Apart from tunnelling all traffic, Has anyone checked to see how malicious the Onavo installer is? The pessimist in me expects SSL root certs and even keylogg-e-r-s - apologies, dictionary personalisation profiles.
That (distrust in general) but also the fact it seems to be sold as a "Protection" service - which, if you look at a decent number of "secure browsers" tends to involve protecting you from encrypted sites.
How can any self-respecting programmer at FB work on a project like this? At least most of the IE6 toolbar spyware had some useful purpose for the end-user... smileys, pagerank, search bar etc...
This on the other hand is straight up deception in my mind. Hot air. Prove me wrong? What benefit does anyone get from installing this?
Google does it too. It kicks in when you are on public wifi if you opt in. It's a vpn app at the end of the day that's optional. I don't see much reason for all the outcry. Assuming a majority of the web moves to https soon (going by the chrome roadmap), you are only giving second order data like dns to the vpn or isp. And I don't see much reason to trust isps more than Google/FB.
How would regulation and self-policing make things worse? And really zero reason? That sounds like an ideological rather than a rational position to me.
So what is the rational reason you're talking about? Respectfully, I don't think you know what you're talking about at all. Do you have any kind of experience or knowledge about macroeconomics or economics at all?
Let's see what would happen:
- the government will soon require degree to be accepted, ruining the nonexistent entry barrier we have right now. Why? The government has incentives not to allow as much people as possible, but the opposite: to have as little work as possible because there would be no free market competition.
- how does this regulation work? Every software developer has to be allowed to write SW? Every software that is used has to be written by people who have passed the test? Will you forbid importing software?
Because if no, then this will just extremely increase prices and everything will be outsourced to foreign countries.
- what about foreign software such as Linux? What about software where some contributors are anonymous?
- do you really think that people who focus so much on their freedom and privacy will accept this or will they rather find a workaround?
All in all, this would ruin the IT market in the US. Please do it! I would love to sell my services to the US for at least triple the price.
Did you even think about this? Please stop going around and suggesting such destructive social experiments without even giving any real arguments.
> How would regulation and self-policing make things worse?
Imposing whimsical and arbitrary barriers to entry that have zero to do with technical hability solves nothing, and its absolutely ridiculous how you present that as solution to the problem of someone having developed highly technical software that you happen to not like.
Make it worse how exactly..? Big public companies will be chastised if they don't hire certified practicioners. With the huge amount of sensitive data we process as developers, it's only logical that we are going to need licensing in developed countries sooner than later.
Imagine if anyone would be able to practise as a lawyer, financial advisor or even a doctor without accreditation. It'd be a huge controversy.
Ethics courses don't make anyone more or less ethical. If lectures were any effective in shaping anyone's moral compass, church services wouldn't happen so often.
What’s most alarming are the AppStore reviews [0] - a majority of the authors appear to have downloaded the app after clicking a banner ad which claimed their iPhone had viruses.
For example:
“I just downloaded it today because of four viruses so I hope it helps get rid of them” - burnt tacos
I pay my ISP a lot of money each month. They don’t need my data to be profitable. Facebook, on the other hand, has a business model completely dependent on selling advertising based on my data to 3rd parties.
off the top of my head, AT&T and Verizon have done various forms of customer tracking for advertisers. They both used supercookies at some point, which were injected into customer egress, and ATT used to inspect web traffic in order to target ads (opt-out with a monthly fee, of course).
Certainly, if ISPs can access your data, they would like to. Its basically free money. But its not a life-or-death situation for them, and thus my (somewhat uneducated) guess is that there is less management focus on things like deep packet inspection and consumer targeting. They can also jsut jack up prices or sell more subscriptions. At Facebook, on the other hand, selling ads is priority number 0. Its the only way to make money. So I'd worry more about Facebook seeing my traffic.
Creating an app and calling it "protection" when it is in fact spying on you to give FB a glimpse of how you use the internet, this is something you are defending?
