Earlier this week we realized that the RF intends to pay Russian consumers for selling their personal data at around 5000 rubles ($ 75) a month or about 60,000 rubles ($ 910) a year. The Russians have been too skeptical about the idea that they will have the opportunity to win this way, but another scandal with Facebook shows that this is quite possible. It turned out that the social network for two years developed the secret project Atlas, within which pays $ 20 a month to install its pseudo VPN client on consumer smartphones. The VPN client in question obtains a root certificate for the phone and monitors all user actions.
TechCrunch experts have investigated and revealed that the pseudo-VPN client in question is based on the source code of the Onavo Protect application, which Apple banned from being spread by the App Store in August 2018. Shortly thereafter, Facebook introduced the new application research, which practically executes the same resources.
The application Facebook search VPN does not comply with Apple's ban on performing a certain type of tracking, is presented as a beta and is distributed through Applause, Betabound and Utest channels. The application comes with root certificate (root certificate) that allows the capture of personal messages in social media, chat, photos and videos, email, web search, web browsing, internet history and current location information. user.
It is not yet known which of these data the application in question sends and writes to remote servers. Interestingly, Facebook has confirmed the use of this application to "collect data on user habits". Several key factors were ignored in the TechCrunch publication. There is nothing secret about the project itself – the application is called Facebook Research. This is not espionage because all project participants have gone through a special procedure to know what data will work and which data will be paid. The smaller users in the project are less than 5% and all participate with the written consent of their parents
TechCrunch ordered the technical analysis of the pseudo VPN application to be made by Strafach. Its experts confirmed that the program sent the data to vpn-sjc1.v.facebook-program.com, directly related to the IP address of the Onavo application, and the domain facebook-program.com is actually on Facebook.
The data collected could help Facebook create a more accurate profile of all users by linking Internet behavior to other online shopping applications. Facebook even instructs users to take screenshots of their purchases on Amazon. This information is used to better target your ads.
In a codename project Atlas of projects the social network invites people from 13 to 35 years. To receive the reward, these users must leave the VPN connection active and thus provide their data to Facebook.
The app can be updated without interacting with the App Store and is linked to the [email protected] email address. The digital certificate was also verified: Facebook extended its deadline on June 27, 2018 – several weeks after Apple announced the new rules prohibiting the use of Onavo Protect applications.
"It's hard to say exactly what Facebook data collects. But, based on the source code, we can determine what information access to the social network gets"Strafach experts said."All this attracts a very disturbing image. They can claim the registration of just a certain type of data, and this may be true. But in real life, it all boils down to how well Facebook can be trusted. The most mitigated description of this situation is that Facebook does not think much about the new access you want for your application … That alone is a great degree of neglect.".
The official BetaBound page officially says that users are getting the app from their smartphone to work gift cards with amounts of $ 20 per month. Besides that, Facebook pays another $ 20 for each additional participant involved in the project. Attention is also drawn to the fact that youth users are involved in the project.
On this occasion, a Facebook official officially confirmed that the company is using this program to understand how people use their smartphones and various services online. "Like many other companies, we invite people to take part in various studies that help us understand how we can do things better. And since this study is used to help Facebook understand more accurately how people are using their mobile devices, we provide detailed and comprehensive information about the type of data we collect. We do not provide this information to third parties and individuals may, at any time, terminate your participation in the project.".
Facebook added that the application violated the Apple Enterprise Certificate policy for iOS.
Shortly after TechCrunch released this information, Facebook announced that the Facebook Research application is no longer available to users of the iOS mobile operating system. Verge announced that the program has continued and will continue to be available to Android users.
Facebook, for its part, criticized the TechCrunch material. "There are several important factors in publishing TechCrunch. There is nothing secret about the project itself – the application is called Facebook Research. This is not espionage because all project participants have gone through a special procedure to know what data will work and which data will be paid. The smaller users in the project are less than 5% and all participate with the written consent of their parents".