Facebook has been secretly paying people to install a “Facebook Research” virtual private network (VPN) that gives the company unlimited access to all of a user’s phone and web activity.
The new VPN is similar to Facebook’s Onavo Protect app that Apple banned in June and removed in August, TechCrunch reported.
This time, the tech giant is sidestepping the Apple Store but might be violating Apple’s policy in order to decrypt and analyze the data of its downloaders. Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits.
The surveillance has been running since 2016, with users 13 to 35 being paid $20 a month — plus referrals — to sell their privacy by installing the iOS or Android “Facebook Research” app.
“Facebook even asked users to screenshot their Amazon order history page,” the tech site reported. The program runs via beta testing services Applause, BetaBound and uTest to hide Facebook’s involvement, and is referred to in some internal documentation as “Project Atlas” — a fitting name, TechCrunch noted, for Facebook’s effort to map new trends and rivals around the globe.
After its report went live, Facebook told TechCrunch it will remove the iOS version of the program but that it will continue to run on Android.
“If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed,” Guardian Mobile Firewall’s security expert Will Strafach told the site.
“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach continued. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”
Thanks for reading InsideHook. Sign up for our daily newsletter and be in the know.
