Facebook Is Shutting Down Its Sneaky, Data-Harvesting VPN

By Rhett Jones on at

Facebook’s Onavo VPN app has been dying a slow death since it was exposed as a clandestine data collection monster last year. The app was pulled from the iOS app store for violating Apple’s rules and now Facebook has voluntarily decided to remove it from Google Play. At the very least, the move seems to signal that the social network is becoming more aware of the risks its creepy privacy practices pose.

When Facebook bought Onavo in October of 2013, it was an independent secure VPN service that offered users an app to help monitor their data usage and limit background activities on their smartphone. Onavo was also collecting market research on the time users spent on apps, the websites they visit, as well as their country of origin, device, and network type. Facebook recognised that all that info could be very powerful in its data-hungry hands and shelled out somewhere around $200 million (£153 million) for the company. Most Onavo users probably weren’t aware of the change of ownership, and new adopters could easily miss that they were installing a Facebook app when they downloaded Onavo Protect.

TechCrunch first found that the Onavo app has been removed from Google Play on Friday. For now, the app will reportedly continue to function on phones that already have it installed but will be shut down completely over time. When Gizmodo asked Facebook for comment, a spokesperson told us, “Market research helps companies build better products for people. We are shifting our focus to reward-based market research which means we’re going to end the Onavo programme.”

Like other VPN services, Onavo Protect helped users hide their IP addresses and locations from trackers by redirecting their web surfing activity through a third-party server. While users may have been protecting themselves from being tracked, they weren’t always aware that they were giving exclusive access to their activities to one of the world’s biggest (and most scandal-prone) data-driven tech companies.

One reported use Facebook found for Onavo was monitoring how its own services were performing against competitors like Snapchat. And even before the social network bought Onavo, documents show Facebook was using the firm’s data to learn things like users were sending more than twice as many messages through WhatsApp as they were through Facebook’s Messenger in April of 2013. It seems likely that that information encouraged to Facebook buy WhatsApp for the jaw-dropping sum of $19 billion (£14.5 billion) in 2014.

But when Facebook started using its primary mobile app to encourage users to download Onavo Protect, its profile was raised considerably and Apple stepped in with concerns about it violating users’ privacy. Not wanting any trouble, Facebook pulled the app from the iOS store but was quietly using some of its code for a new research programme in which it paid teens a small fee to install a special research app on their phones that gave Facebook total access to their activities. When Apple found out, it was enraged and revoked Facebook’s developer credentials that allow it to conduct internal testing on new apps.

It appears that Facebook is getting ahead of any potential trouble it could have with Google by simply shutting down the Onavo programme altogether. But all the data it collected will surely continue to inform Facebook decisions and it’s unclear how the company’s “reward-based market research” will be conducted going forward. A good rule of thumb with Facebook is to always expect the worst, most underhanded thing you can imagine. [TechCrunch]

Featured photo: Getty