187,000 people fell victim to Facebook’s fake VPN app

Facebook Fake VPN

Figures released by Facebook to US Senator Richard Blumenthal have shown that a hugely controversial fake VPN app was used by a total of 187,000 people before being withdrawn.

The Onavo controversy  

Regular readers may recall that last year researchers took a close look at a new Facebook app called Onavo. While Onavo was pitched as being a free VPN app it actually delivered the exact opposite of a real and trustworthy VPN like ExpressVPN.

Far from protecting user’s online security and privacy, Onavo snooped on all of its users online activity and sent all of the data back to Facebook’s servers.

Facebook used this data to monitor people’s use of rival apps as well as their own internet habits. The data was also used by Facebook to decide which new features to develop and which rival apps to try and buy. Onavo was apparently central to their decision to purchase WhatsApp, for example.

Once the truth about Onavo was revealed, Facebook at first tried to deny it before quickly finding themselves embroiled in yet another privacy-related public relations disaster. Proper VPNs like ExpressVPN were quick to target Onavo users and privacy campaigners worked hard to spread the truth about Onavo.

This campaign came to a head towards the end of last year when Apple kicked Onavo out of their app store on the grounds that it was violating their rules on user privacy.

Facebook argued that the way Onavo worked was no secret by this point but Apple stuck to their guns and the writing was on the wall for Onavo.

Facebook’s ‘Research VPN’

Shortly after they launched a new product known as Research VPN. This essentially did precisely the same thing as Onavo but in a slightly more transparent way.

There was at least no pretence of this being a proper VPN. It was simply a tool where people could be paid small sums for sharing their data with Facebook. The use of the term VPN in its name was rather misleading.

Nevertheless, in January of this year, Apple banned that app too. It is now totally defunct although Facebook has just launched a new app in the Google Play store called Study, which does a similar thing.

Facebook has never been open about how many users Onavo had but they have come clean about their Research VPN tool.

According to the letter to Senator Blumenthal, which has been seen by TechCrunch, Research VPN had a total of 187,000 users. The bulk of these were located in India but there were 31,000 US citizens signed up for the service. This included 34,000 teenagers between the age of 13 and 17 with 4,300 of those being based in the US.

These figures are only estimates but will be deeply worrying for privacy activists. The fact that so many young teenagers got caught up in the scheme is especially troubling.

Facebook did also claim in the letter that they didn’t decrypt the vast majority of the data received from Research VPN. But at the same time, they also claimed to have deleted “all user-level market insights” which included any health or financial data. These two statements don’t seem to be entirely consistent.

What this tells us about Facebook

The revelations about how Facebook used their misleading Research VPN app tell us a great deal about Facebook. Firstly, their persistence in pushing a VPN-type app which gives them access to all of their user’s internet data shows just how valuable this data is to them.

The fact that so many young people got caught up in the scheme and Facebook had no qualms about hoovering up their data too shows how ruthless they are happy to be in getting hold of and exploiting that data.

It also shows that there are a great many people, especially in developing countries, who are happy to sell out their data in exchange for relatively small sums of money.

This is highly inadvisable. Your internet data can tell companies a great deal about you and giving them permission to use this data as they see fit can expose you to a significant amount of risk. You have no way of knowing with whom or where your data will end up.

The revelations about Onavo and Research VPN should also tell you not to trust anything purporting to be a VPN from Facebook or any similar companies. They have no vested interest in your online security and privacy and every interest in gaining access to your data.

If you want to keep your online data private and secure, the best way to do so is to use a reputable VPN. Our top recommendations for this are ExpressVPN, NordVPN, and IPVanish. But there are others on the market too.

The best advice is to have a browse round our site to research which VPN is best for you. But always opt for a proper VPN, not a hybrid tool designed by a tech giant with ulterior motives.

David Spencer

Author: David Spencer

David is VPNCompare's News Editor. Anything going on in the privacy world and he's got his eye on it. He's also interested in unblocking sports allowing him to watch his favourite football team wherever he is in the world.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.

ExpressVPN deal