Ancient Mysteries - Facebook's Most Dangerous App
Episode Date: June 14, 2026Billions of users. Endless data. Hidden consequences.This video explores one of the most controversial applications ever connected to Facebook, examining how it grew, why it became so influential, and... the dangers critics say it created for privacy, society, and human behavior.The most powerful technologies often come with unexpected costs.📱 How much of your life exists online?
Transcript
Discussion (0)
In Toronto, every arrival is a statement, and nothing says it better than this.
Cadillac Optic was the number one selling luxury EV in Canada for 2025.
Find your rhythm across a seamless 33-inch display and an immersive 19-speaker AKG surround audio system.
This city demands agility, and Optic delivers with precision to make every drive extraordinary.
Let's take the Cadillac. Find out more at Cadillac Canada.ca.
Luxury sales claim based on S&P Global Mobility Canadian New Vehicle Total Registrations for calendar year 2025 for the Cadillac definition of luxury.
Are you one of those media strategy people clicking through slides, scrolling spreadsheets?
Yes?
Good.
This is for you.
Because on Spotify, there's an audience that's different.
Locked in.
Loyal, invested.
They're called fans.
Fans don't just listen to music.
They feel seen by it like it belongs to them.
So when your brand shows up on Spotify, that's who you're talking to.
And you're right next to artists like me, Lizzo.
So, are you ready to talk to fans?
Spotify advertising.
You're among fans.
Hey there, tech detectives.
Picture this.
It's 2018, and millions of people are tapping a button
inside their Facebook app labeled Protect.
Sounds nice, right?
Cozy.
Like a digital seatbelt.
They're installing a free VPN called Anavo Protect.
Fully convinced they're shielding their privacy.
Tiny problem.
The bad guy was the one handing them the seatbelt.
O'Avo wasn't protecting anything.
It was quietly turning into one of the biggest corporate spying operations
the Internet has ever seen.
This isn't just a story about surveillance.
It's about betrayal, about a company stalking teenagers for $20 a month, and a CEO so obsessed with crushing a competitor that he greenlit a digital heist on a global scale.
And yeah, VPN companies sometimes sponsor videos on this channel.
Trust me, none of them had anything to do with this mess.
Smash that like button if you're ready to see how a free app became the most expensive lesson in trust of the decade,
and drop a comment telling me what city you're watching from.
Let's get into it.
To understand how we got to a corporate spying scandal of this size, we need to rewind to 2013,
back when Facebook still wore the crown of the internet like it was glued on.
On paper, Mark Zuckerberg was sitting on top of the world.
The company had crossed one billion active users, a number so big it basically made every other social network look like a neighborhood book club.
Facebook had pulled off the largest tech EPO in history, raking in around $16 billion in a single trading day.
The hoodie kid from Harvard was now richer than entire small countries, and his stock ticker looked like a NASA launch trajectory.
Honestly, if you watched it from the outside, you'd assume Zuck spent his mornings doing victory laps around Menlo Park on a hoverboard made of gold.
But here's the thing about empires that look invincible. They almost always are panicking behind closed doors, and Facebook in 2013 wasn't just nervous.
Facebook was sweating through its hoodie, because while the press talked about world domination, internal data told a much of
uglier story. Teenagers in the United States, the demographic that built Facebook in the
first place, were starting to act like the platform was a family reunion they got tricked into
attending. They were logging in less. They were posting less. They were treating Facebook the way
most of us treat a fruitcake at Christmas, politely acknowledging it exists, then walking the other
way. Worse, their parents were arriving in waves. Aunt Linda from Ohio was now liking
baby photos and reposting motivational quotes about Mondays, and nothing kills cool faster than your
mom commenting under your selfie with three different emoji she clearly doesn't understand.
And while the teen drain was bad, the smartphone problem was an existential crisis.
Facebook's entire advertising machine, the actual engine that printed money, was built for the world
of desktop computers.
That world ran on cookies, tiny tracking files that browsers happily handed over to anyone who
asked, telling advertisers exactly where you'd been, what you'd searched, and which embarrassing
pair of shoes you'd looked at three times before chickening out. On a laptop, this worked beautifully.
Unfortunately for Zuckerberg, by 2013 people weren't sitting at laptops anymore. They were lying on
couches, scrolling on iPhones, ignoring their families at dinner, and doing it all inside apps.
And apps don't play nice with cookies. Apps are basically sealed boxes. What happens inside Instagram
stays inside Instagram, what happens inside YouTube, stays inside YouTube, and nobody outside gets
to peak. For an advertising business that survived by peaking, this was the digital equivalent of going
blind in one eye and being told the other one is next. Inside the company, the panic translated into
late-night meetings, where executives kept asking the same uncomfortable question, how do we sell ads to people
we can no longer follow around the internet? The answer they kept landing on was equally uncomfortable.
