Facebook's 'Privacy Protecting' VPN Booted From Apple Store For Snooping Too Much

from the ill-communication dept

Back in February we noted how Facebook had launched a new security tool the company promised would "help keep you and your data safe when you browse and share information on the web." The product was effectively just reconstituted version of the Onavo VPN the company acquired back in 2013. We also noted how some reports were quick to point out that instead of making Facebook users' data more private and secure, Facebook used the VPN to track users around the internet -- specifically what users were doing when they visited other platforms and services.

From a report in the Wall Street Journal just about a year ago:

"Interviews with more than a dozen people familiar with Facebook’s use of Onavo data show in detail how the social-media giant employs it to measure what people do on their phones beyond Facebook’s own suite of apps. That information shapes Facebook’s product and acquisition strategy—furthering its already formidable competitive edge, the people said."

At the time, Facebook spokespeople attempted to claim that this was no big deal because "websites and apps have used market-research services for years," and that the data collected by its nosy VPN helped the company improve its products.

But that response ignored the obvious problem: that Facebook has been pitching a product it claimed "protected" people's privacy but did the exact opposite. During a massive, global privacy scandal. With regulators and media outlets around the world contemplating vast new privacy guidelines that could massively impact Facebook's entire data-hoovering business model.

That anybody at Facebook thought this was a good idea is pretty remarkable.

This week, Facebook was forced to pull the company's "data security app" from the Apple Store after the company found that the service violated its data-collection policies:

"Earlier this month, Apple officials informed Facebook that the app violated new rules outlined in June designed to limit data collection by app developers, the person familiar with the situation said. Apple informed Facebook that Onavo also violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising, the person added."

Admittedly, Apple's app store approval process is certainly its own type of terrible. But the report notes that Apple demanded that Facebook "voluntarily" remove the app, and Facebook complied. As such, iOS users can no longer download the app, and users that have already installed it will no longer receive updates for it. It is, however, still available over at the Google Play store, if giving Facebook even greater insight into your online activity is a prospect that excites you.

The whole kerfuffle only punctuated our repeated point that VPN's aren't some kind of mystical privacy panacea. In the wake of the GOP killing broadband privacy rules and the myriad other privacy and hacking scandals, countless people have been flocking to VPNs under the mistaken belief that a VPN is some kind of silver bullet. But a VPN is only as good as the people running it on the other end. And if the people on the other end are running scams or lying about what data is collected and stored (which is incredibly common in the VPN realm) you're not a whole lot better off.

In short, who you get your VPN from is incredibly important, and if the person pitching you said VPN has a rich history of privacy abuses (be it Facebook or a giant, incumbent ISP like Verizon), you should probably know better than to trust the integrity of their promises, whatever form they take.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: apps, onavo, privacy, security, vpn
Companies: apple, facebook


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    NeghVar (profile), 23 Aug 2018 @ 2:48pm

    FaceBook VPN. Oxymoron

    link to this | view in thread ]

  2. icon
    bwburke94 (profile), 23 Aug 2018 @ 2:49pm

    Ah, Facebook. Snooping as usual, I see!

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 23 Aug 2018 @ 3:10pm

    Re:

    Not necessarily: you could safely use it for accessing Facebook, "privately" in the sense that Facebook would still know everything about you but nobody could watch you use Facebook or interfere without totally blocking the VPN.

    It's the same reason Facebook has a Tor onion service. Not to prevent them from knowing who you are, but to make it harder for your ISP/country/employer to block your Facebook access or know how much time you waste there.

    link to this | view in thread ]

  4. icon
    Anonymous Anonymous Coward (profile), 23 Aug 2018 @ 3:52pm

    VPN's through VPN's

    I have a VPN. I have it mounted on one of my routers. I also have the same VPN's desktop apps. The router is set to one exit point. If I use one of my desktop apps and set yet another exit point, my exit point will be that IP address. It might slow the connection down, and it might double encrypt it (though I doubt that makes it harder to de-encrypt), it most certainly does more to obscure my location. Second exit point points to the first exit point which in theory points to nothing, as my VPN keeps no logs.

