Skip to Content
Social media

Facebook’s new trick is tracking you like you never knew until now

If you are a trusting person, it’s possible that you see something like Facebook and appreciate all the good it does for you. Who doesn’t like the ability to share your life with friends and family, while simultaneously being able to keep up to date with the happenings of people you care about?

However, if you are the kind of person who is less trusting and a bit more suspicious, Facebook gives you ample reason to wonder about its true intentions. Sure, the site can talk about things like privacy and doing what’s right, but it seems as though they repeatedly fall short in areas that are pretty concerning.

That’s why this latest revelation regarding Facebook privacy, or the lack of it, is worth a look. Because even when something claims to protect you, that may not entirely be the case.

Apparently, security comes with a price

Last month, Facebook attempted to have us download a VPN app called Onavo for iOS and Android. The idea, according to Facebook, was that it would help provide protection against threats coming through an encrypted network. This is especially helpful when using a public network.

Click here to read our initial thoughts about Onavo’s rollout.

The protection feature is accessed by clicking on the main menu and then scrolling down through the “Explore” section. It is the light blue icon with a shield and the word “Protect,” and upon being clicked it will take you to download an app.

Onavo Protect

Tapping the “Protect” link actually opens the download page for a VPN app called “Onavo Protect – VPN Security.” Note: Facebook bought the Onavo company back in 2013.

Now, a VPN service is a good way to boost your online security and privacy, especially when connected to public Wi-Fi. It is also a good way to hide your internet tracks from would-be snoops. Think of it as a middleman that provides a tunnel between you and the websites you’re visiting.

Onavo Protect promises just that – “it helps keep you and your data safe when you browse and share information on the web.”

Like any other VPN service, it creates a secure connection to Onavo’s servers then directs all your traffic through it first. Onavo claims that this will protect you from malicious websites and will keep your personal information like logins and credit card numbers safe.

Based on user reviews and our own testing, Onavo Protect is a perfectly usable mobile VPN service and it delivers on what it promises.

However, its fine print is turning heads and it’s causing a bit of an uproar from privacy advocates. People are even starting to label it as Facebook’s very own trojan spyware app.

Onavo Protect’s fine print


What’s causing the uproar? Well, under the “How it works” section on the Onavo Protect app’s description are some interesting statements.

It explicitly states that “Onavo collects your mobile data traffic.” Now, this in itself will raise some eyebrows since most VPN services pride themselves with the anonymity of their traffic. Good VPN services neither keep logs and records nor collect “traffic data.”

Another statement is equally troubling. Onavo states that since they’re part of Facebook, they will use this data to “improve Facebook products and services, gain insights into the products and services people value, and build better experiences.”

And you probably know what that really means. They’re the code words for “targeted advertising.”

Facebook’s very own “spyware”?

So basically, Onavo Protect is a somewhat clever way to direct all your mobile data, not just your Facebook app activity mind you, but everything you do on your phone, right into Facebook’s hands.

Yep, this includes the data across every app you’re using, including “secure” browsers and other rival social media sites like Snapchat and Twitter.

Well, other than the ability to snoop on everything you do on your phone and selling the data to advertisers, what else can Onavo Protect’s data be used for? It can be used for analyzing app activities and this will allow Facebook to spot emerging trends ahead of everyone else.

We all know Facebook’s penchant for buying trending apps and rival services so this information will be extremely valuable.

But wait, there’s more to Onavo Protect than initially thought

So as if spying on your mobile traffic is not enough, security researcher Will Strafach found more interesting details about how Onavo Protect functions.

Based on his analysis, he found out that Onavo Protect collects user information even when the VPN function is off, a detail that its fine print failed to mention.

As long as you have the Onavo app installed (and remember, even with VPN off), it phones home to Facebook and regularly sends this data:

  • When user’s mobile device screen is turned on and turned off
  • Total daily Wi-Fi data usage in bytes (Even when VPN is turned off)
  • Total daily cellular data usage in bytes (Even when VPN is turned off)
  • Periodic beacon containing an “uptime” to indicate how long the VPN has been connected

Strafach also discovered that Onavo collects other device-specific information and sends it to Facebook as well.

This includes:

  • cellular carrier name
  • mobile network code
  • locale/language
  • iOS version (for iPhone users)

Basically, it spies on you even when you specifically tell it not to. Very slick!

So the question is, why is this information even being collected by Facebook? Why would a screen’s on and off times and total data usage even be relevant to a VPN service that’s not even turned on?

Yeah, it’s all there to “improve Facebook products and services.” Yeah right.

How to get rid of Onavo Protect

Does this knowledge upset you? Does the fact that Facebook is collecting data on you, likely without your knowledge, bring up some pretty negative feelings toward the site? If so, we don’t blame you.

The good news is if you went ahead and installed Onavo, just like any other app, it can be uninstalled from your iPhone or Android device, though there is little you can do about the data that was already collected. When you installed Onavo Protect, you essentially opted into their terms of use so believe it or not, you already gave them permission to collect and use your data.

To effectively stop the app from collecting your data, you will have to completely uninstall the Onavo VPN app from your iPhone or Android gadget.

The bottom line

So maybe you don’t mind giving away your privacy for a free VPN service like Onavo Protect but please be aware that is definitely sounding like another Facebook scheme to get more information from its users.

And it might be working. As of this writing, 33 million users already have Onavo Protect in their phones, 33 percent of which have iPhones and 62 percent are on Android.

Our advice? Unless you want to add more to what Facebook already knows about all of us, don’t do it. There are other free VPN services available out there.  We rounded up a few of the best VPN services.  Click here to see how they work.

When pressed on the what and why for this controversial app, Facebook responded by saying they are upfront about the information that will be collected and how it is used when people download Onavo. They say that the VPN needs all the data in order to properly protect people’s devices, as the knowledge gained will help improve the service.

Whether you believe that to be true, false, or somewhere in between, is totally up to you.

If nothing else, it’s just another reminder that it is important to read the fine print and really understand what kind of access you are granting apps before checking the box that says you agree.

Have a question about Facebook? Kim has your answer! Click here to send Kim a question, she may use it and answer it on her radio show. The Kim Komando Show is broadcast on over 450 stations. Click here to find the show time in your area.

In other Facebook news, some questions should not have to be asked

While Facebook’s efforts to poll people in hopes of making the site better are admirable, certain questions need not be asked and, perhaps more importantly, do not have multiple right answers. Click here to see what ridiculous question Facebook was asking people.

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook