Don’t Use Onavo (Facebook’s VPN)

There’s a new option in the Facebook mobile app called “Protect”. Click this will take you to the app store and point you at the VPN service called Onavo. Facebook bought this company back in 2013 and it’s very clear that the purpose of pushing people to use this service is to collect more data on you.

To refresh your memory, a Virtual Private Network (VPN) is a tool that hides your internet traffic by routing it through an encrypted virtual “tunnel”. This protection only goes from your device (computer or smartphone) to the VPN service’s computers. But most people are just trying to hide their data and activities from people on the same network – like when connecting from a coffee shop, airport or hotel. Lately, with the reversal of privacy regulations, people are using it to hide their goings-on from their Internet Service Provider, too.

Removing the “P” from “VPN”

But when you use a VPN, you’re implicitly shifting your trust from your local network owner to your VPN service. The VPN service provider can see everything you’re doing. But most VPN providers are explicitly promising not to track what you’re doing. That’s the whole point of the service!

Not so with Facebook and Onavo. From their app store description: “Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.” Translation: they’re tracking everything you do.

Just say no. Using a VPN is a great idea – just not this one. Check out, TunnelBear or VyperVPN. More info on protecting your privacy can be found on my detailed blog post here.

Need practical security tips?

Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.

Don't get caught with your drawbridge down!

Scroll to Top