It's ethically dubious that the advertised function of the app is a VPN to "keep you and your data safe", while the reason it exists is so that all phone traffic goes to Facebook.
This is not clear from the app description -- there is only a generic message about monitored app use, to which users are so used as to not pay any attention.
> "The app's privacy policy says it may share information with "affiliates" that include its owner, Facebook. "As part of this process, Onavo receives and analyzes information about your mobile data and app use"
> A Facebook spokesman said it is clear when people download Onavo what information it collects and how it is used. "Websites and apps have used market-research services for years," the spokesman said, noting that the company also uses outside services to help it understand the market and improve services.
Then Facebook can attack the competition by seeing in real time how usage of competitive apps varies in response to new features and inform acquisition decisions.
> Onavo's data paved the way for the purchase of WhatsApp for $22 billion. Onavo showed the messaging app was installed on 99% of all Android phones in Spain -- showing WhatsApp was changing how an entire country communicated, the people said.
I once sat in on a pitch from an antivirus software company who was selling the ability to look at the full browsing history of people who had visited your website. You could see all of their searches, if they visited competitors, and more. Most of the time I get annoyed of the FUD of "they're selling my data!" but this was different. It was true and it was scary.
If I had to guess, it's all of them. By "them" I mean all the anti-virus packages that are targeted at consumers and small business. That seems to have been part of the business model starting over a decade ago. My guess is that the negative effects of anti-virus is what prompted Microsoft to first build free products and then eventually roll anti-virus into Windows.
I'd put it this way. My first inkling that something was wrong was when Norton Anti-Virus shifted to a subscription model and charged me full retail for a renewal back around 2006. What does disabling virus updates for ordinary users with the explicit intent of leaving them vulnerable says about a company's attitude in regard to long term trust?
I left Norton for Kaspersky and paid it protection money for a few years. It seemed refreshing at first. One day, a few years later, I learned how to look at my LAN traffic and saw how often I was sending data to its servers. It was more often than seemed reasonable. That's about the time Microsoft started providing its own free anti-virus and I started switching machines...the Windows XP Professional x64 box stayed on Kaspersky despite my misgivings until I upgraded it to Windows 7 because Microsoft did not port its anti-virus to that platform.
Spyware is often the basis for free software. Adobe Reader and Google Chrome and the Ask toolbar that shipped with Java are pretty obvious examples.
If I could take a guess I'd say its likely to be Avast, which has multiple browser extensions that send all your browsing activity to them, while simultaneously offering a service to remove other browser extensions.
They'll even set their own search engine as your default homepage.
I'm not anonymous. You can identify me by going to my profile if you'd like.
To be completely honest, I don't remember. It was 2 years ago and I sit on lots of these pitches. I remember pushing back on them about the methodology, hearing how the sausage was made, and noping right out.
I want my team to be able to spend marketing dollars efficiently but I would never compromise my ethics to do so. Luckily I work somewhere that I can give a justified 'no' and keep my job.
Actually, I can't identify you from your HN profile. I guess I could google your username or something, but I'm a little unclear why you wouldn't just, you know, say where you work.
> > [I'm not anonymous. You can identify me by going to my profile if you'd like. ...] Luckily I work somewhere that I can give a justified 'no' and keep my job.
Running a DNS service doesn't give you the ability to see which pages someone visited when they navigated a website - just that they resolved that website's host name for some reason.
It can log that you went somewhere that Google could not otherwise track you. And not just websites; mail, SSH, anything else. I'll wager a fair few people's attempts to avoid tracking for certain activities, clearing cookies, private mode, whatever, has been thwarted because they forgot they'd set this up.
Yes, that is correct. Google use every means possible to track you wherever you go. If that can't get your exact activity, they at least get something.
That's a big distinction though. I don't think Google has the obligation to make sure users are educated and informed. The deceptive practice of Facebook with Onavo is what people object to.
True this. I think it was on Ars Technica that I was downvoted to oblivion for raising the privacy implications of Google's DNS service.
