- Facebook is now directing users to download a VPN
called Onavo for “protection.”
- The VPN is owned by Facebook, and sends information
about your app usage habits to the company.
- Facebook has used this tool for a competitive advantage
against other mobile apps.
- Critics say Facebook isn’t clear enough about its
ownership of Onavo.
Under the pretense of protecting your account, Facebook is
telling users download to a Facebook-owned app that tracks what
you do on your phone — and sends that information back to
TechCrunch first noticed on Tuesday that Facebook added a menu
item, called “protect,” to its iPhone and iOS app. Clicking it
takes users directly to the App Store listing of a Virtual
Private Network (VPN) app called Onavo Protect, which is owned by
Facebook bought Onavo, an Israeli company, in 2013. Since then,
Facebook has been using the data collected from the service to
keep tabs on how people use the apps on their phones, even when
they’re not using Facebook.
For example, the company used Onavo to see that Snapchat saw
declining usage after Facebook introduced the competing Instagram
The Wall Street Journal reported. It was also data from Onavo
reportedly inspired Facebook to launch a group video chat feature
to its Messenger app — styming a smaller app called
Houseparty, which provided a very similar feature.
However, critics say that Facebook isn’t clear enough about its
affiliation with Onavo, implying that users might never know that
the company uses the data from the app for such purposes.
Facebook did not immediately respond to Business Insider’s
request for comment. Erez Naveh, Product Manager at Onavo,
told TechCrunch that the app collects mobile data traffic to
“help us recognize tactics that bad actors use.” Naveh also noted
that the app lets people know it collects data before users
Here’s what Onavo actually does — and why people are upset that
Facebook is pushing it.
Facebook’s Onavo is a Virtual Private Network, or VPN
Onavo is a Virtual Private Network, or a VPN.
There are several VPNs out there, and they essentially all do the
same thing: route your internet traffic through a third-party
This allows users to to mask their browsing activity from
Internet Service Providers, like Comcast and AT&T. It can
also make your computer look like it’s in a different location,
depending on where the third-party server is. Typically, VPNs
themselves encrypt your traffic, making it harder for people to
snoop on your activity.
Many VPNs are paid services — the popular AnchorFree Hotspot
Shield, for instance, charges $13 a month, or $120 a year.
Others, like Onavo Protect, are totally free for (mostly)
When users download Onavo, they give Facebook permission to
collect their mobile data traffic. Because Facebook owns Onavo,
Facebook gets access to that data. This means that while your ISP
won’t see what apps you’re using, Facebook will. If you’re using
Onavo, and you spend two hours on Twitter a day, Facebook can see
Why does this have people worried?
The major criticism of Onavo Protect is that Facebook isn’t clear
enough about its affiliation with the app. Unless you tap
the “Read More” button in the App Store description of Onavo, you
might never know it was actually owned by Facebook itself.
“As part of this process, Onavo collects your mobile data
traffic. This helps us improve and operate the Onavo service by
analyzing your use of websites, apps and data. Because we’re part
of Facebook, we also use this info to improve Facebook products
and services, gain insights into the products and services people
value, and build better experiences,” the description of the app
The average user may not read the entire app description and
download the service without knowing that it is giving Facebook
access to your mobile browsing data, say critics.
John Gruber, a prominent Apple blogger, called
Onavo “spyware,” likening it malicious software that hackers
deploy to spy on users. Dell Cameron, a reporter at Gizmodo,
called the VPN service “vampiric” and told readers not to
download the app.
Facebook already has issues with eroding public trust, amid its
public struggles with fake news, propaganda, and misinformation
spreading through the social network. The perception that the
company is pushing what’s seen as a way to spy on users may not
be the best look.