They needed to find a way to look inside the sealed boxes.
They needed to know which apps people opened, how long they stayed, what made them swipe,
and which competitors were quietly stealing attention.
Without that, Facebook would still be huge, but it would also be a dinosaur, massive, terrifying.
And about three news cycles away from a meteor.
Zuckerberg understood this better than anyone.
He had built his career on being early to things.
He wasn't about to be late to the one shift that mattered much.
most. So a quiet doctrine started forming inside the walls of Facebook, one that was never written
down on a poster in the cafeteria, but absolutely lived in every product meeting. Three words,
three options, three ways to deal with a competitor. Copy them, buy them, bury them. The first
big trophy on the wall was Instagram. Back in 2012, Zuckerberg shocked Silicon Valley by buying
a 13 employee photo app for $1 billion in cash and stock. Wall Street Bank,
practically fell out of their ergonomic chairs laughing. A billion dollars for an app that put a vintage
filter on your brunch? They wrote opinion pieces about it. They went on television and called it
the most embarrassing purchase in tech history. Naturally, six years later, that same app would be
valued at over $100 billion, which is roughly a hundred times more than what Facebook paid for it,
and not a single one of those bankers wrote a follow-up apology. Funny how that works.
WhatsApp came next, in 2014, for the absurd.
absurd sticker price of $19 billion. To put that number in perspective, that's more than NASA's
entire annual budget at the time, paid out for a green icon that helped your grandma forward
inspirational chain messages about angels watching over her. But Zuckerberg didn't see a chat app.
He saw a global phone book with a billion potential users, particularly in countries where
Facebook Messenger was getting absolutely flattened. WhatsApp was a competitor that could have
grown into a real threat. Now it was an asset, neatly to
tucked into the same corporate family as Instagram, no longer a rival, no longer dangerous,
and conveniently no longer in a position to do anything Zuckerberg didn't approve of. By this point,
the playbook was looking foolproof, spot the threat early, write a check most humans couldn't
even comprehend, and absorb the company before it grew teeth. Two giant wins in two years,
with a CEO who had figured out that the cheapest way to dominate the future is to just buy it
before anyone else realizes what's for sale. The press started treating Zuckerberg. The press started treating Zuckerberg,
less like a tech founder, and more like a teenager with a credit card that has no spending limit.
Everything he wanted, he got. Then came the one acquisition target that refused to play along.
The one founder who looked at the biggest check ever offered for a consumer app and said,
with the casual confidence of a man who clearly had not read the room, no thank you.
And that single act of stubbornness is what eventually pushed Facebook from aggressive corporate
strategy, into territory most people would call straight-up criminal. The app was called
Snapchat, and it was the brainchild of two Stanford guys named Evan Spiegel and Bobby Murphy.
On paper, what they built sounded like a glitch, a photo app where the photos disappeared after a few
seconds, no archive, no permanent feed. If you tried to screenshot something, the app told the sender.
The entire product was the opposite of every social media rule Facebook had spent a decade building.
Facebook wanted you to post forever and let the algorithm remember everything.
Snapchat told users it was fine to be weird, to post badly, to be ugly on camera at 2 in the morning,
because in 10 seconds it would all evaporate like it never happened.
Teenagers absolutely lost their minds for it.
After years of being told that everything they posted online would haunt them in future job interviews,
suddenly here was an app that promised the digital equivalent of a magic eraser.
The pressure to look perfect vanished.
The pressure to perform vanished.
You could be hideous, hilarious, sleep-deprived,
eating cereal out of the box at midnight,
and none of it would ever come back to bite you.
For a generation that had grown up watching their parents
fight on Facebook walls about politics,
Snapchat felt like freedom.
Zuckerberg's reaction to all of this
was somewhere between rage and total disbelief.
His response in late 2012 was to do the most Zuckerberg thing possible.
He tried to clone it.
The result was called Polk, an app rushed out in about 12 days by an internal Facebook team.
It was supposed to crush Snapchat by simply being a Facebook product.
It did the opposite.
Polk flopped so hard that it actually helped Snapchat.
Downloads of Snapchat went up the same week Polk launched,
because millions of curious users tried the Facebook version,
decided it was worse, and then went to download the original.
It was a marketing campaign Snapchat didn't even pay for.
Visit BetMGM Casino and check out the newest exclusives.
The price is right fortune pick.
BetMDM and GameSense remind you to play responsibly.
19 plus to wager.
Ontario only.
Please play responsibly.
If you have questions or concerns about your gambling or someone close to you,
please contact connects Ontario at 1-866-531-2,600 to speak to an advisor.
