Experts from security and privacy advice and comparison website Comparitech commented on two new developments affecting Facebook users this week:
German court rules Facebook use of personal data illegal
Lee Munson, Security Researcher at Comparitech:
“A German court ruling – that Facebook does not go far enough in obtaining consent from users before using their personal data – could have far-reaching consequences for the social media giant. With the incoming European-wide General Data Protection Regulation (GDPR) placing a heavy emphasis on consumer privacy, not to mention a legislative framework, such a decision in one member state is likely to carry across all of them.
To counteract this decision, Facebook needs to become far more transparent about the data it is collecting and the way in which it is using that information. Not only that, it also needs to be much, much clearer in how it communicates its data usage policy to its users.
In the meantime, and certainly before GDPR comes into effect, users should always take the time to read and understand the privacy policies provided by every website that they visit and should not be afraid to walk away from any that are too demanding for their own personal tastes.”
Facebook is pushing its data-tracking Onavo VPN within its main mobile app
Paul Bischoff, privacy advocate at Comparitech:
“As of this week, some Facebook users on iOS devices have a new feature called “Protect” added to the app’s navigation menu. Clicking the link directs the user to a download page for Onavo Protect, a VPN service. Onavo’s App Store page says it can “warn you when you visit potentially malicious or harmful sites, help secure your personal information when you’re on public Wi-Fi,” and “add an extra layer of protection to all of your mobile data traffic by using our VPN.”
But Onavo’s real purpose undermines those claims. The company was acquired by Facebook in 2013. Whereas reputable VPN services do everything they can to protect users’ privacy, Onavo monitors and records what users do online while connected. In particular, this allows Facebook to keep track of what other apps people use, how they use them, and when they use them. The company’s app store description goes on to say it is used to “improve Facebook products and services, gain insights into the products and service people value, and build better experiences.”
Like most VPNs, Onavo encrypts all the internet traffic traveling to or from a device and routes it through an intermediary server in a remote location. This hardens your security, particularly when connected to public wifi. It can also prevent your internet service provider from monitoring what you do online.
he difference is that reputable, paid VPN providers don’t monitor or record users’ traffic. The best of them don’t even log metadata like IP addresses and timestamps. Onavo users, however, are just trading one raw deal for another. Instead of your ISP monitoring everything you do online, Facebook can record all of that data instead. Facebook isn’t interested in protecting its users’ privacy. The Onavo acquisition is a specious attempt for the company to get its hands on more data—data that a serious VPN provider wouldn’t dare record and Facebook users should not hand over lightly.
Avoid Onavo Protect like the plague.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.