There is a huge segment of the semi-tech literate crowd that feel wise for using it. I think it's because it's the only time they get to type in an IP address and it makes them feel l33t.
To be fair, Google DNS is more trustworthy than ISP DNS, and if you're using Chrome, you're not exposing anything that Google isn't reading anyway. DNS requests are much less informative than full browsing history.
It is probably better to use OpenDNS, but they used to do the same spammy redirect on NXDOMAINs that ISPs do (I think I heard they stopped that). To be honest, the real reason I don't use them much anymore is that their IPs are harder to remember. It's easier to do 8.8.8.8 or 8.8.4.4.
This reminds me of people who would re-sell search query data via aggregation of google referrals across a network (usually ad based.) In general, if there's a way to get that kind of data (search data is gold due to the ability to mine it for adwords niches), you can presume there are people out there who are going to skirt right up to the line of acceptable ethical behavior to try to aggregate it to sell it.
Yes, it sounds like malware. Had any other company done this, it would have caused outrage but for some reason Facebook just seems to get away with everything.
I remember how big a deal the News International phone hacking scandal was; this actually seems much worse.
Companies which track app download and engagement metrics also do this via VPN apps. That is how they are able to obtain such data. Not new, but also not discussed much.
If you can identify personal data (which if they can tie it to the user's Facebook account, that's pretty easy to do) it's likely (note: not a lawyer) a violation of the EU GDPR regulations (http://www.eugdpr.org/)
For crypto/security people on this thread, what encryption could app developers use to wrap their API call so that the least amount of information is leaked to this kind of man-in-the-middle services?
I.e, is it possible to:
1) hide which apps are installed on iOS/Android;
2) hide or obfuscate how frequently the app is used;
3) hide specific API calls
I assume at least #3 should be achievable with additional encryption.
A comment on the WSJ brings up an interesting point—if Zuckerberg were to run for president, would he have access to this information? What else could he have access to?
Given the amount of data Facebook has about everybody, I find that possibility worrisome. It seems obvious that a campaign strategist could segment individual states, regions and cities. They could target people based on likes and interests. They could get very granular with messaging—advertisers can do this through Facebook right now.
But what other information could be used that advertisers don't have access to? Application usage, website visits, WhatsApp message keywords?
When you are active and who you interact with, allowing them to hit you with the "perfect" message at the right time.
Having all your Likes - even the things you've unliked - so they know which celebrities to put in front of you.
Having all of your browsing history+who you interact with and the language you use gives them near-perfect understanding of your opinions on policies and politicians going back the entire life your account all over the internet.
That becomes incredibly simple to manipulate.. as I quoted yesterday:
> "We predicted that our manipulation would produce a very small effect, if any, but that’s not what we found. On average, we were able to shift the proportion of people favouring any given candidate by more than 20 per cent overall and more than 60 per cent in some demographic groups. Even more disturbing, 99.5 per cent of our participants showed no awareness that they were viewing biased search rankings – in other words, that they were being manipulated."
One could cynically say that the fake news spreading in this election on Facebook could have been a preliminary test of their algorithm for crowd control. Is such a theory really that far fetched, given news like this?
You should read up on J Edgar Hoover and the way he used FBI information to manipulate political figures who he saw as obstructing his mission.
I see Zuckerberg being in a position to do the same several steps in advance. If you send the right corporate execs the right embarrassing information they could certainly refrain from recommending that their company donate to an anti-Zuckerberg PAC.
Well, as I've read on this, there is good news and bad news. The good news is that the best predictors of how you're going to vote are already public. Wait, maybe that's the bad news. Either way, as you say one can already do very granular advertising through FB already, but having more data is not necessarily equivalent to having better information, and you're not necessarily trying to market optimally to every potentially identifiable segment. If you knew that peanut-related political ads played really well with left-handed leftist lecturers in LA, you might still not consider that worth taking action on. For most people things like age, income, education, party registration, and parent's party registration are sufficiently predictive.