Free of charge.
BetMGM operates pursuant to an operating agreement with Eye Gaming, Ontario.
This spring, denim gets a softer, lighter update.
Introducing Old Navy's drapey denim-wide.
leg, a new fit that moves with you. It's everything you want denim to feel like for summer.
Easy, breathable, and effortlessly cool. With a fit that creates natural movement and a wide
leg that feels modern, not overwhelming. Plus, that signature, wait, for this price, moment. Old
Navy's drapey denim wide leg. When cloning failed, Zuckerberg went straight to step two of the
playbook, buy them. In 2013, he reportedly offered three billion dollars.
in cash. For context, this was three times what he'd paid for Instagram, for an app with no
revenue, no clear business model, and a CEO who had barely finished college. Three billion dollars
handed to a guy whose biggest previous responsibility was probably remembering to refill his
Britta pitcher. Evan Spiegel said no. Not maybe later, not let me think about it, just no.
According to multiple later reports, the rejection was so casual it bordered on insulting. Some
say Zuckerberg later pushed even higher, into the $6 billion range, which is roughly six times
the Instagram price tag. Spiegel still said no. He would explain his reasoning years afterward,
telling people that he didn't want to repeat what he saw as the great mistake of Instagram,
which in his opinion had been wildly undervalued at the moment it sold. He believed Snapchat
could become something bigger on its own, and he wasn't interested in becoming a footnote
in someone else's empire. For Zuckerberg, this was unprecedented. Nobody had ever taken
his money and walked away. Every other founder, every other rival had eventually folded. The
checkbook had always worked. Now suddenly a 20-something in a hoodie of his own was looking at
$6 billion and treating it like a parking ticket. And Snapchat wasn't even slowing down. By 2014,
it was hosting hundreds of millions of daily photo and video views. Its users were exactly the
demographic Facebook was bleeding. Young, mobile, addicted and increasingly invisible to Facebook's
advertising machine. If steps one and two of the playbook had been used up, that left step three.
The quiet one. The one nobody talks about at investor conferences. The one where, since you can't
copy them and you can't buy them, you find another way to know everything they know. And to do that,
Facebook didn't need a better product team. Facebook needed a different kind of tool entirely,
something that could watch what Snapchat users were doing without anyone realizing they were being
watched. The search for that tool was already underway, and it would lead Zuckerberg's
straight to a small Israeli startup most people had never heard of, holding a piece of software
that would change the rules of corporate espionage for the entire decade. The tool Zuckerberg needed
was already sitting in plain sight, waiting in an unassuming office building in Tel Aviv.
The company was called Anavo, founded in 2010 by two Israeli entrepreneurs named Guy Rosen and Roy Tiger.
On the surface, Anavo was the kind of startup you'd put on a feel-good morning show.
Their main product, Onovo Extend, was a mobile app.
that compressed your data so your phone bill wouldn't melt your wallet every month.
In 2013, mobile data plans were still priced like rare collectibles, especially outside the
United States. A teenager in Brazil or Indonesia could blow through a monthly limit watching one funny
cat video, and suddenly their parents were screaming about a bill that cost more than the cat.
Unavo positioned itself as the hero of this exact problem. Install our friendly little app,
route your traffic through our servers, and will squeeze your data so tight your
you'll actually be able to afford to use your phone like a phone. To users, it was a no-brainer.
What users absolutely did not realize was the second half of the equation. To compress data,
Ono had to route every single piece of mobile traffic through its own servers first.
Every app you opened, every site you loaded, every minute you spent doom scrolling through
whatever was the doom scroll of choice in 2013, all of it passed through Anavo's pipes before
reaching its destination, which meant Enavo, sitting quietly in the middle, could see absolutely
everything. They knew which apps you used in the morning, which ones you opened on the toilet,
how long you stayed in each one, and how often you came back. It was the kind of behavioural data
that marketers would gladly trade a kidney for. And it was completely invisible to the user,
because nothing on the screen ever said, hey, by the way, we're watching your every move. In October
of 2013, Facebook reportedly paid somewhere around $100 million to buy Onavo. The public press release was a
masterpiece of corporate vagueness. It talked about helping connect more people around the world,
partnering on data efficiency, and bringing the next billion users online. It read like a UNICEF
pamphlet. Naturally, almost nobody mentioned that Facebook had just acquired one of the most powerful
behavioral surveillance pipelines on the consumer internet and was about to weaponize it. The
The ANVo team was quietly moved over and turned into Facebook's secret market research division,
a kind of internal intelligence agency that nobody outside the company really knew existed.
Almost immediately, the data started shaping real business decisions at the highest level.
