The Facebook “Onavo Scandal” Redux – What You Need To Know


The Facebook "Onavo Scandal" Redux – What You Need To KnowPin

If you’re not already concerned about data privacy, you will be after reading this: Meta – as shown by unsealed court documents – has no respect for privacy or, apparently, ethical practices


And if you haven’t already got the memo: Big Tech isn’t your good buddy. It wants and craves your data, and it’ll go to extraordinary lengths to acquire it. That’s why it is now more important than ever to bolster your online data and privacy

With this in mind, I figured it was a good idea to do something of a redux on the Facebook x Onavo scandal from a few years ago. Most people I speak to have no idea about this case, its outcome, and what Meta, then called Facebook, actually did.

If you are one of those people, you’re in for a wild ride because this story has it all: spying, Man-in-the-Middle Attacks, lies, and a regulatory system that doesn’t seem to care what Big Tech gets up to.

How Meta Used Onavo VPN App as Spyware

The Facebook "Onavo Scandal" Redux – What You Need To KnowPin

Unsealed documents from a class action lawsuit against Facebook (now Meta) revealed the company had been intercepting and decrypting users’ encrypted web traffic to competitors’ sites like Snapchat, YouTube and Amazon.

The spying was enabled through a VPN app called Onavo that Facebook acquired in 2013.

While Onavo was originally marketed as a data compression and security tool, the lawsuit documents show Facebook transformed it into spyware after the acquisition.

In 2018, Facebook began promoting Onavo to iOS users under the banner “Protect” directly within the Facebook app. Users who clicked through were promised encryption and data compression, but in reality the app allowed Facebook to spy on traffic from any app on the user’s phone.

Back then, mobile data wasn’t as cheap as it was now. Users were always on the look out for ways to reduce the cost of their data. Facebook knew this and used Onavo to not only reduce their monthly data usage but also “protect” their privacy online.

The app was closed down in 2019, following a TechCrunch investigation.

Without Onavo, Facebook loses a powerful method of market research, and its future initiatives here will come at a higher price. Facebook has run tons of focus groups, surveys and other user feedback programs over the past decade to learn where it could improve or what innovations it could co-opt. And with more apps recently turning on encryption, Onavo likely started learning less about their usage. But given how cloning plus acquisitions like WhatsApp and Instagram have been vital to Facebook’s success, it’s likely worth paying out more gift cards and more tightly monitoring its research practices. Otherwise Facebook could miss the next big thing that might disrupt it.

TechCrunch

Man-in-the-Middle Attack Decrypts Private Traffic

Facebook used this capability, internally dubbed “Project Ghostbuster”, to analyze how over 33 million Onavo users interacted with competitors’ apps.

The spying involved performing a “man-in-the-middle” attack, a technique where an attacker secretly relays and potentially alters communication between two parties who believe they are directly communicating with each other.

In this case, Facebook installed root certificates on users’ devices to impersonate the encryption of sites like Snapchat and YouTube. This allowed them to decrypt the traffic, analyze it, and re-encrypt it before passing it on to the intended destination servers.

This practice is likely in violation of wiretapping laws and “potentially criminal.” Facebook’s secret program likely violated the Wiretap Act, because it prohibits intentionally intercepting electronic communications with no applicable exception and the use of such intercepted communications.

MalwareBytes

Facebook was able to view data the users believed was private and securely encrypted. Internal emails show Facebook was aware of the unethical nature of this activity.

How Facebook Used the Stolen Data

How Facebook “Suggested Friends” worksPin

Competition in business is always stiff, brands and companies spend billions attempting to out-do one another. But corporate espionage – or, just plain old spying – isn’t something you tend to hear about all too often.

Beyond illegally tracking and surveilling millions of people, Meta had another goal: it wanted to use the data to analyse areas where it was losing out to its competitors like Snapchat (hence the name of the project internally, Project Ghostbuster).

The intercepted data was used for purposes like cloning Snapchat’s popular Stories feature in Instagram.

Facebook also spied on the anonymous teen app tbh to gain insider knowledge prior to acquiring it in 2018 before it could become a competitive threat. The company even discussed having third-party research firms redistribute Onavo to conceal Facebook’s involvement.

The Outcome?

facebook onavo vpn (1)Pin

While Facebook paid a relatively small fine ($20 million) to settle the lawsuit, critics argue the lack of criminal charges fails to hold the company accountable or deter future abuses.

Facebook’s willingness to resort to illegal surveillance, the fact that it was premeditated and even had a codename, isn’t just scary, it is something everybody should have firmly in the front of their minds when using Meta-owned products.

Here’s what one ex-employee said about Facebook’s approach to its users’ data in the wake of the Cambridge Analytica scandal:

Parakilas said he “always assumed there was something of a black market” for Facebook data that had been passed to external developers. However, he said that when he told other executives the company should proactively “audit developers directly and see what’s going on with the data” he was discouraged from the approach.

He said one Facebook executive advised him against looking too deeply at how the data was being used, warning him: “Do you really want to see what you’ll find?” Parakilas said he interpreted the comment to mean that “Facebook was in a stronger legal position if it didn’t know about the abuse that was happening”.

The Guardian

What can users do to protect themselves from things like this? It’s becoming increasingly harder to secure your data online. A good start would be to simply not use Meta products. Delete them from your phones and your accounts.