You know, it's at times like this that the term limited Presidency sounds like a wonderful idea. Imagine a Zuckerberg getting elected time and again because his minions have us convinced that we love him.
Putin got around Russia's term limits by repeatedly swapping jobs with Medvedev (the prime minister). Zuck could do effectively the same thing by getting a string of cronies elected after himself. Term limits are of little use without checks and balances like an independent media.
This was a bad idea when the app was standalone—a no-name Israeli startup snooping into all your traffic—and now it's spyware. This is one major (if not THE) reason not to trust small startups with unclear privacy policies—they are often bought in order to (ab)use the data they have collected and continue abusing it from unsuspecting users. Terrible.
So, as the first tech hire/partner, what can we do to protect our users?
- Expire non-critical data after 30 - 90 days, e.g. activity data, not account data.
- When feasible, have the client encrypt the really private user data, only store encrypted blobs on the server (Protonmail does this).
- Send out a positively worded, subtle email notice to warn the more savvy users of a pending acquisition, as soon as that news is no longer private. Let them disseminate the real sitrep on social media and in the news. We did build a community, after all.
- Propose a data architecture update for great efficiency, in which redundant and superfluous data is cleaned and aggregated, before the big handover.
Are there any other suggestions? I am particularly curious if the laws of any one user's country could be used to complicate or thwart a bulk handover of private user data to a new owner. Europeans, I'm looking at you for advice.
By far the most important protection you can provide is to bind your future abilities with a "Ulysses pact"[1]. Cory Doctorow ave a great talk[2] last year about how important it is to create these limitations when you don't need them, because there is a good chance you won't be strong enough to resist temptation when problems start accumulating. In some situations, it may not even be your choice.
I'm glad WSJ followed up on their previous Onavo-Facebook story[1], but they didn't go far enough. They still didn't investigate the claims in many app store reviews of deceptive marketing that gets people to install this in the first place, i.e. "Your phone is infected by a virus, install this now!!" And yes, probably those ads can't be directly traced to Onavo/Facebook, but it's a free app with no affiliate commissions so they're only one with an incentive.
> A Facebook spokesman said it is clear when people download Onavo what information it collects and how it is used. “Websites and apps have used market-research services for years,” the spokesman said...
This is such a bullshit, disingenuous statement. It is not at all clear how Onavo uses your information. They have just one line in their description: "Onavo receives and analyzes information about your mobile data and app use." Here's why this is deceptive:
1. It is buried. It is the last line, below the "more..." fold so most users don't see it. Something this privacy-invasive should have a prominent, clear disclaimer at the top.
2. It is misleading. Even for the users that see it, they make no mention of using your data for market research. They prominently advertise a feature that reports on your overall data usage -- to you, the user. So this statement is just vague enough to imply that's what they're doing, without setting off alarm that they're spying on your every move for their own purposes.
And then they have the nerve to equate it with "market-research services" that everyone uses.. no big deal.. move along, nothing to see here.. What baloney. Typical market-research services do not involve spyware that you trick people into installing. Participants are supposed to know exactly what they're participating in. That is clearly not the case with this deceptive, exploitive app.
I now have a phone with Nougat, according to the Xposed developers, Xposed doesn't yet work reliably with it. On Marshmallow it worked very well, Xprivacy would show pop-ups when an app tries to do something, you can either allow this, refuse this or allow/refuse for a period of time.
Otherwise, Xprivacy's UI is a bit of a pain, but it's usable...
Do you remember what the performance impact of xprivacy was? I'm currently doing something similar with cyanogenmod's privacy guard + xposed app ops which allows statically revoking permissions, but Xprivacy seems to have a better little-snitch like ui
This is obviously unethical. That it might not be illegal is our failing. They provide false solutions to a fear that they themselves create.
What's next? Giving every child a free phone on their 13th birthday? They already "gifted" the world's poorest with free internet. It's easiest to abuse those who have the least power to fight back.
"By accepting this gift, you agree to our Terms and Conditions and Privacy Policy."
