This month Facebook reports its testing of a new menu item “Protect” in its iOS app. The new feature redirects users to the App Store for a Facebook-owned VPN app called Onavo Protect. While Onavo claims to make the web safer, reports show the VPN app falls short of reasonably expected privacy protections for its users.

What is a VPN

A VPN, or virtual private network, helps users stay secure online by attempting to keep browsers from viewing malicious sites or bad actors. Many companies require employees to use a VPN while working remotely. Facebook acquired Onavo in 2013 and has pushed Android users to it through Protect since 2016. Facebook’s Protect has just recently gone live for iOS users this month.

Onavo Privacy Concerns

The controversy is when users download Onavo, they must give the app permission to share data about what they do with their phone on Facebook. Onavo is more pervasive than typical VPNs and attempts to stay on around the clock, rather than when users want more protection from remote places at specific times. This reportedly means that Facebook can track its user’s activity across platforms and use the data it collects to spot new trends.

In August, The Wall Street Journal reported that the company used data from Onavo to track the popularity of competitive startups and other user preferences. The privacy policy states, “We may use the information we receive to provide, analyze, improve, and develop new and innovative services for users, Affiliates and third parties.”

Although Facebook provides transparency in their policy, they position their app for protection and significantly less for its intrusive features.

“Unlike other providers, Onavo Protect tries to keep the VPN connected all the time, and channel all internet traffic,” said Ankur Banerjee, a technology architecture delivery team lead at the management consulting firm Accenture. “Even turning the VPN off is buried deep inside the settings of the app rather than making it front-and-center on the app home page.” The more the VPN is on, the more user data it can view and analyze.

Facebook maintains that the Onavo “acts as a secure connection to protect people from potentially harmful sites,” product manager Erez Naveh said. “The app may collect your mobile data traffic to help us recognize tactics that bad actors use. Over time, this helps the tool work better for you and others. We let people know about this activity and other ways that Onavo uses and analyses data before they download it.”

According to Wired, the company’s website does not currently have an active SSL certificate. This means there is no HTTPS encryption, or an adaptation of the Hypertext Transfer Protocol for secure communication over a computer network.

If Facebook continues to compromise its users’ privacy, it will simultaneously be compromising their trust in Facebook.

As your personal trusted advisor, LightEdge acts as an extension of your IT team, giving you access to leverage our depth of expertise in business technology solutions to meet your evolving IT needs. It’s our job to stay ahead of emerging technology trends to help keep our customers informed and protected. To learn more about LightEdge’s Technology Consulting Services, visit our website here. To stay on the forefront of our up-to-date IT trend alerts and predictions, follow our blog at