Facebook pays $ 20 per month for installing its pseudo-VPN
Many Habr's readers do not believe that Russians can earn up to 5,000 rubles a month on the sale of their personal data, as FRIA experts said . But the latest scandal with Facebook shows that this assessment has a right to exist. It turned out that Facebook has been running a secret Atlas project for more than two years, within which people pay up to $ 20 a month to install a branded pseudo-VPN on a smartphone. It installs the root certificate and tracks user actions.
TechCrunch reporters conducted an investigation and found out that this pseudo-VPN is based on the Onavo Protect application code, which Apple banned from distributing through the App Store in August 2018. After that, Facebook released a new Research application, which essentially performs the same function.
The Facebook Research VPN application bypasses Apple’s ban on certain types of surveillance, posing as a beta version of the application and extending the Applause, Betabound and Utest services, writes TechCrunch. The application comes with a root certificate, allowing you to intercept "private messages in social media, chat rooms in instant messaging applications, including photos / videos sent to others, emails, web searches, web browsing and current location information."
It is not yet known which of the listed data is actually collected by the application. Facebook has confirmed that it uses the application to “collect data on usage habits”.
The project codenamed Project Atlas invites users aged 13 to 35 years. To receive a reward, they must keep the VPN connection active and send data to Facebook.
The collected data can potentially help Facebook more accurately profile all users, linking online behavior and using other applications with shopping choices: among other things, users are asked to take screenshots of their orders on Amazon. This information can also be used for advertising targeting.
Technical analysis of the application on TechCrunch order was performed by Strafach company specialists. They confirmed that the data from the program is sent to the address vpn-sjc1.v.facebook-program.com , which is associated with the IP address of the prohibited Onavo application, and the domain facebook-program.com is actually registered on Facebook.
The application can be updated without interaction with the App Store and is associated with an email address. PeopleJourney@fb.com . Also verified a digital certificate: Facebook extended it on June 27, 2018 - a few weeks after Apple announced its new rules prohibiting the similar Onavo Protect application.
“It’s hard to say what data Facebook actually collects (without access to their servers). You can only determine what information they are accessing on the basis of the code in the application, ”Strafach experts explain. - And it paints a very disturbing picture. They may argue that they retain only a very specific limited set of data, and this may be true, but in reality it all comes down to how much you trust their words. The most condescending description of this situation would be that Facebook did not think too much about the level of access they require for the program ... which in itself is an astounding level of negligence, if that is the case. ”
On the BetaBound pageIt is indicated that users are encouraged to use $ 20 per month gift cards for the application. In addition, $ 20 is paid for each attracted friend.
In an official comment, a Facebook representative confirmed that the company uses the program to find out how people use their phones and other services: “Like many companies, we invite people to participate in research that helps us determine what we can do better. Since this study aims to help Facebook understand how people use their mobile devices, we have provided extensive information about the types of data we collect. We do not provide this information to third parties, and people can stop participating in the project at any time. ”
Facebook said the application does not break the rules.Apple Enterprise Certificate for iOS.