Facebook's 'Privacy Protecting' VPN Booted From Apple Store For Snooping Too Much

from the ill-communication dept

Back in February we noted how Facebook had launched a new security tool the company promised would “help keep you and your data safe when you browse and share information on the web.” The product was effectively just reconstituted version of the Onavo VPN the company acquired back in 2013. We also noted how some reports were quick to point out that instead of making Facebook users’ data more private and secure, Facebook used the VPN to track users around the internet — specifically what users were doing when they visited other platforms and services.

From a report in the Wall Street Journal just about a year ago:

“Interviews with more than a dozen people familiar with Facebook?s use of Onavo data show in detail how the social-media giant employs it to measure what people do on their phones beyond Facebook?s own suite of apps. That information shapes Facebook?s product and acquisition strategy?furthering its already formidable competitive edge, the people said.”

At the time, Facebook spokespeople attempted to claim that this was no big deal because “websites and apps have used market-research services for years,” and that the data collected by its nosy VPN helped the company improve its products.

But that response ignored the obvious problem: that Facebook has been pitching a product it claimed “protected” people’s privacy but did the exact opposite. During a massive, global privacy scandal. With regulators and media outlets around the world contemplating vast new privacy guidelines that could massively impact Facebook’s entire data-hoovering business model.

That anybody at Facebook thought this was a good idea is pretty remarkable.

This week, Facebook was forced to pull the company’s “data security app” from the Apple Store after the company found that the service violated its data-collection policies:

“Earlier this month, Apple officials informed Facebook that the app violated new rules outlined in June designed to limit data collection by app developers, the person familiar with the situation said. Apple informed Facebook that Onavo also violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising, the person added.”

Admittedly, Apple’s app store approval process is certainly its own type of terrible. But the report notes that Apple demanded that Facebook “voluntarily” remove the app, and Facebook complied. As such, iOS users can no longer download the app, and users that have already installed it will no longer receive updates for it. It is, however, still available over at the Google Play store, if giving Facebook even greater insight into your online activity is a prospect that excites you.

The whole kerfuffle only punctuated our repeated point that VPN’s aren’t some kind of mystical privacy panacea. In the wake of the GOP killing broadband privacy rules and the myriad other privacy and hacking scandals, countless people have been flocking to VPNs under the mistaken belief that a VPN is some kind of silver bullet. But a VPN is only as good as the people running it on the other end. And if the people on the other end are running scams or lying about what data is collected and stored (which is incredibly common in the VPN realm) you’re not a whole lot better off.

In short, who you get your VPN from is incredibly important, and if the person pitching you said VPN has a rich history of privacy abuses (be it Facebook or a giant, incumbent ISP like Verizon), you should probably know better than to trust the integrity of their promises, whatever form they take.

Filed Under: , , , ,
Companies: apple, facebook

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Facebook's 'Privacy Protecting' VPN Booted From Apple Store For Snooping Too Much”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

Not necessarily: you could safely use it for accessing Facebook, “privately” in the sense that Facebook would still know everything about you but nobody could watch you use Facebook or interfere without totally blocking the VPN.

It’s the same reason Facebook has a Tor onion service. Not to prevent them from knowing who you are, but to make it harder for your ISP/country/employer to block your Facebook access or know how much time you waste there.

Anonymous Anonymous Coward (profile) says:

VPN's through VPN's

I have a VPN. I have it mounted on one of my routers. I also have the same VPN’s desktop apps. The router is set to one exit point. If I use one of my desktop apps and set yet another exit point, my exit point will be that IP address. It might slow the connection down, and it might double encrypt it (though I doubt that makes it harder to de-encrypt), it most certainly does more to obscure my location. Second exit point points to the first exit point which in theory points to nothing, as my VPN keeps no logs.

So, in theory, if one has a VPN and then also uses Facebook’s VPN, they would be more protected than if they only used Facebook’s VPN. None of that keeps Facebook from recording what you did during the session. It just keeps your actual location from being discerned.

That we have to go through these exercises to maintain some privacy is most certainly problematic. That Facebook advertised their VPN as protecting privacy is just a lie. Not unexpected, but disappointing still.

