Tag Archives: Onavo

Security News Bites for the Week Ending August 31, 2018

Spyware Company Leaves Terabytes of Data Unprotected

Spyfone, a software company that allows parents to spy on their kids, spouses to spy on each other and employers to spy on employees allowed the world to spy on everyone.

The data left exposed on Amazon included photos, text messages, contacts, location information, Facebook messages and other information.

In addition to leaving all of their customer’s data exposed, their own backend servers were also left unprotected.

I guess you might call it Karma for spying on people.  Source: Motherboard.

California Tech Execs Pushing Feds to Reverse Cali Privacy Law

Between GDPR, CCPA and other new privacy laws, the tech industry is concerned that their business model is at risk.

As a result Google, Microsoft, IBM, Facebook and others are lobbying aggressively to the Trump administration and Congress to pass a weak federal privacy law that would usurp California’s law and make it easier for those companies to continue their business model as is.

Whatever happens in DC (don’t count on anything happening, but you never know), that won’t affect the changes in Europe and many other countries that are passing similar laws to the EU to allow those countries to do business with the EU.  Those laws will impact US businesses if they have customers in those countries.  While they could create one policy for the US and another for the rest of the world, that would be complicated.

Historically DC has tried to pass a national privacy law, but those past attempts have been much weaker than existing state laws, which has made it difficult to get enough votes to pass it.  A tough law will be heavily lobbied against.  This is why, unlike most other countries in the world, we have no national privacy law.  Source: NY Times .

Senator Wyden Confirms Stingrays Interfere with 911 Calls

Harris Communications, maker of the Stingray has confirmed that the feature which is designed to stop the Stingray from interfering with 911 calls was never tested and never confirmed to work.

Comforting.

As if that wasn’t a big enough problem, hobbyists can build a DIY Stingray for less than $1,000 in parts.

And, foreign spies are already using them in Washington, DC.

WHAT.  COULD,  GO,  WRONG??   Source: Tech Crunch

Apple Forces Facebook VPN App Out of App Store

Facebook recently bought a company named Onavo that makes a VPN app.  The claim is that it makes your browsing experience a more secure browsing experience.

Only problem is that they had an ulterior motive.  They – Facebook – was collecting data on every web page the user visited, every app that you used, every bit of data that you transferred.  While the bad guys couldn’t eavesdrop, Facebook could.  And did.

Well apparently Apple had enough of the duplicity and told Facebook to either voluntarily withdraw the app or they would do it for Facebook.  The app is now gone for iPhone users.  It is still available to Android users.  Source: The Hacker News.

The UN-VPN

Why do people usually use a VPN connection over the Internet?  Usually it is for added security and privacy.  What if a VPN offered security, but even less privacy than without it – would you use it?

Well some people are and probably do not even know it.

In 2013 Facebook bought an Israeli company, Onavo.  Onavo bills itself as a data analytics company – which makes perfect sense why Facebook would purchase it.

But where do they get the data that they want to analyze?

Well that’s easy.  They also make a VPN software product – a virtual private network – that creates a secure tunnel for you to send your Internet traffic over.

However, unlike reputable VPNs which work very hard to collect as little data about you as possible, hence aiding your privacy, Onavo collects as much data as possible about it – to aid Facebook’s mission of shoving more ads down your digital throat.

According to a Wikipedia article (here), Facebook is also using Onavo to internally monitor competitors, influence acquisitions and make other business decisions.

If you have the Facebook iPhone app installed and you click on the menu item for Protect, it will direct you to download Onavo.

It also has an Android app available in the Google Play store.

Facebook says that by collecting as much data as possible about your use of the Internet they can protect you better.  Hmmm, interesting thought.  Other companies seem to do that without having to track what sites you visit.

Many anti-virus products have a browser plugin that looks at the site you want to visit and see if it is malicious.  They don’t need to store the history of what sites you have visited nor do they need to associate those sites with your advertising ID in order to tell if the site is malicious.

Unlike most VPN products that only run when you ask them to run, Onavo tries to stay in your browsing stream all the time.  After all, it cannot collect data on your browsing habits if it is not running.

Onavo says that it may retain your data for as long as you have an account.  Or beyond.  I somehow don’t think that is required to protect you either.

So, if you are looking for more targeted Facebook ads (and ads on those other web sites that use the Facebook ad platform), this is the software for you.

If you are looking for privacy, I am thinking there are probably better alternatives.

Information for this post came from Wired.