See More

Facebook Under Fire: Suspected VPN Data Theft Unveiled

2 mins
Updated by Bary Rahma
Join our Trading Community on Telegram

In Brief

  • Facebook faces allegations of VPN data theft, spotlighted by HaxRob's analysis and Naomi Brockwell's commentary.
  • Onavo, acquired by Facebook, suspected of intercepting user data via root certificates and fake digital certificates.
  • Actions raise ethical concerns, with practices including invasive app permissions and potential man-in-the-middle attacks.
  • promo

Facebook has come under scrutiny for its alleged involvement in VPN data theft.

Tech analyst HaxRob, through his in-depth analysis, brought the issue to light, while tech journalist Naomi Brockwell further commented on it, revealing a complex web of user data interception and manipulation.

Facebook’s Alledge Data Theft Via VPN

HaxRob’s investigation unveiled that Facebook, leveraging its acquisition of Onavo, engaged in practices that could potentially intercept and analyze user data transmitted across other applications. By integrating root certificates into users’ mobile devices, Facebook purportedly could monitor and intercept traffic from a myriad of apps.

The controversy centers around Onavo. Before its removal from app stores, it ostensibly offered VPN services under the guise of user safety. However, archived descriptions and app functionalities hint at a darker purpose.

“This code, which included a client-side “kit” that installed a “root” certificate on Snapchat users’ mobile devices, also included custom server-side code based on “squid” through which Facebook’s servers created fake digital certificates to impersonate trusted Snapchat, YouTube, and Amazon analytics servers to redirect and decrypt secure traffic from those apps for Facebook’s strategic analysis,” a court filing reads.

Such actions not only breach user trust but also skirt the boundaries of ethical use of technology, as HaxRob pointed out, “The app managed to establish connectivity back to Facebook’s servers, despite presenting itself as a tool for user safety.”

Read more: What Is the Best VPN in 2024?

Naomi Brockwell’s comments further cement the severity of the situation. She described Facebook’s actions as a “man-in-the-middle attack,” accessing SSL traffic and sensitive user data without consent.

“Looks like Facebook did a man-in-the-middle attack using their VPN service to steal data from other apps. This enabled them to see all SSL traffic, by creating a fake digital certificate to impersonate Snapchat, YouTube, Amazon, etc,” Brockwell explained.

The technical dissection of the Onavo app’s operations reveals alarming permissions requests, including overlay capabilities over other apps, access to historical and deleted app usage, and the management of phone calls. Under the pretext of enhancing user safety, these permissions raise significant red flags about the extent of data Facebook could access and manipulate.

Critically, the practice of installing certificates for intercepting app traffic, though hindered by recent Android security improvements, showcases the lengths to which companies might go to gather user data. The exposure of such practices, including the potential collection of mobile subscriber IMSI numbers and the extensive telemetry data amassed from the app’s 10 million downloads, reflect the imperative for stringent regulatory oversight.

This incident is not isolated. It echoes previous fines, like the $20 million penalty imposed by Australia’s ACCC, highlighting the global concern over Facebook’s data handling practices.

Top crypto platforms | April 2024

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Frame-1934.png
Bary Rahma
Bary Rahman, a talented journalist, graduated from New York University with a degree in Journalism. Skilled in SEO, she has worked with CNN, showcasing her investigative skills and storytelling abilities. In addition to her journalistic accomplishments, Bary has contributed her expertise as a content writer for Binance, crafting insightful articles on the dynamic crypto industry. Her unique fusion of journalism and SEO makes her a versatile and highly respected figure in the industry.
READ FULL BIO
Sponsored
Sponsored