- Facebook is now directing users to download a VPN called Onavo for "protection."
- The VPN is owned by Facebook, and sends information about your app usage habits to the company.
- Facebook has used this tool for a competitive advantage against other mobile apps.
- Critics say Facebook isn't clear enough about its ownership of Onavo.
Under the pretense of protecting your account, Facebook is telling users download to a Facebook-owned app that tracks what you do on your phone — and sends that information back to Facebook.
TechCrunch first noticed on Tuesday that Facebook added a menu item, called "protect," to its iPhone and iOS app. Clicking it takes users directly to the App Store listing of a Virtual Private Network (VPN) app called Onavo Protect, which is owned by Facebook.
Facebook bought Onavo, an Israeli company, in 2013. Since then, Facebook has been using the data collected from the service to keep tabs on how people use the apps on their phones, even when they're not using Facebook.
For example, the company used Onavo to see that Snapchat saw declining usage after Facebook introduced the competing Instagram Stories feature, The Wall Street Journal reported. It was also data from Onavo that reportedly inspired Facebook to launch a group video chat feature to its Messenger app — stymying a smaller app called Houseparty, which provided a very similar feature.
However, critics say that Facebook isn't clear enough about its affiliation with Onavo, implying that users might never know that the company uses the data from the app for such purposes.
Facebook did not immediately respond to Business Insider's request for comment. Erez Naveh, Product Manager at Onavo, told TechCrunch that the app collects mobile data traffic to "help us recognize tactics that bad actors use." Naveh also noted that the app lets people know it collects data before users download it.
Here's what Onavo actually does — and why people are upset that Facebook is pushing it.
Facebook's Onavo is a Virtual Private Network, or VPN
Onavo is a Virtual Private Network, or a VPN.
There are several VPNs out there, and they essentially all do the same thing: route your internet traffic through a third-party server.
This allows users to to mask their browsing activity from Internet Service Providers, like Comcast and AT&T. It can also make your computer look like it's in a different location, depending on where the third-party server is. Typically, VPNs themselves encrypt your traffic, making it harder for people to snoop on your activity.
Many VPNs are paid services — the popular AnchorFree Hotspot Shield, for instance, charges $13 a month, or $120 a year. Others, like Onavo Protect, are totally free for (mostly) unlimited usage.
When users download Onavo, they give Facebook permission to collect their mobile data traffic. Because Facebook owns Onavo, Facebook gets access to that data. This means that while your ISP won't see what apps you're using, Facebook will. If you're using Onavo, and you spend two hours on Twitter a day, Facebook can see that.
Why does this have people worried?
The major criticism of Onavo Protect is that Facebook isn't clear enough about its affiliation with the app. Unless you tap the "Read More" button in the App Store description of Onavo, you might never know it was actually owned by Facebook itself.
"As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences," the description of the app reads.
The average user may not read the entire app description and download the service without knowing that it is giving Facebook access to your mobile browsing data, say critics.
John Gruber, a prominent Apple blogger, called Onavo "spyware," likening it malicious software that hackers deploy to spy on users. Dell Cameron, a reporter at Gizmodo, called the VPN service "vampiric" and told readers not to download the app.
Facebook already has issues with eroding public trust, amid its public struggles with fake news, propaganda, and misinformation spreading through the social network. The perception that the company is pushing what's seen as a way to spy on users may not be the best look.