• just another dev@lemmy.my-box.dev
    link
    fedilink
    English
    arrow-up
    37
    ·
    8 months ago

    What the title and bot don’t mention: They did so by installing spyware on phones of users of a vpn they acquired:

    After Zuckerberg’s email, the Onavo team took on the project and a month later proposed a solution: so-called kits that can be installed on iOS and Android that intercept traffic for specific subdomains, “allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage,” read an email from July 2016. “This is a ‘man-in-the-middle’ approach.”

    What’s more:

    Later, according to the court documents, Facebook expanded the program to Amazon and YouTube.

    Obligatory this is why you shouldn’t use a free/cheap vpn.

        • Synnr@sopuli.xyz
          link
          fedilink
          arrow-up
          4
          ·
          8 months ago

          This only works if you don’t want the privacy enhancing aspect of advertisers not tying your activity to an IP address.

          Beyond more safely using open Wi-Fi or bypassing a censoring ISP, there isn’t much reason there.

          • just another dev@lemmy.my-box.dev
            link
            fedilink
            English
            arrow-up
            4
            ·
            8 months ago

            That’s debatable. In my estimation, by using a “service vpn” you’re giving advertisers some other kind of demographic information, namely that you’re the kind of person that pays for a vpn.

            • Synnr@sopuli.xyz
              link
              fedilink
              arrow-up
              3
              ·
              edit-2
              8 months ago

              Is that better or worse than giving advertisers the data point that you’re high-tech knowledgable and browse personal accounts from a server in a datacenter?

              • just another dev@lemmy.my-box.dev
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                8 months ago

                Yeah, that’s why I think it’s debatable. It’s a lot easier to make those decisions on traffic coming from a known vpn ip, versus all vps providers in the world - many of which have corporate uses.

                On the other hand - if you’re smart enough to set up a vpn, you’ll also be smart enough to set up ad blocking, so the point is kinda moot anyway. Plus you’ll be a lot less likely to have your traffic logged opposed to a service vpn.

                • Synnr@sopuli.xyz
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  8 months ago

                  That’s true. I’d only use a VPN service that’s been audited (either by a security company or, preferably, law enforcement) not to keep logs. There are only a small handful of those however. It really all depends on your needs. There are far more VPN services that do log and sell the data, and/or turn your host device into a proxy for other users/services.