And also, did you just call the gizmodo article "fake news"? It this [0] then also fake news to you? Seems to me you are getting your true news fix from a news feed somewhere.
Facebook bought Onavo. Facebook owns Onavo. They are not a random VPN app. They are a Facebook property.
They are touting the VPN as being protection, when in actuality they are using it to gather data on the users that use the VPN.
I do not understand your comments in light of these facts. If one trusts Facebook, then using Onavo isn't a concern for them, but they should be aware just because it's a VPN it doesn't imply any kind of privacy or protection, and should be aware that Facebook's marketing/use of Onavo is shady.
If one already does not trust Facebook, then it should be clear to stay away from Onavo, whether found randomly, through an app store, or advertised by Facebook.
You would think that, except Facebook is literally spying on you when you are trying to be anonymous. So its acting as maliciously as you can save actually loading malware. There are plenty of VPNs such as Private Internet Access (which I use) which are great alternatives. Its not hard to find them.
A VPN provides a secure tunnel, so it prevents your data from being sniffed on the insecure WiFi in your local coffee shop, and up every hop to the terminating server. So you can prevent an ISP and friendly neighborhood hacker from seeing your requests. However, the terminating server can see EVERYTHING.
42 comments
[ 3.3 ms ] story [ 91.9 ms ] threadThis on the other hand is straight up deception in my mind. Hot air. Prove me wrong? What benefit does anyone get from installing this?
You mean like the hundreds who work on Deep packet inspection technology?
Let's see what would happen:
- the government will soon require degree to be accepted, ruining the nonexistent entry barrier we have right now. Why? The government has incentives not to allow as much people as possible, but the opposite: to have as little work as possible because there would be no free market competition.
- how does this regulation work? Every software developer has to be allowed to write SW? Every software that is used has to be written by people who have passed the test? Will you forbid importing software? Because if no, then this will just extremely increase prices and everything will be outsourced to foreign countries.
- what about foreign software such as Linux? What about software where some contributors are anonymous?
- do you really think that people who focus so much on their freedom and privacy will accept this or will they rather find a workaround?
All in all, this would ruin the IT market in the US. Please do it! I would love to sell my services to the US for at least triple the price.
Did you even think about this? Please stop going around and suggesting such destructive social experiments without even giving any real arguments.
Imposing whimsical and arbitrary barriers to entry that have zero to do with technical hability solves nothing, and its absolutely ridiculous how you present that as solution to the problem of someone having developed highly technical software that you happen to not like.
Imagine if anyone would be able to practise as a lawyer, financial advisor or even a doctor without accreditation. It'd be a huge controversy.
For example: “I just downloaded it today because of four viruses so I hope it helps get rid of them” - burnt tacos
[0] https://itunes.apple.com/us/app/onavo-protect-vpn-security/i...
[0] https://goo.gl/kDPjxf
And if billions of people trust Facebook, that's just a sad commentary on the amound of critical thinking in the world.
And also, did you just call the gizmodo article "fake news"? It this [0] then also fake news to you? Seems to me you are getting your true news fix from a news feed somewhere.
[0] https://www.wsj.com/articles/facebooks-onavo-gives-social-me...
They are touting the VPN as being protection, when in actuality they are using it to gather data on the users that use the VPN.
I do not understand your comments in light of these facts. If one trusts Facebook, then using Onavo isn't a concern for them, but they should be aware just because it's a VPN it doesn't imply any kind of privacy or protection, and should be aware that Facebook's marketing/use of Onavo is shady.
If one already does not trust Facebook, then it should be clear to stay away from Onavo, whether found randomly, through an app store, or advertised by Facebook.
I think you are confused. "Used" and "trusted" mean very different things, and you seem to be using the latter where only the former is justifiable.
So if you want a VPN, use https://github.com/trailofbits/algo or https://github.com/StreisandEffect/streisand.
Algo is my favorite, but both are pretty effective in my opinion.