Slashdot Mirror
Facebook Pays Teens To Install VPN That Spies On Them (techcrunch.com)
A new report from TechCrunch details how "desperate" Facebook is for data on its competitors. The social media company "has been secretly paying people to install a 'Facebook Research' VPN that lets the company suck in all of a user's phone and web activity," a TechCrunch investigation confirms. "Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity." From the report: Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android "Facebook Research" app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook's involvement, and is referred to in some documentation as "Project Atlas" a fitting name for Facebook's effort to map new trends and rivals around the globe.
We asked Guardian Mobile Firewall's security expert Will Strafach to dig into the Facebook Research app, and he told us that "If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps -- including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed." It's unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user's device once they install the app.
We asked Guardian Mobile Firewall's security expert Will Strafach to dig into the Facebook Research app, and he told us that "If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps -- including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed." It's unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user's device once they install the app.
If you encourage someone to commit a crime and help them along the way, you are an accessory to that crime. How is paying teenagers to silently send over private communications without broadcasting that fact not a violation of existing privacy laws?
If you're fucking stupid enough to agree to this then you deserve to have your data dissected.
Idjits.
...where the johns are corporations and naïve/desperate teens (and others) are exploited as usual.
I’m especially astounded at the installation of a root certificate. This allows Facebook “researchers” to mount man-in-the-middle attacks on any of their “secure” transactions. It’s hard to believe that their suppliers/victims truly understood the implications when they signed up for it. I’m also wondering about the legality of such paid surveillance with minors (assuming they can legally consent to that).
Ah, I had missed the paragraph that says that Facebook obtained parental consent for minors. (apologies)
However, I find Facebook’s assertion “There are no known risks associated with the project” rather... interesting.
I only learned this adage just recently (don't know where it came from) but I haven't ever seen a more clear example:
If the product is free then you are the product.
In this case since the cost is negative, so it seems the saying has to be extended somehow.
And its infection continues to metastasize each day.
How's that working for ya?
They put beacons and magic pixels everywhere, their affiliates are snarfing data on thousands of unrelated sites, and they build profiles of you based on what others post without your input already. This VPN is almost redundant.
I guess the interesting highlight would be they are literally PAYING people to fuck their privacy over rather than just incentivizing it with bullshit as before. STOP USING ANYTHING FB OR BE SHAMED.
While I'm obviously preaching to the choir here, why do you think everyone and their brother wants you to use their " app " instead of a simple webpage ?
They like to pretend it's for your " convenience ". Remember this story the next time you decide to download that " free " app.
For those who have yet to understand this: Nothing is free. Everything comes with a price.
Sometimes, it just isn't quite so obvious what that price is.
they would and people would insert it gladly. Fortunately they haven't... yet.
Some drink at the fountain of knowledge. Others just gargle.
because only American companies can spy and it's totally okay. When non-US companies outcompeting US companies, you get BS accusations that's neither here or there.
They've deliberately abused the application testing program in order to harvest user data that they couldn't get by getting that application deployed through the App Store. If almost any other company did that I bet Apple would kick them off the App Store and make an announcement about how they are protecting your privacy. But since it's Facebook and they provide so much money to Apple I figure that the project will be closed but Facebook will just start a new one.
install it on a phone I never use and has no other apps,,, Profit from Facebook
People are being paid to allow Facebook to mine their personal data. The people know that Facebook is doing this. It's their choice to give up their privacy. There is a business relationship here not an adversarial intelligence gathering operation.
They look at their connection graph and find people on the edges of the empty space which they have not yet mined, and install higher strength collectors. That's why you and I never ever belonged to FB but FB still has most of our information anyway 'cause cousin Skippy sold us out for a few bucks.
using google as your DNS also provides all your surfing habits and a lot of other stuff to google. They could if they wanted to reroute all your content through google with the power of DNS they just haven't as far as I know.
Some drink at the fountain of knowledge. Others just gargle.
Seriously, how much more of this shit are people going to put up with before they demand that Facebook be burned to the ground?
I've always wondered about the wisdom of people paying for access to VPNs to hide their nefarious activities (mostly downloading GOT). Have these people not heard of man in the middle attacks? By using any VPN aren't you introducing a man in the middle? If you were running a VPN would you not be logging all the activity and thinking of ways of monetising it or gaining other insights?
