Facebook's VPN Service Onavo Protect Collects Personal Data -- Even When It's Switched Off

Security researcher Will Strafach took a look at Onavo Protect, a newly released VPN service from Facebook: I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook (graph.facebook.com) as the user goes about their day:
When user's mobile device screen is turned on and turned off.
Total daily Wi-Fi data usage in bytes (Even when VPN is turned off).
Total daily cellular data usage in bytes (Even when VPN is turned off).
Periodic beacon containing an "uptime" to indicate how long the VPN has been connected.

Is this supposed to be a joke?

[DontBeAMoran]

VPN from Facebook? Of course they're going to collect data!

I'd go as far as calling it a VFN instead, there's probably nothing private about it.

Re: Clueless

[Maelwryth]

Even with 100% open source people wouldn't read it all. People don't even read privacy policies or EULA's. What we need is either ethics in business or laws to deal with it. I prefer laws.