Big Tech is everywhere. It is ingrained into our lives, follows us wherever we go. You can swap out Gmail for a more privacy-focussed email like Proton Mail, switch your browser from Chrome to Brave and use DuckDuckGo. But if you’re still using Meta products, your data is always going to be Meta’s – not yours. That’s part of the deal you sign up for when you use its “free” products.

Latest Smartphone Releases


  • Xiaomi 15S Pro

    The Xiaomi 15S Pro didn’t come with a flashy launch, but it brings some seriously heavy hardware to the table. A custom 10-core chip, Leica-engineered cameras, and one of the brightest displays on the market

  • Samsung Galaxy S25 Edge

    At just 5.8mm thick, it’s one of the thinnest Android phones ever made—but don’t let the slim profile fool you. This phone is all flagship under the hood.

  • Nothing Phone (3a) Pro

    It’s got the same slick design and OLED display, but adds a periscope zoom camera and a 50MP front-facing shooter.

  • Nothing Phone (3a)

    The Nothing Phone (3a) nails the formula: give people what they actually want, keep the price low, and make it look cooler than anything else in its class.

  • Motorola EDGE 60 Pro

    With a bold design, flagship-like display, and surprisingly refined camera system, it’s one of the most interesting mid-range phones of 2025.

  • Google Pixel 9

    I’ve been using the Pixel 9 for a few weeks now, and honestly? It nails all the basics—and a bit more. Killer stuff all round!

  • Google Pixel 9 Pro

    I’ve used the Pixel 9 Pro as my daily device, and it’s hands-down the best balance of power, practicality, and photography you’ll find on Android right now.

  • OnePlus 13

    I’ve been using the OnePlus 13 as my daily driver for a few months now—and I’ve got to say, it’s easily one of the best Android phones I’ve tested this year.

  • Xiaomi 15 Ultra

    After using the Xiaomi 15 Ultra for over a week, I can confidently say: this phone is an absolute beast. It’s made for camera nerds, power users, and creators.

  • iPhone 16 Pro Max

    If you’ve been holding out for a truly complete iPhone, the 16 Pro Max delivers—hard. After using it daily, I won't be going back…

  • Google Pixel 9 Pro XL

    Big screen, big battery, and even bigger brains—this is the Pixel to get if you want Google’s best hardware and longest support.

  • Google Pixel 9a

    The Pixel 9a brings Google’s flagship-level smarts to a budget-friendly package, and it’s easily one of the best-value Android phones of 2025.

Best SIM-Only Plans & Deals


  • Boost Mobile Unlimited Premium Plan

    Boost’s top-tier option brings the heat: 50GB of premium data, hotspot, North America roaming, global talk & text, and $430 off select devices. All-in at $60/month with no contract.

    +

    Data: Unlimited (50GB premium speed)

  • Boost Mobile Unlimited+ Plan

    Level up with 40GB of premium data, hotspot access, global calling, and up to $300 in device savings. All for just $50/month. No contracts and flexible phone options included.

    +

    Data: Unlimited; Speed Caps After 40GB

  • Boost Mobile Unlimited Plan

    Start strong with 30GB of premium data, unlimited everything, and a killer intro offer: just $15/month for the first 3 months, then $25/month forever. No contracts. No fluff. Big value.

    +

    Data: Unlimited (Speed Caps Over 30GB)

  • iD Mobile 1 Month SIM-Only: 108GB

    Another high-data, low-cost option with no contract. 108GB for just £9, full 5G access, and the same goodies you get with 12-month deals.

    +

    Data: 108GB

  • iD Mobile 1 Month SIM-Only: 20GB

    The lowest price option. 20GB for £6 with all the same perks as pricier plans. Great if you don’t use much data and want to save every penny.

    +

    Data: 20GB

  • iD Mobile 1 Month SIM-Only: 110GB

    This plan gives you big data and zero commitment. 110GB for just £10 with all perks intact. If you need more data but want the freedom to cancel, this is the one.

    +

    Data: 110GB

  • iD Mobile 1 Month SIM-Only: 60GB

    More data, same price. For just £8/month, you get 60GB on a no-strings 1-month rolling plan. Ideal for users who stream often but don’t want long commitments.

    +

    Data: 60GB

  • iD Mobile 1 Month SIM-Only: 40GB

    Perfect if you want full flexibility. You get 40GB and all of iD Mobile's perks with no lock-in, annual increases, or setup fees. Great for short-term users.

    +

    Data: 40GB

  • iD Mobile 12 Month SIM-Only: 60GB

    One of the best pound-per-GB plans around. You get 60GB for £8 with £25 cashback, which means you’re effectively paying closer to £6/month. Includes roaming and data rollover.

    +

    Data: 60GB

  • iD Mobile 12 Month SIM-Only: 108GB

    This deal gets you a healthy 108GB of 5G data for less than a tenner, with no upfront costs and £24 cashback. All the perks are included too: data rollover, roaming, and loyalty rewards.

    +

    Data: 108GB

  • iD Mobile 12 Month SIM-Only: Unlimited Data

    This iD Mobile plan doesn’t just compete on price, it’s up there with the best of them. Unlimited everything, a year-long lock-in with no price rises, and £42 cashback straight to your pocket. It’s like getting nearly 3 months free.

    +

    Data: Unlimited, No Speed Caps

  • Mint Mobile 20GB Plan

    If you're looking to save some cash on your bills, this plan is an awesome option. You'll get 20GB of data per month and 20GB hotspot data allowance. For moderate to heavy users, that should be more than enough. I seldom use more than 10GB of data a month, and I'm always using my phone

    +

    Data: 20GB