H
Harvest
AI Summarized Content

Facebook's Most Dangerous Product

This video tells the story of Onavo Protect, a "free VPN" promoted inside Facebook that was marketed as privacy protection—but allegedly became a powerful surveillance tool feeding data back to Facebook. Step by step, it explains how Facebook used Onavo's network visibility to spy on competitors, guide product decisions, and even run a secret program that collected data from teens. The conclusion is bleak: as tech gets more convenient, society can slowly normalize a "no-privacy" default—until opting out barely exists.

1. A friendly "Protect" button that hid something darker

The story opens in 2018 with a simple, almost comforting user experience: you're on Facebook, scrolling the menu, and you see a small "Protect" button. It sounds responsible—like Facebook is offering safety.

"Sounds like a good idea. You tap it. Millions of others do, too."

Facebook then prompts users to install Onavo Protect, described as a free VPN (Virtual Private Network). A VPN is supposed to create a secure "tunnel" for your internet traffic, making it harder for outsiders to spy on you—especially on public Wi‑Fi.

But the video immediately signals the twist: installing it is not what users think it is.

"Onavo Protect, a free VPN that protects your privacy, allegedly. If only you knew."

A rapid montage frames the stakes: claims that the app "spied on almost everything," got deep access on phones, and—despite the severity—led to "almost no legal consequences."

"Everything you did on your phone was open to Facebook."
"We're heading into a no privacy future."
"We're already there, aren't we?"

Then the narrator widens the lens: this isn't just a "weird VPN scandal," but a story about betrayal of trust, surveillance of minors, and corporate espionage in the fight for market dominance.

"This story is even bigger than Onavo. It's a story about betrayal of trust, surveillance of minors, and corporate espionage, all in the race for market dominance."

2. The "simpler internet" era—and why Facebook got desperate

The video nostalgically recalls the early-to-mid 2010s internet—Harlem Shake, Ice Bucket Challenge, viral selfies—when platforms felt more wholesome and many people still believed Facebook could be trusted.

"Compared to today, it all seems so wholesome."

But behind the scenes, Facebook had a strategic problem. By 2013, Facebook was massive: 1 billion users and a historic IPO raising $16 billion. Yet in the U.S., interest—especially among younger users—was slipping. Teens and young adults often jump first to whatever new app feels fresh.

That pressure helped form Facebook's infamous competitive posture, summarized later as:

copy, acquire, and kill.

3. Buying Instagram, chasing Snapchat, and the "war" for attention

Facebook's acquisition of Instagram in 2012 for $1 billion looked absurd to many at the time—"a cute photo app" with only 13 employees and no profit. But the video emphasizes the long game: Instagram later becomes a money-printing engine.

"The acquisition was ridiculed at the time… but the move will end up paying off massively."

Next target: Snapchat—a disappearing-photo app built around impermanence and casual, messy authenticity. Teenagers loved that.

"Snapchat's appeal is in its impermanence."
"They can be awkward, funny, and messy. Teenagers love it, and Zuckerberg wants in."

Zuckerberg tried to compete (Facebook's app "Poke" flopped), then tried to buy Snapchat—first for $1B, then reportedly $6B in 2013. Snapchat's founders declined, believing Instagram had been undervalued when it sold.

"Our view was that Instagram had been wildly undervalued…"

So Facebook needed another way to win—something less visible than a public acquisition.

4. Enter Onavo: the purchase that created a "secret window" into competitors

In 2013, Facebook acquired the Israeli startup Onavo (reportedly for around $100 million). Onavo was known for products that helped people stretch expensive mobile data plans:

  • Onavo Extend: compressed data (emails/photos/app data)
  • Onavo Count: showed users which apps used the most data
  • And later: Onavo Protect (a VPN)

Here's the key: those tools worked by routing traffic through Onavo's servers—meaning Onavo could see a huge amount about what apps people were using and how.

The video explains why this was strategically priceless. Facebook used to rely heavily on browser cookies to track behavior for ads. But smartphones changed everything: people moved from browsers to apps, and app behavior is harder to measure from the outside.

So Onavo offered what Facebook craved: cross‑app visibility—a kind of market-intelligence superpower.

"Facebook suddenly had a secret window into their competitors…"

One immediate insight: WhatsApp's dominance. Onavo data reportedly showed massive WhatsApp penetration (like 99% of Android users in Spain having it installed) and heavy messaging volumes in the U.S. That likely influenced Zuckerberg's decision to pay $19 billion for WhatsApp.

