The Dark History of Onavo
In the tech world, the year 2018 is most often associated with the Cambridge Analytica scandal. However, in the shadows of those events, another controversy unfolded—one that sheds light on Facebook’s (now Meta) ruthless strategy for market dominance. This is the story of Onavo Protect, a free VPN that, instead of protecting users, became a tool for mass surveillance.
The "Copy, Acquire, Kill" Strategy
· Instagram: In 2012, Facebook purchased the platform for $1 billion, which proved to be a brilliant business move.
· Snapchat: When Snapchat’s creators rejected a $6 billion buyout offer, Facebook decided to find another way to defeat them.
Onavo: A "Trojan Horse" in the Smartphone
Because users' web traffic passed through Onavo's servers, Facebook gained insight into which apps people were using most frequently. It was specifically data from Onavo that showed Zuckerberg the rising power of WhatsApp in Europe, leading to its acquisition for a record $19 billion.
Project Ghostbusters: Breaking the Encryption
The solution was incredibly invasive. Onavo Protect nudged users into installing a root certificate. This allowed Facebook to perform a man-in-the-middle attack on its own users:
1. When a user opened Snapchat, Onavo intercepted the traffic.
2. Thanks to the installed certificate, Facebook’s servers could decrypt Snapchat’s analytical data.
3. Facebook could see exactly which features were popular, allowing them to successfully clone "Stories" onto Instagram—a move that nearly destroyed Snapchat.
The Scandal of Project Atlas and "Facebook Research"
Facebook paid users (including teenagers as young as 13) up to $20 a month to install an app called "Facebook Research." This app, installed by bypassing Apple's official App Store, gave Facebook almost unlimited access to:
· Private messages and videos,
· Browsing history,
· Real-time location data.
Consequences and Legacy
In 2023, an Australian court fined Meta's subsidiaries 20 million Australian dollars (approximately $13 million USD) for misleading consumers regarding Onavo's true functions. For a company earning tens of billions of dollars annually, these fines were considered negligible.
The history of Onavo serves as a warning against "free" services. It demonstrates how far corporations are willing to go to gain a market advantage, sacrificing the trust and privacy of their users in the process. Facebook's mission of "connecting the world" was, in this instance, carried out under the motto: "move fast and break privacy."
https://techcrunch.com/2019/01/29/facebook-project-atlas/
https://www.information-age.com/facebook-buys-mobile-analytics-startup-onavo-28757/
https://www.youtube.com/watch?v=SOQynHuWPeI
https://techcrunch.com/2019/01/29/facebook-project-atlas/
https://www.theverge.com/2024/3/26/24112456/facebook-snapchat-project-ghostbusters-encryption-decryption-court-documents
https://www.accc.gov.au/media-release/facebook-subsidiaries-fined-20-million-for-misleading-consumers-over-onavo-protect-app
https://www.blumenthal.senate.gov/newsroom/press/release/blumenthal-demands-answers-from-facebook-on-invasive-data-collection-program-targeting-teens
https://www.facebook.com/
![Chapter 1: The Memory of the Present[Refined Version]](https://cdn.bulbapp.io/frontend/images/2ad41d20-8b16-4a1a-b8ab-debe64be8bdf/1)
