Re:What fresh hell is this? by green1 · · Score: 1, Informative

      And remember, unless the endpoint of the VPN is your own, it's ALWAYS an actor with unknown motives. I don't see why you'd trust any of the "VPN Providers" out there. You have no idea what they are doing with your information, and no line on their website about not logging means a thing as several have already been shown to be lying through their teeth about it.

  2. Better than no VPN? by ctilsie242 · · Score: 4, Informative

    I don't know what would be worse. No VPN, or a "free" VPN from a place doing heavy package analyzing. On one hand, I've seen Wi-Fi machinations, be it HTTP intercepts, attempts to get the device to accept an untrusted key as a trusted root CA, and other stuff, so any VPN would be useful to deter that. On the other hand, FB isn't someone whom I would trust to be a privacy provider.

    Personally, I'll stick with with my Digital Ocean droplet for my VPN needs. There are fewer parties that can have access to snarfing my network logs... just the DO admins and me.