Connect with us

Hi, what are you looking for?


Incident Response

Australia Watchdog Sues Facebook Over ‘Misleading’ VPN App

Australia’s consumer watchdog launched legal action against Facebook on Wednesday, alleging the social media giant “misled” thousands of Australians by collecting user data from a free VPN service advertised as private.

Australia’s consumer watchdog launched legal action against Facebook on Wednesday, alleging the social media giant “misled” thousands of Australians by collecting user data from a free VPN service advertised as private.

The platform could face a fine if found guilty of deceiving users, as Australia takes an increasingly assertive stance towards powerful US tech titans.

The Australian Competition and Consumer Commission (ACCC) has accused Facebook and two of its subsidiaries — Facebook Israel and Onavo Inc — of misleading people who downloaded its virtual private network (VPN) app Onavo Protect, by collecting and using their “very detailed and valuable personal activity data”.

Records of which apps they accessed and the amount of time they spent using them were among the data allegedly used to support Facebook’s market research.

The ACCC alleges Facebook and its two partners falsely represented the now-defunct VPN service as keeping user data “private, protected and secret” between February 2016 and October 2017.

“Consumers often use VPN services because they care about their online privacy, and that is what this Facebook product claimed to offer. In fact, Onavo Protect channelled significant volumes of their personal activity data straight back to Facebook,” ACCC Chair Rod Sims said.

“We believe that the conduct deprived Australian consumers of the opportunity to make an informed choice about the collection and use of their personal activity data by Facebook and Onavo.”

Advertisement. Scroll to continue reading.

A Facebook spokesperson said the firm had cooperated with the ACCC’s investigation and would review the court filing.

“When people downloaded Onavo Protect, we were always clear about the information we collect and how it is used,” they said.

“We will… continue to defend our position in response to this recent filing.”

The ACCC has previously helped draft a law that threatens Facebook and Google with millions of dollars in fines unless they agree to pay media outlets when their platforms host news content.

In March, the Office of the Australian Information Commissioner also began legal action against Facebook for allegedly exposing more than 300,000 Australians to a data breach by political consulting firm Cambridge Analytica.

Facebook has already paid penalties in the United States and Britain over the massive 2018 data hijacking scandal involving the now-defunct British company.

Related: Twitter, Facebook Fined for Not Moving User Data to Russia

Related: Facebook, Others, Block Govt Requests on Hong Kong User Data

Related: Facebook May Have to Stop Moving EU User Data to US

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.