Another week, another jaw-dropping, bomb-shell Facebook privacy violation.
Josh Constantine, writing for TechCrunch:
Desperate for data on its competitors, Facebook has been secretly paying people to install a "Facebook Research" VPN that lets the company suck in all of a user's phone and web activity, similar to Facebook's Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.
To put this in context, Facebook had the kids basically give them root access to their phones so Facebook could, in theory, spy on everything they did. It's beyond creepy. It's grotesque.
Facebook was, initially, its usual defensive, deflective self. Then:
After this story was published, Facebook later told TechCrunch it will shut down the iOS version of its Research app in the wake of our report.
Apple has already retaliated:
"We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization," said a spokesperson. "Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data."
It's a proportional response, though the internet is filled with people angry enough to demand Apple ban all the Facebook apps from the App Store as well now. (Though Facebook is a web service, so unless Apple blacklists their domains at the root level, Safari would serve just as easily as a gateway on mobile as it does on the desktop.)
As it is, this means all of Facebook's internal iOS apps have stopped working. That includes company directories. In other words, it will be a huge pain for everyone working there that uses an iPhone or iPad, and an even bigger pain for Facebook's IT team to try to work around.
Though, Mark Zuckerberg may just use it as an excuse to push the company further towards Android, like he did following TIm Cook's criticism last spring.
Google, to the best of my knowledge, hasn't addressed any of this at all, in any way, ever.
Security researcher Will Strafach has been digging through the misdeeds on Twitter.
they didn't even bother to change the function names, the selector names, or even the "ONV" class prefix. it's literally all just Onavo code with a different UI. pic.twitter.com/ruqH69pUfqthey didn't even bother to change the function names, the selector names, or even the "ONV" class prefix. it's literally all just Onavo code with a different UI. pic.twitter.com/ruqH69pUfq— Will Strafach (@chronic) January 29, 2019January 29, 2019
While this is egregious on its own, taken together with Facebook's numerous other violations, it shows a pattern of behavior so anti-user and anti-social that something needs to be done.
It's clear Facebook is addicted to its own data drug and can't and won't regulate its intake in any meaningful way. Instead, it will do anything, no matter how obscene, to keep getting data hits.
The only option at this point is U.S. and E.U. intervention and "treatment".
