Comment by oefrha
1 year ago
> The analysis is just a bunch of circumstantial observations that _it is possible_ FB was doing more skeezy stuff than was previously known.
No, it was already well-known way back in 2018, which is why that piece of shit app was withdrawn from App Store in the first place. Facebook’s enterprise account later got suspended in 2019 for distributing the paid piece of shit through enterprise MDM.
The claim in the OP is that they might have been MiTM’ing arbitrary users, I believe the previously reported claims were that they only MiTM’d paid research participants. (Please share some links if you have evidence to the contrary, I’d love to get to the bottom of this.)
Onavo isn’t paid, it’s just a “free” VPN app. There’s no paid participation, you just download it.
https://www.bitdefender.com/blog/hotforsecurity/facebook-pul...
https://www.wsj.com/articles/facebook-to-remove-data-securit...
Edit: Typo.
That doesn't mean that the MITM traffic interception would be enabled for regular users that have downloaded the app from the store. As stated both in the article and in the comments here, both "free" VPN and "paid market research" VPN used the same codebase. Is there any evidence (other than "facebook bad") that the MITM part was enabled for anyone other than consenting/getting paid participants?