Facebook’s Free VPN is Tracking Everything Users Do

TechCrunch reports that Facebook’s in-app VPN “Protect” is actually being used by the company to track user activity across apps. Onavo Protect is a VPN client that was acquired by Facebook in 2013. Since 2016, it has been available to users in the UK and on Android, but it recently popped up on iOs as well.

If a user clicks on Protect in the navigation menu, they’re redirected to the Apple Store listing for Onavo Protect. The listing looks like what you’d expect from a VPN. It talks about secure browsing and an “added layer of security” on public wifi. Here’s a little snippet from the first paragraph:

“This powerful app helps keep you safe by understanding when you visit potentially malicious or harmful websites and giving you a warning. It also helps keep your details secure when you login to websites or enter personal information such as bank accounts and credit card numbers.”

It’s not until the third to last sentence of the description — which you can only see if you click “more” — that there’s any mention of data collection. And it’s not until the very last sentence that Facebook is mentioned at all:

“As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we're part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.”

In other words, by creating a tunnel between the user and Onavo, Facebook is able to monitor all traffic on that person’s device. Not just traffic on the Facebook app. Not just traffic on sites and apps that have Facebook tracking embedded. All traffic on the device.

So while users might think Facebook is offering this great service for protection, they’re actually using it for data collection. And according to Sarah Perez on TechCrunch, that was the whole purpose of Facebook’s acquisition of Onavo in the first place — and it’s already paid off. For example, data collected via Onavo allows Facebook to see what apps are up-and-coming and purchase them before they blow up. Or, in a much more well-known case, data collected from Onavo allowed Facebook to learn that Instagram’s Stories feature was taking a bite out of SnapChat’s traffic before SnapChat even announced that was happening.

While this story highlights first and foremost one of the more insidious ways big social media companies track users, it’s also a great example of how “free” VPNs are never actually free. If you’re not paying with money, you’re paying some other way. In this case, you’re paying with a complete lack of privacy and giving Facebook — which already owns so much of our data — even more information that they can then profit from. Obviously it’s up to each person to decide the price they want to pay for the services they consume, but it’s worth asking: When is the price too high?

Share this post

About Tenta

Tenta is a next generation browser designed for privacy and security. Built-in true VPN, full data encryption, video downloader, secure medai vault, HTTPS Everywhere, Tenta DNS, and more.

View all posts by Tenta >

Install Tenta Browser Free!

Start protecting your online privacy today with Tenta Browser.

Download Tenta Browser Google Play Button