
Notes on Analytics and Tracking in Onavo Protect for iOS - ksajadi
https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0
======
ravenstine
I uninstalled every Facebook product from my phone. Turns out I really didn't
need Messenger after all.

As I still concede to using Facebook, I have decided to install a Chrome
shortcut to mbasic.facebook.com. It does everything I need without tons of
scripting, doesn't optimistically download content, and loads fast when my
bandwidth is reduced. It never notifies me, and that's a good thing. Without
infinite scrolling, I'm less likely to waste time.

Maybe I'll decide to ditch Facebook entirely, but for now, using mbasic has
been a healthier alternative.

My 4g LTE bandwidth seems to last longer, too.

With HTTPS and a mobile connection, I can't see why I would need a VPN for
Facebook.

~~~
parthdesai
Uninstalled Fb app and messenger long time ago. I can't uninstall whatsapp
even if i wanted to and it's hard to uninstall Instagram.

~~~
ravenstine
I remember uninstalling Facebook was pretty difficult. I was only able to
truly get rid of it by rooting my phone(I didn't do it for that purpose, but
that ended up being one benefit). They must pay Samsung a lot of money because
there's no good reason why a non-critical app would be so hard to remove.

~~~
Karunamon
Wouldn't merely disabling the app (in system -> applications) have
accomplished the same except for freeing up a couple hundred megs of storage
on the system partition? Disabled apps don't have their services run.

~~~
ravenstine
Yes, but I also want that space. Nothing changes the fact that it really
doesn't have a right to be there. :)

Also, there were other apps that I could only disable. I think YouTube might
have been one of them, and I would really prefer to use NewPipe instead. So
once I was rooted it was kind of like "Well, might as well delete ALL of that
crap."

------
ballenf
This is the app that was instrumental in FB consolidating their monopoly on
horizontal markets, using the data pickpocketed from users to analyze
potential acquisition targets. We need to explore whether antitrust scrutiny
should consider data hoarding as a factor.

I also wonder if this sleaziness is why we can't have ad-blocking faux-VPN
apps on iOS anymore (see AdGuard, e.g.). FB weren't the only ones abusing
users' trust, but there were legit apps that allowed one to selectively block
any device connection (not just DNS lookups) without any data leakage -- all
blocking done on-device. But no more as of fall 2017.

~~~
willstrafach
Interestingly, Onavo Protect is using the same method (Packet Tunnel Provider)
to send analytics data out. I am very curious if Apple is OK with that.

------
djrogers
Of course it does, as it explicitly claims to in the App description. What's
news here?

Also, that's some of the worst scroll-jacking and browser behavior
modification I've come across - you cannot read it zoomed in on Safari because
it jumps around instead of scrolling.

~~~
searchencrypt
It's news because people use VPNs to protect their privacy. If they are under
the impression that Onavo will keep their data private, they are wrong. Just
trying to inform...

~~~
czardoz
The app description does not even mention privacy.

~~~
ballenf
The app places the acryonym "VPN" on the phone and instructs users to turn on
the virtual _private_ network.

I'd say users aren't totally out of line thinking that an app providing
virtual _private_ networking functionality would use a layperson's definition
of private (as opposed to a techie's definition involving network protocols).

I'd argue that a VPN app that isn't _private_ should be required to put
something like the warning on cigarettes: >

> WARNING: This app monitors and records for all time your every action on
> your phone and only protects you from 3rd parties who haven't paid us enough
> money to get access to your data.

~~~
codezero
I agree that a VPN service implies it's protecting privacy, but let me nit
pick a bit: the "private" in virtual private network is not about privacy,
it's about a network with a private IP space, the virtual part is that it
operates on top of public IP space.

With that said, anyone could make the assumption that private means privacy
here, and most common use cases for consumer VPNs are for privacy, so, I guess
it really matters that they are explicit what they service does, and I think
the description above is pretty clear.

~~~
mattnewton
You and I understand this distinction. The general public that has been told
public networks are unsafe probably does not.

~~~
codezero
You are completely right, and I agree fully.

------
whoisjuan
This is not surprising at all... This is why they bought Onavo. Onavo gives
them a clear picture of how competing apps like Snapchat are doing and gives
them an idea of potential threats to their business.

~~~
willstrafach
That is a rehash if old information.

My post includes new information:

\- The app will track when your phone screen is on and when it is off, and
send that to Facebook

\- The app will track your daily Wi-Fi and cellular data usage, even when not
connected to the VPN, and send that to Facebook

------
TwoNineA
From the same company who asked their users if it was ok for grown men to ask
nude pictures from 14 year old girls.

~~~
ramses0
Source?

~~~
davidgould
[https://www.theguardian.com/technology/2018/mar/05/facebook-...](https://www.theguardian.com/technology/2018/mar/05/facebook-
men-children-sexual-images?CMP=Share_iOSApp_Other)

------
TravelTechGuy
If you want a VPN (P == Private), don't get one from a company that treats
"privacy" like a four-letter word. Just as you shouldn't trust an ad blocker
put forth by an ad company.

------
joelrunyon
Is there an upcoming product similar to instagram?

I really am over all the main facebook products, but seems like instagram has
a monopoly on that specific category of apps.

~~~
gnode
I heard about Vero ( [https://www.vero.co/](https://www.vero.co/) ) the other
day. Their business model is to allow the first wave of users to join for
free, then later charge a subscription to new users. I don't know whether
they'll be a contender in the long run, but they've experienced rapid growth
recently (unfortunately leading to service scaling issues).

------
Talyen42
Next up: FBI buys VPN service, promises everything is chill

~~~
jerkstate
Maybe you didn't see this:
[https://news.ycombinator.com/item?id=16501630](https://news.ycombinator.com/item?id=16501630)

~~~
searchencrypt
Sketchy.

------
Feniks
"available free of charge" And that's the point were you become the product.

------
product50
This is such a bs article. Onavo is a VPN - what are they expecting from it?

~~~
searchencrypt
Most people would expect a VPN to protect their data from websites, rather
than sharing it with Facebook.

~~~
product50
That is a different argument than what the author is making in the article.
Don't go on a tangent.

Also, Onavo was acquired by FB in 2013. What were you expecting FB to do with
it? It is not even the most popular VPN app.

~~~
willstrafach
I made no argument.

I presented factual and new information about what data is collected and asked
some questions.

~~~
product50
Your point was vpn collected all data sent and received from a device. You
could have just tweeted that as that is always true.

Instead, from what it appears, you were trying to prop up views by calling out
a facebook specific vpn and how it collected all data - as in you were
expecting that to behave differently.

~~~
willstrafach
I would recommend you go and read the post, because what you are saying is
simply not true.

I never claimed they are collecting all data sent and recieved from the
device, nor would I have any ability to credibly make that claim without
access to their servers. I only addressed what is observable in the app’s
code.

------
cityzen
Look, it is 2018, “Facebook” and “collecting data” shouldn’t be any surprise
to anyone. Stop using Facebook or submit to your data overlords but please,
PLEASE stop posting this stuff. Facebook should never be trusted.

~~~
willstrafach
> PLEASE stop posting this stuff. Facebook should never be trusted.

Hi. I wrote the post and I disagree. There is a great deal of rhetoric and
scaremongering these days when it comes to cyber security coverage in the
media. I think it is important to actually look at the available data and ask
direct questions derived from it.

I am fully aware that Facebook is not a bastion of privacy by any stretch, but
collecting observable facts regarding this matter can allow people to better
understand what is happening beyond “Facebook is invading your privacy” and
decide how they feel about it.