"WhatsApp was powerful competition, yet it also promised incredible growth."

5. Encryption got in the way—so Facebook looked for a workaround

Facebook also wanted deep insights into Snapchat: what features people used, how fast it was growing, and what to copy. But a major obstacle appeared: encryption.

After Edward Snowden's 2013 revelations about NSA surveillance, the internet shifted toward stronger default security. Sites and apps increasingly used HTTPS, which encrypts traffic between you and the service.

The video takes time to explain HTTPS in a beginner-friendly way:

  • Websites prove they're real using a security certificate (a digital ID)
  • Browsers trust certain "digital judges" called Certificate Authorities (CAs)
  • Your phone contains a built-in list of trusted "root certificates" in a protected area (a trust store)
  • If a certificate is trusted, your device can create encrypted connections

It also introduces a crucial concept: certificate pinning. That's when an app refuses to trust new/unknown certificates—even if the phone trusts them—so interception becomes harder.

"Some apps trust only specific pre-approved certificates. This is called certificate pinning."

Snapchat used HTTPS, but reportedly did not use certificate pinning for its analytics domain (the part that collects usage stats). The video frames this as the opening Facebook needed.

6. "Project Ghostbusters": turning a privacy tool into a man-in-the-middle

In June 2016, Zuckerberg allegedly emailed execs demanding a solution to get analytics on Snapchat despite encryption.

"Because their traffic is encrypted, we have no analytics about them… it seems important to figure out a new way…"

This kicks off Project Ghostbusters.

To explain the technical method, the video uses a simple metaphor: you're in a library on free Wi‑Fi, and a hoodie-wearing attacker ("Elliot") spies on traffic—a classic man‑in‑the‑middle attack (someone placing themselves between you and the site you're connecting to).

VPNs are supposed to stop that by encrypting your traffic into a tunnel. But here comes the core irony: Onavo Protect allegedly became the attacker.

According to an analysis by an Australian hacker (the video notes it can't independently verify), Onavo Protect on Android reportedly:

  1. Nudged users with reassuring language

    "Your privacy is a top priority."

  2. Prompted them to install a trusted root certificate (massive red flag)
  3. Used its VPN position to force certain traffic (like Snapchat analytics) through Onavo servers
  4. Used a proxy service (described as "Squid") to present a certificate the phone would trust—because Facebook had just convinced the user to trust Facebook's certificate
  5. Decrypted Snapchat analytics traffic, collected it, then re-encrypted and forwarded it so the app "thought" everything was normal

The narrator highlights the bitter punchline: a VPN sold as protection from man-in-the-middle attacks was itself functioning as one.

"A VPN marketed by Facebook to protect you… was itself an enormous man-in-the-middle."
"This is a man-in-the-middle approach."

7. The "gold mine": using intercepted data to copy features and win battles

With this intercepted data, Facebook allegedly gained a "gold mine" of competitive intelligence:

  • After Facebook launched Instagram Stories, Snapchat's growth slowed and its stock fell
  • Onavo data also reportedly helped Facebook see trends like rising live video usage (apps like Meerkat and Periscope), guiding Facebook's own live video push

"For Facebook, the intercepted data is a gold mine."

As mobile operating systems improved security, these certificate-based tricks became harder. The video claims court filings suggested Facebook even considered exploiting Android features intended for accessibility (tools meant to help users with disabilities) to maintain data access.

8. Internal concern, external ignorance: "people just don't know how this works"

The video stresses that consent is complicated here. Onavo's app store page did disclose tracking, but framed it as improving the user experience—language most people would not interpret as "deep device surveillance."

"It's doubtful users really understood the level of access the company had."

It also says not everyone at Facebook was comfortable. Internal emails from infrastructure and security leaders expressed alarm:

"I can't think of a good argument for why this is okay."
"No security person is ever comfortable with this."
"No matter what consent we get… the general public just doesn't know how this stuff works."

Meanwhile, Facebook reportedly developed an internal "early warning system" to detect emerging competitive threats.

And culturally, the video claims an informal slogan emerged:

"Don't be too proud to copy."

Zuckerberg, publicly, defended copying as normal industry behavior—building on others' innovations.

9. The app gets challenged—and Apple forces it off iOS

In early 2018, security researcher Will Strafach examined Onavo on iOS and warned it was more intrusive than earlier reporting suggested.

"He discovered it was even more intrusive…"

At first, nothing changed. But a few months later, Apple introduced stricter policies: apps could not collect data about other apps on a device unless it was strictly necessary. Apple told Facebook Onavo Protect violated policy, and Facebook removed it from the iOS App Store.

