{"id":30706,"date":"2024-03-28T10:19:57","date_gmt":"2024-03-28T10:19:57","guid":{"rendered":"http:\/\/icoinmarket.com\/is-facebook-stealing-your-data-vpn-breach-revealed\/"},"modified":"2024-03-28T10:19:57","modified_gmt":"2024-03-28T10:19:57","slug":"is-facebook-stealing-your-data-vpn-breach-revealed","status":"publish","type":"post","link":"https:\/\/icoinmarket.com\/is-facebook-stealing-your-data-vpn-breach-revealed\/","title":{"rendered":"Is Facebook Stealing Your Data? VPN Breach Revealed"},"content":{"rendered":"
\n <\/p>\n
\n
Facebook has come under scrutiny for its alleged involvement in VPN data theft. <\/p>\n
Tech analyst HaxRob, through his in-depth analysis, brought the issue to light, while tech journalist Naomi Brockwell further commented on it, revealing a complex web of user data interception and manipulation.<\/p>\n
Facebook\u2019s Alledge Data Theft Via VPN<\/h2>\n
HaxRob\u2019s investigation unveiled that Facebook, leveraging its acquisition of Onavo, engaged in practices that could potentially intercept and analyze user data transmitted across other applications. By integrating root certificates into users\u2019 mobile devices, Facebook purportedly could monitor and intercept traffic from a myriad of apps. <\/p>\n
The controversy centers around Onavo. Before its removal from app stores, it ostensibly offered VPN services under the guise of user safety. However, archived descriptions and app functionalities hint at a darker purpose. <\/p>\n
\n
\u201cThis code, which included a client-side \u201ckit\u201d that installed a \u201croot\u201d certificate on Snapchat users\u2019 mobile devices, also included custom server-side code based on \u201csquid\u201d through which Facebook\u2019s servers created fake digital certificates to impersonate trusted Snapchat, YouTube, and Amazon analytics servers to redirect and decrypt secure traffic from those apps for Facebook\u2019s strategic analysis,\u201d a court filing reads. <\/p>\n<\/blockquote>\n
Such actions not only breach user trust but also skirt the boundaries of ethical use of technology, as HaxRob pointed out, \u201cThe app managed to establish connectivity back to Facebook\u2019s servers, despite presenting itself as a tool for user safety.\u201d<\/p>\n
Read more: What Is the Best VPN in 2024?<\/p>\n\n
\n
\n
Let\u2019s grab a copy of Facebook\u2019s banned VPN app from 2019 and install it to see how it manages to spy on other apps on the phone.<\/p>\n
Note how it guides me to click invasive permissions such as allowing it to appear on top of other applications. A mobile malware technique. pic.twitter.com\/cUKKRFwJOF<\/p>\n
\u2014 HaxRob (@haxrob) March 27, 2024<\/p><\/blockquote>\n<\/div>\n<\/figure>\n
Naomi Brockwell\u2019s comments further cement the severity of the situation. She described Facebook\u2019s actions as a \u201cman-in-the-middle attack,\u201d accessing SSL traffic and sensitive user data without consent.<\/p>\n
\n
\u201cLooks like Facebook did a man-in-the-middle attack using their VPN service to steal data from other apps. This enabled them to see all SSL traffic, by creating a fake digital certificate to impersonate Snapchat, YouTube, Amazon, etc,\u201d Brockwell explained. <\/p>\n<\/blockquote>\n
The technical dissection of the Onavo app\u2019s operations reveals alarming permissions requests, including overlay capabilities over other apps, access to historical and deleted app usage, and the management of phone calls. Under the pretext of enhancing user safety, these permissions raise significant red flags about the extent of data Facebook could access and manipulate.<\/p>\n
Critically, the practice of installing certificates for intercepting app traffic, though hindered by recent Android security improvements, showcases the lengths to which companies might go to gather user data. The exposure of such practices, including the potential collection of mobile subscriber IMSI numbers and the extensive telemetry data amassed from the app\u2019s 10 million downloads, reflect the imperative for stringent regulatory oversight.<\/p>\n
This incident is not isolated. It echoes previous fines, like the $20 million penalty imposed by Australia\u2019s ACCC, highlighting the global concern over Facebook\u2019s data handling practices. <\/p>\n
\n
\n
Disclaimer<\/p>\n
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our\u00a0Terms and Conditions,\u00a0Privacy Policy, and\u00a0Disclaimers\u00a0have been updated.<\/p>\n<\/div>\n<\/div><\/div>\n