Anonymous Anonymous Coward (profile) says:

Re: Re: VPN's through VPN's

It hasn’t done her any good, what are you hoping for?

For that matter, it hasn’t done her any harm either (despite those that argue that doing so violated federal law, for her, not you), but she is impervious to some kinds of embarrassment, and for whatever reasons she has, so far, escaped any kind of prosecution. Is that the kind of protection your looking for?

Sayonara Felicia-San (profile) says:

Re: Re: Re: VPN's through VPN's

What do you mean “It hasn’t done her any good,”

Trump’s former campaign chairman and lawyer have dozens of FBI FEDERAL indictments and convictions!! While Hillary has none.

If only Trump had used:

Hillary Clinton Email Security 2016™ Special Digital Deluxe Election Edition

Amazon Prime members get a free copy of BleachBit!

Anonymous Anonymous Coward (profile) says:

Re: Re: Re:2 VPN's through VPN's

Bleachbit is free. Windows or Linux (I have both) is free. So your offer has as much substance as your statements.

Thing is, politicians are bad, it does not matter which of the various sides they are on (there are more than two if you haven’t been paying attention), and that they need money to get re-elected is bad.

I know that you have gone into my history and looked for ways to denigrate me. Have at it. I don’t care much. But if you look further, you will find what I have to say about how to go about changing things. There is more than one post, so don’t stop at the first one you find. Look back. And then there are the years that I was not a member, but used the moniker Anonymous Anonymous Coward, and then there are the years that I was merely an Anonymous Coward. Just reading my writings will not tell you who I am. But reading my writings will give you a clue. As of now, you have no clue.

Anonymous Anonymous Coward (profile) says:

Re: Re: Re: Re:

Thing is, those who follow the site and know better and still make the same kind of asinine, irrelevant statements. They think that making the statement enables or affirms their cause, whatever that is (and it is getting harder and harder to know what that cause is because they don’t actually articulate it or change their premise depending upon the responses, they change their argument for continued argument). I think, at times that the purpose is to be obstinate, for the purpose of being obstinate, not because the actually have something to say. They get their rocks off from that. Shame on them.

The appropriate response is in most cases a flag for abusive commentary and not to respond otherwise. To some degree, we have valued community members who like to argue. They do not see that the rest of us have to suffer. I respond, sometimes, but when the other party shows their desire to argue, rather than discuss, I quit. Others, not so much. I hope they will learn that quitting is better than getting their arguing merit badges. Not matter how good it might make you feel for the moment.

Anonymous Coward says:

Re: Re: Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

Hm, a week late to the party. They’re either so used to the 24-hour news cycle that if it’s not on a flashing banner 5 times an hour it’s not there.

Or they’re like the people who post a “fresh” meme on Facebook long after the rest of the Internet has forgotten about it

Anonymous Coward says:

Re: Re: Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

Here, netwit, is part of what Masnick is ignoring. — One could easily FILL this "blog" for a week with similar, but you know that it won’t be, and why.

Android data slurping measured and monitored

The report confirms that Google is no respecter of the Chrome browser’s "incognito mode" aka "porn mode", collecting Chrome data to add to your personal profile, as we pointed out earlier this year.


Anonymous Coward says:

Re: Re: Re: Oh, by the way: Google too is just great at privacy! Tracks location when "off"!

One could easily FILL this "blog" for a week with similar

Except that when Techdirt did post articles on news you considered similar, you pissed and moaned like a koala suffering from incontinence.

There’s no fucking pleasing you, blue boy. So the wise do the smart thing and just don’t bother.

out_of_the_blue just hates it when due process is enforced.

VPN Owner Who Knows What He's Doing says:


Well, it’s easy enough to build your own VPN, but the thing people always forget is DNS which is wide open without some work. If you don’t encrypt your DNS requests, the ISP you’re hiding from still knows everything, as does the DNS provider.
I know some who look up IP addresses instead of using DNS but I think they’re nuts.

saivamsi lankipalli (user link) says:

Dental Industry

It’s not your eyes or lips; it is for sure your teeth that get noticed first! Why hide it, when you can smile with confidence. Axiss Dental, India’s leading multi-specialty chain of top dental clinics with over 65 state-the-art dental clinics across the country has been providing good dental treatments in India since 2004.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...