Readers with long memories may recall that, some five years ago, Meta, or Facebook as it was then known, got in a spot of bother over a so-called VPN app they launched called Onavo.
Well, Onavo is proving to be the gift that keeps on giving for Mark Zuckerberg as this privacy-busting fake VPN has just landed him with another hefty fine, this time from an Australian court, for no less than US$14 million or a cool $20 million in Australian dollars.
What was Onavo?
Facebook first bought Onavo back in 2013. At the time, it was reported to have cost them US$200 million.
They sold it to the public as a VPN, but in fact, it was primarily an analytical tool used by Facebook to monitor people’s use of their rival apps.
It was data harvested by Onavo that showed Facebook that WhatsApp was massively outperforming their own Messenger app and convinced them to pay a cool US$19 billion to acquire it in 2014.
It is thought that Onavo also had a role in the acquisition of Instagram, two mergers that competition authorities have since expressed regret for approving.
Onavo was a free app and both endorsed and promoted by Facebook, so, inevitably, it got an awful lot of downloads. According to this particular court case, there were more than 270,000 downloads of Onavo in Australia alone.
The problem is, Onavo did not do what it said on the tin.
What Onavo claimed and what it did
Facebook claimed that Onavo was a VPN; a privacy app that would help keep users’ personal data private. And because it was free, yet being hawked by a mainstream and popular social media site, many people took this to be the holy grail of VPNs, a free and trustworthy VPN.
This wasn’t the case, of course. Indeed, far from being an app that would keep user data private, a glance at the app’s small print showed that it actually hoovered up just about every last bit of data that your device was generating and sent that off to Facebook’s servers.
Far from protecting user privacy online, Onavo dramatically undermined it.
A Federal court in Australia has now concluded that Facebook, or Meta as they are now known, deliberately “deceived” users into installing the app by pretending that it would protect online privacy when actually it did the exact opposite.
As a result of this ruling, Australia’s Federal Court fined Meta’s subsidiaries Facebook Israel and Onavo Inc. US$7 million each for sharing user data with their parent for commercial benefit.
A hefty fine with more to come
Commenting on the conclusion of the case, Australia’s competition regulator said: “We took this case knowing that many consumers are concerned about how their data is captured, stored and used by digital platforms.”
They continued, “We believe Australian consumers should be able to make an informed choice about what happens to their data based on clear information that is not misleading.”
They are not wrong. And such a clearcut ruling now also appears to open Meta up to similar court cases in other countries around the world.
Onavo was heavily downloaded in plenty of different legal jurisdictions, including the UK, before it was finally taken down. Each and every one of those countries is a potential lawsuit waiting to happen.
Even in Australia, Meta is facing more time in the dock. It is still facing a separate civil court action Down Under by Australia’s data watchdog over its dealings with disgraced data analytics firm Cambridge Analytica.
As $200 million purchases go, Onavo looks like a bad bit of business. But, despite the app being taken down in 2018 and 2019 and essentially no longer existing, in helping Facebook to acquire WhatsApp and Instagram, it has arguably done its job in making Meta the global digital behemoth it is today, even if that was at the expense of user privacy.
Clearly, Mark Zuckerberg is still living by that famous mantra he espoused back in the early days at Harvard just after founding Facebook; “People just submitted [their data]. I don’t know why. They trust me. Dumb f*cks.”