The video includes Zuckerberg framing Big Tech platforms as "gatekeepers" that can block competitors from app stores—positioning Apple as a powerful controller.

"Gatekeepers with the power to decide if we can even release our apps…"

But then the narrator drops the bigger reveal: Onavo was only the tip of the iceberg.

10. Project Atlas: paying teens to install a "research" VPN 😬

Back in 2016—alongside Onavo—Facebook allegedly launched a shadow program aimed at learning how teens use their phones, since they're often the earliest adopters of "the next big threat."

This became known as Project Atlas.

Facebook offered teens and young adults up to $20 per month to install a VPN called Facebook Research. The code was reportedly very similar to Onavo Protect.

Once installed, the app allegedly granted Facebook broad access:

  • internet history
  • encrypted information
  • private messages—including messages involving people who never consented
  • potentially much more

"Once installed, the app grants access to a user's internet history… including encrypted information and private messages with other users who have never given their consent."

The video notes Facebook disputed the "secret" framing, saying it was literally called the "Facebook Research App." But it also states Facebook didn't promote it publicly; intermediaries recruited users and sometimes didn't disclose Facebook's role until late in the process.

Even more striking: the app wasn't distributed via the normal App Store. Facebook allegedly used Apple's Enterprise Developer Program—intended for internal employee apps—to distribute it to regular users, bypassing typical consumer safeguards. Users had to install an enterprise profile, got warnings about data access, and were told to ignore them.

"When Apple's system displays a warning that the software could access their private data, Facebook tells them to ignore it."

TechCrunch also reported users faced legal threats if they disclosed details, reinforcing the sense of secrecy.

11. Exposure, backlash, and the rare legal consequence

In January 2019, TechCrunch exposed Facebook Research, working with Will Strafach to analyze its access level—reportedly including private videos, private messages, and real-time location.

The data reportedly went to a server using the same IP as Onavo Protect.

"It became clear that this access even included private videos and messages as well as real-time location data."

Within hours, Facebook told TechCrunch it would shut down the iOS version.

News coverage framed it bluntly:

"People between the ages of 13 and 35 were paid up to $20 a month… to spy on their phones."
"Photos, videos, location, web browsing history."
"The teens signing up to this don't know what they're getting into."

A month later, Facebook pulled Onavo Protect from Google Play, and U.S. senators demanded answers—questioning whether consent can be meaningful when users are as young as 13.

Then comes one of the only concrete penalties mentioned: in 2023, Australia's federal court ruled Facebook Israel and Onavo engaged in conduct "liable to mislead consumers." They marketed Onavo as a privacy tool while using it to harvest data for Facebook's business. The fine: $13 million.

"Marketed Onavo as a privacy tool while secretly using it to harvest data…"

But the narrator points out how tiny this is relative to Meta's scale (profits over $50B/year):

"For Meta… this is pocket change."

12. The bigger takeaway: convenience trains us to accept surveillance

The video ends by zooming out to a cultural pattern: as technology becomes more sophisticated, privacy often gets traded away for convenience. People accept facial recognition at airports for shorter lines; over time, these "trade-offs" become defaults—and eventually opting out becomes difficult or impossible.

"The more we accept these trade-offs, the more they become standard until opting out is no longer an option."

Social media accelerates this normalization. The video claims heavy Facebook users show increasingly relaxed attitudes toward privacy, becoming accustomed to tracking and surveillance.

And it ends with a cutting reframe of Zuckerberg's legacy. Facebook says its mission is to "connect the world," but the narrator suggests a more accurate slogan would be:

"Move fast, break privacy."

Conclusion

Chronologically, the video argues that Facebook bought Onavo not just to help users save data, but to gain market intelligence—and that Onavo Protect allegedly crossed a line by functioning like a man-in-the-middle surveillance system. When scrutiny increased, Facebook allegedly pivoted to even more aggressive data collection through Project Atlas, including teens, until public exposure forced shutdowns. The final message is a warning: privacy erosion doesn't always happen with a bang—it often happens through small "reasonable" steps that quietly become normal.

Summary completed: 5/2/2026, 9:00:39 AM
Source:View original

Need a summary like this?

Get instant summaries with Harvest

5-second summaries
AI-powered analysis
📱
All devices
Web, iOS, Chrome
🔍
Smart search
Rediscover anytime
Start Summarizing
Try Harvest