    So, in theory, if one has a VPN and then also uses Facebook's VPN, they would be more protected than if they only used Facebook's VPN. None of that keeps Facebook from recording what you did during the session. It just keeps your actual location from being discerned.

    That we have to go through these exercises to maintain some privacy is most certainly problematic. That Facebook advertised their VPN as protecting privacy is just a lie. Not unexpected, but disappointing still.

    link to this | view in thread ]

  5. This comment has been flagged by the community. Click here to show it
    icon
    Sayonara Felicia-San (profile), 23 Aug 2018 @ 3:52pm

    Not the Onion?

    Wow, people were zuckered into using a facebook "VPN" ...what next?

    FBI Swat-Me-Not™ Keylogger
    NAMBLA™ Wireless Teddy Bear Security Cam
    Erdogan™ 'Real Freedom' VPN
    Putin™ Anti-Virus Scanner

    link to this | view in thread ]

  6. This comment has been flagged by the community. Click here to show it
    icon
    Sayonara Felicia-San (profile), 23 Aug 2018 @ 3:55pm

    Re: VPN's through VPN's

    I'm using: Hillary Clinton Email Security 2016™ Special Digital Deluxe Election Edition.

    link to this | view in thread ]

  7. icon
    Anonymous Anonymous Coward (profile), 23 Aug 2018 @ 4:27pm

    Re: Re: VPN's through VPN's

    It hasn't done her any good, what are you hoping for?

    For that matter, it hasn't done her any harm either (despite those that argue that doing so violated federal law, for her, not you), but she is impervious to some kinds of embarrassment, and for whatever reasons she has, so far, escaped any kind of prosecution. Is that the kind of protection your looking for?

    link to this | view in thread ]

  8. This comment has been flagged by the community. Click here to show it
    identicon
    Ineer Eng, 23 Aug 2018 @ 4:30pm

    Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

    You can always tell when there's news that makes Google look bad, cause then Techdirt runs Facebook pieces to divert from their precious.

    link to this | view in thread ]

  9. icon
    Anonymous Anonymous Coward (profile), 23 Aug 2018 @ 4:35pm

    Re: Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

    link to this | view in thread ]

  10. icon
    Anonymous Anonymous Coward (profile), 23 Aug 2018 @ 4:35pm

    Re: Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

    link to this | view in thread ]

  11. icon
    That One Guy (profile), 23 Aug 2018 @ 4:50pm

    Hey now, you can't expect them to actually read the articles(or even the headlines), they've got a busy schedule doing battle against the phantom TD in their head.

    link to this | view in thread ]

  12. This comment has been flagged by the community. Click here to show it
    icon
    Sayonara Felicia-San (profile), 23 Aug 2018 @ 5:00pm

    Re: Re: Re: VPN's through VPN's

    What do you mean "It hasn't done her any good,"

    Trump's former campaign chairman and lawyer have dozens of FBI FEDERAL indictments and convictions!! While Hillary has none.

    If only Trump had used:

    Hillary Clinton Email Security 2016™ Special Digital Deluxe Election Edition

    Amazon Prime members get a free copy of BleachBit!

    link to this | view in thread ]

  13. icon
    Anonymous Anonymous Coward (profile), 23 Aug 2018 @ 5:38pm

    Re: Re: Re: Re: VPN's through VPN's

    Bleachbit is free. Windows or Linux (I have both) is free. So your offer has as much substance as your statements.

    Thing is, politicians are bad, it does not matter which of the various sides they are on (there are more than two if you haven't been paying attention), and that they need money to get re-elected is bad.

