At the beginning of the week, we realized that the Russian Federation intends to pay Russian consumers for the sale of their personal data about 5,000 rubles ($ 75) per month, or about 60,000 rubles ($ 910) per year. Russians are too skeptical about the idea that they will have the opportunity to win in this way, but another scandal with Facebook shows that this is quite possible. It turned out that a secret project was developed on the social network for two years. atlaswithin which pays $ 20 per month for installing his pseudo-VPN client on consumer smartphonesThe VPN client in question receives a root certificate on the phone and tracks all user activity.
TechCrunch specialists investigated and found that the pseudo-VPN client in question was based on the source code of the Onavo Protect application, which Apple had prohibited to distribute through the App Store in August 2018. Soon after, Facebook introduced a new Research application, which practically performs the same function.
application Facebook Research VPN Apple does not comply with a ban on performing a certain type of tracking, is presented as a beta version and is distributed through the applause, Betabound and Utest channels. The application comes with a root certificate (root certificate), which allows you to capture private messages on social networks, chat, photos and video, email, search the Internet, browse the web, browse the Internet and information about the current location of the user.
It is not yet known which of these data the application sends and writes to remote servers. Interestingly, Facebook has confirmed the use of this application for “collecting user habits”. A number of TechCrunch publications have ignored a number of key factors. In the project itself there is nothing secret – the application is called Facebook Research. This is not espionage, because all the project participants have gone through a special procedure to find out what data will work and what they will be paid for. Minor users in the project are less than 5%, and all participate with the written consent of their parents
TechCrunch ordered a technical analysis of the pseudo-VPN application to be made by Strafach. Its experts confirmed that the program sent data to vpn-sjc1.v.facebook-program.com, directly related to the IP-address of the prohibited Onavo application, and the domain facebook-program.com is indeed on Facebook.
The collected data can help Facebook more accurately profile all users by associating their behavior on the Internet with other online shopping applications. Facebook even orders users to take screenshots of their purchases on Amazon. This information is used for more accurate advertising targeting.
In a project with a code name Atlas project The social network invites people aged 13 to 35 years. To receive a reward, these users must leave the VPN connection active and, thus, transfer their data to Facebook.
The application can be updated without interaction with the App Store and is associated with the email address PeopleJourney@fb.com. The digital certificate was also verified: Facebook extended its term on June 27, 2018 – a few weeks after Apple announced new rules prohibiting the use of Onavo Protect apps.
"It's hard to say what kind of data Facebook is collecting. But based on the source code, we can determine what information the access to the social network gets."Strafach specialists said."All this paints a very disturbing picture. They may claim to write only a certain type of data, and this may be true. But in real life, it all comes down to how well you can trust Facebook. The most relaxed description of this situation is that Facebook does not think about the new access that it wants for its application … This is in itself an amazing level of negligence".
The official BetaBound page officially announces that users are making the smartphone application work. gift cards with the amount of $ 20 per month, Besides, Facebook pays another $ 20 for each additional participant involved in the project.It is noteworthy that the project involves underage users.
In this case, the official representative of Facebook officially confirmed that the company uses this program to understand how people use their smartphones and various online services. "Like many other companies, we invite people to take part in various studies that help us understand how we can make things better. And since this research is used to help Facebook understand more precisely how people use their mobile devices, we have provided detailed and comprehensive information about the type of data we collect. We do not provide this information to third parties, and people can terminate their participation in the project at any time.".
Facebook added that the application violated the Apple Enterprise Certificate for iOS policy.
Shortly after TechCrunch released this information, Facebook announced that the Facebook Research app is no longer available to users of the iOS mobile operating system. The Verge has announced that the program has continued and will continue to be available to Android users.
Facebook, in turn, criticized TechCrunch material. "TechCrunch has a number of key factors. In the project itself there is nothing secret – the application is called Facebook Research. This is not espionage, because all the project participants have gone through a special procedure to find out what data will work and what they will be paid for. Minor users in the project are less than 5%, and all participate with the written consent of their parents".