Facebook’s New ‘Onavo Protect’ VPN is a Spyware App

Facebook’s New ‘Onavo Protect’ VPN is a Spyware App

Security is a major concern in computing, particularly in mobile devices and the Internet of Things. Over the past few years, overall usage of VPN services has increased, and consumers often see these programs as a way to avoid having one’s traffic snooped on. Well and good. But Facebook’s new VPN service, which has now rolled out for iOS devices, is fundamentally different than any standard service.

Unlike a typical VPN, Onavo Protect (from a company Facebook purchased in 2013) explicitly gives itself permission to mine your data. Buried underneath the “Read More” link, you’ll find the following:

As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.

Think about the implications of this. In the name of providing safety, Facebook gets to analyze which apps you use, which websites you visit, and how those trends change over time. If a new app starts to become popular, FB will know about it based on data harvested from user devices. Are you watching YouTube instead of Facebook Video? FB gets to know. While this feature is integrated into Facebook’s iOS app, the application also states that it provides an additional level of security to all your mobile traffic.

Image by 9to5 Mac
Image by 9to5 Mac

Onavo may well function as an effective VPN and offer an additional layer of security, but Facebook isn’t doing this out of the goodness of its heart. Onavo is a deliberate attempt to head off competition before it can even get started. Facebook has taken heat before for co-opting the features of other services into its own product, but this goes a step further. Businesses, generally speaking, quickly copy something that’s working. If iOS deploys new features that others like, you tend to see similar options popping up in Android. When Player Unknown’s Battlegrounds became a hit, developers like Epic Games started building a Battle Royale mode into Fortnite.

But this isn’t Facebook seeing a successful company and just copying its work. This is Facebook trying to find out where its next competitor is going to come from by mining your life to do it. The irony is staggering, given that many people use VPNs to increase privacy and security. It’s literally baked into the acronym — Virtual Private Network. Facebook is removing the “privacy” portion of that equation and hoping nobody notices.

We noticed.

Continue reading

Apple Files Lawsuit Against NSO Group for its Pegasus Spyware Attacks
Apple Files Lawsuit Against NSO Group for its Pegasus Spyware Attacks

Apple has announced a lawsuit against NSO Group and its parent company over its Pegasus spyware, seeking to prevent the group from using any of Apple's services and hardware in the future.

The FBI Considered Using Pegasus Spyware in Criminal Investigations, Report Says
The FBI Considered Using Pegasus Spyware in Criminal Investigations, Report Says

The agency ultimately decided against deploying the spyware, but it would seem the project got very close to becoming reality.

Microsoft’s Windows Defender ATP Catches Law Enforcement Spyware
Microsoft’s Windows Defender ATP Catches Law Enforcement Spyware

Microsoft has developed its threat detection model enough to catch professional malware. There's an impressive difference between the level of expertise in these high-end samples versus conventional malware products.

WhatsApp Hit by VoIP Spyware Attack
WhatsApp Hit by VoIP Spyware Attack

Facebook-owned WhatsApp is the most popular messaging platform in the world with more than 1.5 billion active users. That makes it a big target for hackers, and one group reportedly discovered a vulnerability that allowed them to inject malware into phones.