    I know that you have gone into my history and looked for ways to denigrate me. Have at it. I don't care much. But if you look further, you will find what I have to say about how to go about changing things. There is more than one post, so don't stop at the first one you find. Look back. And then there are the years that I was not a member, but used the moniker Anonymous Anonymous Coward, and then there are the years that I was merely an Anonymous Coward. Just reading my writings will not tell you who I am. But reading my writings will give you a clue. As of now, you have no clue.

    link to this | view in thread ]

  14. icon
    Anonymous Anonymous Coward (profile), 23 Aug 2018 @ 5:51pm

    Re:

    Thing is, those who follow the site and know better and still make the same kind of asinine, irrelevant statements. They think that making the statement enables or affirms their cause, whatever that is (and it is getting harder and harder to know what that cause is because they don't actually articulate it or change their premise depending upon the responses, they change their argument for continued argument). I think, at times that the purpose is to be obstinate, for the purpose of being obstinate, not because the actually have something to say. They get their rocks off from that. Shame on them.

    The appropriate response is in most cases a flag for abusive commentary and not to respond otherwise. To some degree, we have valued community members who like to argue. They do not see that the rest of us have to suffer. I respond, sometimes, but when the other party shows their desire to argue, rather than discuss, I quit. Others, not so much. I hope they will learn that quitting is better than getting their arguing merit badges. Not matter how good it might make you feel for the moment.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 23 Aug 2018 @ 7:02pm

    Re: Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

    I wonder what you're trying (poorly) to divert from?

    link to this | view in thread ]

  16. identicon
    VPN Owner Who Knows What He's Doing, 23 Aug 2018 @ 10:53pm

    VPNs

    Well, it's easy enough to build your own VPN, but the thing people always forget is DNS which is wide open without some work. If you don't encrypt your DNS requests, the ISP you're hiding from still knows everything, as does the DNS provider.
    I know some who look up IP addresses instead of using DNS but I think they're nuts.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 23 Aug 2018 @ 11:52pm

    Re: Re: Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

    Hm, a week late to the party. They're either so used to the 24-hour news cycle that if it's not on a flashing banner 5 times an hour it's not there.

    Or they're like the people who post a "fresh" meme on Facebook long after the rest of the Internet has forgotten about it

    link to this | view in thread ]

  18. icon
    oliv (profile), 24 Aug 2018 @ 12:10am

    VPN?

    VPN... you keep using that Name, but that's not what this is!!!!

    *cough* private *cough*

    link to this | view in thread ]

  19. This comment has been flagged by the community. Click here to show it
    identicon
    saivamsi lankipalli, 24 Aug 2018 @ 2:09am

    Dental Industry

    It’s not your eyes or lips; it is for sure your teeth that get noticed first! Why hide it, when you can smile with confidence. Axiss Dental, India’s leading multi-specialty chain of top dental clinics with over 65 state-the-art dental clinics across the country has been providing good dental treatments in India since 2004.

    link to this | view in thread ]

  20. identicon
    David, 24 Aug 2018 @ 2:23am

    I'm shocked, shocked to hear snooping is going on.

    Here is your user data, Captain Zuck.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 24 Aug 2018 @ 3:27am

    Re: Re: VPN's through VPN's

    WhataboutHillaryDrink!

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 24 Aug 2018 @ 7:36am

    Re: VPN's through VPN's

    Second exit point points to the first exit point which in theory points to nothing

    Did you not have to create an account for both VPNs? There's no need to trace back through the first exit if the second has your billing data.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 24 Aug 2018 @ 4:23pm

    Re: Re: Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

    Here, netwit, is part of what Masnick is ignoring. -- One could easily FILL this "blog" for a week with similar, but you know that it won't be, and why.

    Android data slurping measured and monitored

    The report confirms that Google is no respecter of the Chrome browser's "incognito mode" aka "porn mode", collecting Chrome data to add to your personal profile, as we pointed out earlier this year.

    https://www.theregister.co.uk/2018/08/24/google_data_flows_study/

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 25 Aug 2018 @ 8:26am

    Re: Re: Re: Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

    One could easily FILL this "blog" for a week with similar

    Except that when Techdirt did post articles on news you considered similar, you pissed and moaned like a koala suffering from incontinence.

    There's no fucking pleasing you, blue boy. So the wise do the smart thing and just don't bother.

    out_of_the_blue just hates it when due process is enforced.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.