Back in February we noted how Facebook had launched a new security tool the company promised would "help keep you and your data safe when you browse and share information on the web." The product was effectively just reconstituted version of the Onavo VPN the company acquired back in 2013. We also noted how some reports were quick to point out that instead of making Facebook users’ data more private and secure, Facebook used the VPN to track users around the internet — specifically what users were doing when they visited other platforms and services.
From a report in the Wall Street Journal just about a year ago:
"Interviews with more than a dozen people familiar with Facebook’s use of Onavo data show in detail how the social-media giant employs it to measure what people do on their phones beyond Facebook’s own suite of apps. That information shapes Facebook’s product and acquisition strategy—furthering its already formidable competitive edge, the people said."
At the time, Facebook spokespeople attempted to claim that this was no big deal because "websites and apps have used market-research services for years," and that the data collected by its nosy VPN helped the company improve its products.
But that response ignored the obvious problem: that Facebook has been pitching a product it claimed "protected" people’s privacy but did the exact opposite. During a massive, global privacy scandal. With regulators and media outlets around the world contemplating vast new privacy guidelines that could massively impact Facebook’s entire data-hoovering business model.
That anybody at Facebook thought this was a good idea is pretty remarkable.
This week, Facebook was forced to pull the company’s "data security app" from the Apple Store after the company found that the service violated its data-collection policies:
"Earlier this month, Apple officials informed Facebook that the app violated new rules outlined in June designed to limit data collection by app developers, the person familiar with the situation said. Apple informed Facebook that Onavo also violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising, the person added."
Admittedly, Apple’s app store approval process is certainly its own type of terrible. But the report notes that Apple demanded that Facebook "voluntarily" remove the app, and Facebook complied. As such, iOS users can no longer download the app, and users that have already installed it will no longer receive updates for it. It is, however, still available over at the Google Play store, if giving Facebook even greater insight into your online activity is a prospect that excites you.
The whole kerfuffle only punctuated our repeated point that VPN’s aren’t some kind of mystical privacy panacea. In the wake of the GOP killing broadband privacy rules and the myriad other privacy and hacking scandals, countless people have been flocking to VPNs under the mistaken belief that a VPN is some kind of silver bullet. But a VPN is only as good as the people running it on the other end. And if the people on the other end are running scams or lying about what data is collected and stored (which is incredibly common in the VPN realm) you’re not a whole lot better off.
In short, who you get your VPN from is incredibly important, and if the person pitching you said VPN has a rich history of privacy abuses (be it Facebook or a giant, incumbent ISP like Verizon), you should probably know better than to trust the integrity of their promises, whatever form they take.