Now THIS is a glimpse of what could happen if internet service providers such as AT&T or Comcast are allowed to snoop on traffic.
This could happen in large-scale if we don't keep an eye on internet data privacy. Let's stay vigilant. Upvote to spread the words
"Alphabet Inc., through its Google Android operating system for smartphones, and Apple Inc. also have the ability to monitor how rivals' apps perform on their mobile platforms, but it isn't clear whether they use that information to shape their product road maps."
Does anyone have any other sources that can confirm or deny whether Google/Apple use their mobile OSes like Facebook uses Onavo?
I don't think that's a reasonable comparison. Alexa data is public, most of it can be accessed for free, and the rest at a reasonable price. Doubleclick is an advertising platform, it doesn't give insight into competitors metrics unless those competitors choose to share that information.
Does Google not monitor/monetize Google Fi, Google Fiber, Google Play Services, Google DNS, Google Chrome, Google Safe Browing, and on and on and on... (Google Maps, Google Location Services)
Sorry, which goalpost am I aiming for? This one seems to be moving...
Although not quoting until now (my mistake), my reply was specifically in response to your previous point:
I don't think that's a reasonable comparison [...] it doesn't give insight into competitors metrics unless those competitors choose to share that information
The lines begin to blur especially when discussing means of accessing the internet (especially most efficiently/safely) and/or core (semi-artificially-required) mobile phone operating system components!
If nothing else they offer the path of least resistance. Any best-of-breed solution (GMail, Google Docs, Chrome - all somehwat a matter of opinion) or de facto monopoly-ish position (search, free analytics, Google Play Services?) by Google offers the potential for them to gain info on competitors in much the same way Amazon can take over succesful verticals originally occupied by a third party.
I would argue most of Alexa's most import features are not free, doubleclick is still a cloak around the entire digital advertising industry that gives them access to actionable metrics of how websites are doing (i.e. maybe why they've pushed into job search recently).
One commonality among all of them is being marketed as a service for smaller-scale companies while having the double-edged sword on the backend that is most likely what they are really after
I recently tried to log into their mobile, javascript-less site, and in order to let me continue to log in they required a photo of my face and my phone number.
I've had to submit photos for online financial services/compliance, but not a social network that is tied into all kinds of other data.
And that's what they asked because I wasn't running javascript. It raised my concerns about what they do when I do have javascript enabled on their services. And I work in a company that collects data from its clients -- but nowhere near their scale.
I think you're deluding yourself if you believe Google is far behind Facebook in the evil department. Both need to be put in their place, but I doubt we can count on the US government to make that happen.
I was considering using this app about 2 years ago, since I wanted to try out a VPN and this was near the top of the list in the Apple App Store. However, one glance at the fact that it was owned by Facebook made me “nope” out immediately. I’m glad to have made the right decision.
From a pure strategy perspective, it's also quite brilliant. Without a real app store of its own, they don't have the directional data that the App Store or Google Play have.
This type of "spying" has been going on for a long long time [1]. It's just that people have conveniently ignored it, and the companies that use this data have not been outed. See SimilarWeb, Jumpshot and other clickstream companies that buy Google extensions and keep track of every single URL you visit.
This is not clear from the app description -- there is only a generic message about monitored app use, to which users are so used as to not pay any attention.
> "The app's privacy policy says it may share information with "affiliates" that include its owner, Facebook. "As part of this process, Onavo receives and analyzes information about your mobile data and app use"
> A Facebook spokesman said it is clear when people download Onavo what information it collects and how it is used. "Websites and apps have used market-research services for years," the spokesman said, noting that the company also uses outside services to help it understand the market and improve services.
Then Facebook can attack the competition by seeing in real time how usage of competitive apps varies in response to new features and inform acquisition decisions.
> Onavo's data paved the way for the purchase of WhatsApp for $22 billion. Onavo showed the messaging app was installed on 99% of all Android phones in Spain -- showing WhatsApp was changing how an entire country communicated, the people said.