Many Internet users do not believe that they can earn up to $20 a month selling their personal data. The latest scandal around Facebook shows that this statement has its right to exist.
It turned out that Facebook has been running a secret Atlas project for more than two years, within which people get paid up to $20 a month for installing and using on their smartphones Facebook branded pseudo-VPN. This software has maximum admin rights and tracks all user actions.
TechCrunch reporters conducted an investigation and found out that this pseudo-VPN is based on the Onavo Protect application code, which Apple banned from distributing through the App Store as early as August 2018. After that, Facebook released a new Research v2.0 application, which essentially performs all the same functions.
The Facebook Research VPN application bypasses Apple’s ban on certain types of surveillance by posing as a beta version of the application and being distributed through such services as Betabound, Applause, and Utest.
Again, the application requests full admin rights, allowing it to intercept private messages in social media, chat rooms, and in instant messaging applications, including photos and videos sent to others, emails, web searches, web browsing, and location information.
It is not yet known which of the listed data is actually collected by the application but seems like all of that. Facebook has confirmed that it uses the application to “collect data on users’ habits.”
The project codenamed Project Atlas invites users aged 13 to 35 years to participate in it. To receive a reward, they must keep the VPN connection active all the time and allow sending data to Facebook servers.
The collected data can potentially help Facebook more accurately profile all users, linking online behavior to the usage of other applications and to the shopping preferences. Among other things, users are asked to take screenshots of their orders on Amazon. This information will also be used for future ad targeting.
Strafach company specialists performed the technical analysis of the application in question. They confirmed that the data from the program is sent to the vpn-sjc1.v.facebook-program.com address, which is associated with the IP address of the prohibited Onavo application The domain facebook-program.com actually belongs to Facebook.
The application can be updated without interaction with the App Store and is associated with the email address PeopleJourney@fb.com. It has a verified digital certificate, which Facebook extended on June 27, 2018, just a few weeks after Apple announced its new rules prohibiting the Onavo Protect application.
Again, without access to their servers, it is hard to say what data Facebook actually collects. You can only determine what information they are requesting on the basis of the application code. This code sometimes shows a very disturbing picture. Facebook may argue that they use only a very specific limited set of data. This may be true, but in reality, it all comes down to how much you trust their words. The most condescending description of this situation would be that Facebook did not think too much about the level of access they require for the program, which in itself is an astounding level of negligence if that is the case.
On the BetaBound page, it is indicated that users are encouraged to install the app and receive gift cards worth $20 per month for using the application. In addition, $20 is paid for each attracted friend via the reference program.
In an official statement, a Facebook representative confirmed that the company uses the program to find out how people use their phones and other services. They say that like many companies, Facebook invites people to participate in research that helps it determine what Facebook can do better. Since this study aims to help Facebook understand how people use their mobile devices, Facebook rep says they provide extensive information about the types of data they collect. They also add that Facebook does not share this information with third parties, and people can stop participating in the project at any time. In addition, Facebook said the application does not violate the rules of the Apple Enterprise Certificate for iOS.
Some people may argue that If Facebook does not hide from those people involved in the research that all their actions will be reordered and analyzed, then there is nothing to worry about. Surely Facebook may inform users but as it often happens this comes through brainwashing legal formulations, with the smallest font and on the fifteenth page of the EULA.
For now, if you want to make some money, you can trick Facebook by buying several used smartphones, install that VPN app and perform some actions several times a week and get your gift cards.
If you care about security and privacy, you will never install such apps, even if it is offered by Facebook. There are tons of carefully tested VPN software out there that users may trust.