Bitcoin 
Ethereum 
Tether 
BNB 
Solana 
USDC 
XRP 
Lido Staked Ether 
Dogecoin 
Toncoin 
Cardano 
TRON 
Avalanche 
Wrapped Bitcoin 
Shiba Inu 
Chainlink 
Polkadot 
Bitcoin Cash 
NEAR Protocol 
Uniswap 
LEO Token 
Litecoin 
Dai 
Pepe 
Wrapped eETH 
Polygon 
Internet Computer 
Kaspa 
Aptos 
Ethereum Classic 
Ethena USDe 
Artificial Superintelligence Alliance 
Stellar 
Monero 
Stacks 
Mantle 
Render 
Filecoin 
dogwifhat 
OKB 
Bittensor 
Injective 
Maker 
Hedera 
Cronos 
Cosmos Hub 
Arbitrum 
Immutable 
VeChain 
Arweave 
Bonk 
First Digital USD 
Sui 
Optimism 
The Graph 
Rocket Pool ETH 
FLOKI 
Renzo Restaked ETH 
Mantle Staked Ether 
Bitget Token 
THORChain 
Jupiter 
Theta Network 
Aave 
Notcoin 
WhiteBIT Coin 
JasmyCoin 
Ondo 
Pyth Network 
Lido DAO 
Brett 
Fantom 
Core 
Celestia 
Algorand 
Sei 
ether.fi Staked ETH 
Quant 
Flow 
Gate 
MANTRA 
Marinade Staked SOL 
Beam 
KuCoin 
MultiversX 
Axie Infinity 
Bitcoin SV 
Helium 
Popcat 
Ethereum Name Service 
GALA 
BitTorrent 
EOS 
Flare 
Tokenize Xchange 
NEO 
Kelp DAO Restaked ETH 
ORDI 
Akash Network 
dYdX 
Ethena 
Conflux 
Tezos 
The Sandbox 
eCash 
Fasttoken 
USDD 
cat in a dogs world 
Worldcoin 
Ronin 
Starknet 
SATS (Ordinals) 
NEXO 
Coinbase Wrapped Staked ETH 
Decentraland 
Frax 
Raydium 
Chiliz 
Frax Ether 
BOOK OF MEME 
Pendle 
PayPal USD 
Mina Protocol 
AIOZ Network 
Oasis Network 
ZKsync 
Tether Gold 
Mog Coin 
Synthetix Network 
Gnosis 
IOTA 
Nervos Network 
DeXe 
Swell Ethereum 
Klaytn 
ApeCoin 
Wormhole 
Astar 
LayerZero 
Livepeer 
Aerodrome Finance 
Staked Frax Ether 
Safe 
TrueUSD 
Axelar 
Zcash 
1inch 
XDC Network 
Kava 
Terra Luna Classic 
PancakeSwap 
Theta Fuel 
Bitcoin Gold 
Aevo 
PAX Gold 
Illuvium 
DOG•GO•TO•THE•MOON (Runes) 
Trust Wallet 
APENFT 
ConstitutionDAO 
IoTeX 
WEMIX 
Turbo 
USDB 
Jito 
H2O Dao 
MX 
WOO 
Gravity 
Galxe 
Stader ETHx 
Ether.fi 
SafePal 
Manta Network 
Compound 
Arkham 
GMT 
Memecoin 
cETH 
SingularityNET 
Venom 
SuperVerse 
Golem 
0x Protocol 
Kusama 
Rocket Pool 
Dymension 
Avail 
Blur 
Osmosis 
Aragon 
Beldex 
PONKE 
Zilliqa 
AltLayer 
Curve DAO 
Dash 
Echelon Prime 
CorgiAI 
Enjin Coin 
beincrypto.com 8 h
Facebook has come under scrutiny for its alleged involvement in VPN data theft.
Tech analyst HaxRob, through his in-depth analysis, brought the issue to light, while tech journalist Naomi Brockwell further commented on it, revealing a complex web of user data interception and manipulation.
Facebook’s Alledge Data Theft Via VPN
HaxRob’s investigation unveiled that Facebook, leveraging its acquisition of Onavo, engaged in practices that could potentially intercept and analyze user data transmitted across other applications. By integrating root certificates into users’ mobile devices, Facebook purportedly could monitor and intercept traffic from a myriad of apps.
The controversy centers around Onavo. Before its removal from app stores, it ostensibly offered VPN services under the guise of user safety. However, archived descriptions and app functionalities hint at a darker purpose.
“This code, which included a client-side “kit” that installed a “root” certificate on Snapchat users’ mobile devices, also included custom server-side code based on “squid” through which Facebook’s servers created fake digital certificates to impersonate trusted Snapchat, YouTube, and Amazon analytics servers to redirect and decrypt secure traffic from those apps for Facebook’s strategic analysis,” a court filing reads.
Such actions not only breach user trust but also skirt the boundaries of ethical use of technology, as HaxRob pointed out, “The app managed to establish connectivity back to Facebook’s servers, despite presenting itself as a tool for user safety.”
Naomi Brockwell’s comments further cement the severity of the situation. She described Facebook’s actions as a “man-in-the-middle attack,” accessing SSL traffic and sensitive user data without consent.
“Looks like Facebook did a man-in-the-middle attack using their VPN service to steal data from other apps. This enabled them to see all SSL traffic, by creating a fake digital certificate to impersonate Snapchat, YouTube, Amazon, etc,” Brockwell explained.
The technical dissection of the Onavo app’s operations reveals alarming permissions requests, including overlay capabilities over other apps, access to historical and deleted app usage, and the management of phone calls. Under the pretext of enhancing user safety, these permissions raise significant red flags about the extent of data Facebook could access and manipulate.
Critically, the practice of installing certificates for intercepting app traffic, though hindered by recent Android security improvements, showcases the lengths to which companies might go to gather user data. The exposure of such practices, including the potential collection of mobile subscriber IMSI numbers and the extensive telemetry data amassed from the app’s 10 million downloads, reflect the imperative for stringent regulatory oversight.
This incident is not isolated. It echoes previous fines, like the $20 million penalty imposed by Australia’s ACCC, highlighting the global concern over Facebook’s data handling practices.