How's that working for ya?
Stupid people cannot be saved from themselves. Having the government try to save them anyway just makes things even worse.
In America, the home of corporatism, where big companies pay for laws to be passed? Did you forget where you live?
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Would you rather govt had access to this data? Worst facebook can do is show you targetted ads, or ban you from using their service. Worst a govt can do is jail you, ship you off to Guantanamo, SWAT you, confiscate your property, and go after your loved ones too. And I'm probably still not being creative enough.
The right way to do it is the way the government does it: 5 years of mandatory minimum sentence and $10.000 in penalties if the teens don't use the facebook VPN.
That might make them sit up and take notice.
Teenagers being teenagers, what are the odds that some non-zero number of them have installed the app, forgotten about it, and then either sent or received messages / images that would be considered child porn? My impression is that Facebook could get in serious trouble over something like that, and it's not a decision that only a few people at Apple or the Justice Department get to make in isolation. One ambitious prosecutor sees the opportunity of a lifetime for free publicity taking on an unpopular Goliath, and they're in for a world of hurt...
It's not a one or the other situation. If anything, Facebook collecting this information makes it easier for the government to have access to this data. Here's the breakdown:
It's illegal for the government to obtain your information directly through surveillance.
It's completely legal for Facebook to obtain your information directly through surveillance.
It's completely legal for the government to purchase your information from Facebook or any of their their affiliates, since they are technically not the ones conducting the surveillance, they're just buying the results from a third party.
By stripping power from the corporations to the point where they have to follow just as many regulations as the government, these "middleman" abuses would stop. This is the real reason why governments don't want to stop Facebook: Facebook is the best thing that's ever happened to the surveillance state. Privatized domestic surveillance, outsourced to corporations that have zero obligation to transparency, ready to sell its customers out to the governments that harbor them.
The governments are stupid for allowing this, though. All the dirtiest secrets of these politicians are now known by Facebook. The stage has already been set for the coup. We're all fucked. Rich, poor, powerful, nobody, doesn't matter, we gave up our information (at least enough of us who matter did) and we're all fucked. Mark my words, Zuckerberg WILL be President one of these days, and that will be a day where even Nixon's evils will pale in comparison.
Have one phone with your day to day activity. Another burner with your bullshit facebook spyware. Use the burner to browse a few sites and simulate some activity so you get your $20 but otherwise don't do anything that compromises your privacy.
if Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps
I am not sure this true, but It would not surprise me if some of the changes Google and Apple have made in recent years are a response to stuff like this. You essentially can't modify the Trust store on Android anymore unless you root the device. You can not for example install a private CA certificate on an android phone. Rig up the DNS server on your network with an A rec www.facebook.com 192.168.1.10 and put a server there with a www.facebook.com cert you have issues and go view in in chrome on that android phone without getting a cert warning... (you can do this on a rooted device though)
Similarly on an Apple device if the apps are using ATS, and certs are already pinned etc you will also have problems even if you install an in house CA.
Trust me I know this because i have to test a lot of mobile apps and this all makes it excruciatingly painful. Usually requiring either rooted devices or patching the applications just to get a look at the web services conversation they are using.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Sounds awfully predatory. If I did this as an individual, I'd be looking at jail time and probably joining a sex offender list at the same time....
huh? "the worst facebook can do" is not show you ads! the worst they can do is SELL YOUR DATA TO ANYBODY WHO PAYS FOR IT!
can you not imagine the negative consequences of such a policy? did i also mention that you can't vote on said policy...FB will continue to do it whether you like it or not?
at least with "the evil gubmint" you can vote for the people who will make your laws.
at first i was confused by, then i was mad at, and nowadays i simply fear...the people who have been taught to love mega corporations. name the last time any of those accountability-less profit-driven monsters provided a service that you actually NEEDED. like clean water, or safe medicine, or working stop lights, or firemen, or stable bridges?
(crickets chirping)...I'm waiting...
(tumbleweed rolls by)
I've got an old phone in a drawer doing nothing, when it could be earning me $20/mo!
huh? "the worst facebook can do" is not show you ads! the worst they can do is SELL YOUR DATA TO ANYBODY WHO PAYS FOR IT!
and then... then... yes! I know! THEY show you targetted ads? Yes, that's so much worse than shipping one off to Gitmo. I see the light now, thanks.