Internal ANAvo reports gave Facebook a god-tier view of the global app market.
They could see, in real time, which messaging app was winning in which country,
which photo-sharing service was gaining users in which age bracket,
and which Facebook products were quietly losing the war.
According to later reporting, it was enavo data that showed WhatsApp absolutely dominating in Spain,
basically eating Facebook Messenger's lunch and starting to pull ahead in the United States too.
That was not the kind of detail you could pick up from public charts or press releases.
That was inside intelligence, the kind that turns a guess into a certainty.
And it played a major role in justifying the staggering $19 billion purchase of WhatsApp the very next year.
Without Anavo's snooping, Zuckerberg might have stared at that price tag and blinked.
With Ornavo's data in hand, he knew he was buying a category killer before anyone else realized it was about to swallow the planet.
For about two years, this arrangement was a corporate dream come true.
Unavo gave Facebook a near-magical ability to read the future of mobile apps.
The team in Menlo Park could spot rising threats before they trended,
pivot products before competitors even knew there was a fight,
and write checks at exactly the right moment.
It was the equivalent of playing chess against an opponent whose pieces were partially transparent.
Naturally, this advantage was not going to last forever.
Because around the same time, Facebook was getting comfortable with its new X-ray vision,
the rest of the internet was busy building bulletproof curtains.
The reason was named Edward Snowden.
In 2013, his leaks blew the lid off how aggressively governments had been hoovering up internet traffic
and the entire tech industry went into emergency mode.
The standard at the time was HTP, and the old version of the web protocol that essentially shipped your data around in clear glass boxes.
Anyone sitting on the network, your internet provider, a hacker in a coffee shop, a government agency with too much budget,
could read your messages, your searches, and your photos as easily as reading a postcard.
Snowden's revelations turn that arrangement from a nerdy concern into a public scandal.
Within a couple of years, the web pivoted hard to HTTP, which is basically the same idea
except the glass box is replaced with a steel safe. Your traffic still travels across the internet,
but now it's scrambled into gibberish, and only the intended recipient holds the key to unscramble
it. Snapchat, like nearly every serious app, jumped on the HTTP train as fast as possible.
Their traffic became a black box. Even if you intercepted it mid-flight, all you'd see was a wall of
nonsense, which sounds great, which is in fact mostly great, except for one little detail in how
all of this trust actually gets built, a detail that would turn out to be the loose thread in
the entire sweater. To understand how that thread comes loose, you have to know how the internet
decides who to trust in the first place. Every time your phone connects to a secure website or
app, the other side has to prove it's actually who it claims to be. Otherwise, you'd just be
tossing your password into the void and hoping for the best. The way it proves its
is by handing over something called a digital certificate.
Think of it as the website's passport,
a piece of cryptographic paperwork that says,
yes, I really am Snapchat.com,
and here is a signature from someone trustworthy to back it up.
The someone trustworthy is called a certificate authority,
and they are basically the digital equivalent of a notary public,
except they live in massive data centres
and run on caffeine and audit reports.
When a certificate authority signs your passport,
every device on the planet should accept it as legit.
The catch is, your phone needs to know which notaries to trust in the first place.
So tucked away in a protected storage area on every iPhone and Android device on Earth,
there's a built-in list of pre-approved certificate authorities, hundreds of them,
companies like DigiCert, Let's Encrypt, Sectigo,
plus a long tail of national authorities and government ones.
When an app connects to a server, your phone checks the certificate against this list,
and if there's a match somewhere in the chain, the green padlock appears and life moves on.
Most users have never opened this list. Most users don't even know it exists. It just works in the
background, invisibly, like the boring grown-up of the internet keeping everyone from screaming
at each other. Here's the part that turns out to matter. By default, almost every app trusts the entire
list. If any of those hundreds of authorities signs a certificate claiming to be Snapchat.com,
the app will accept it without complaint.
That's fine when everyone in the system behaves.
But what if someone managed to get a certificate authority added to your phone's trust list
that wasn't actually on the original master list?
What if you installed a new authority yourself?
Say, because some friendly-looking app you trusted asked you to.
Suddenly that authority can sign fake passports for any website in the world,
and your phone will salute and let it pass.
There is a defence against this.
It's called certificate pinning,
and it's the digital equivalent of telemarking.
your bouncer not only what a fake ID looks like, but exactly what the real one looks like,
down to the watermark. An app with certificate pinning doesn't trust the entire master list. It only
trusts a specific certificate, hand-picked by its developers, and hard-coded into the app itself.
If anything else shows up at the door, even a perfectly valid signature from a legitimate authority,
the app refuses the connection and shuts the whole conversation down. Pinning is the gold standard
for sensitive apps. Banking apps tend to use it. Some messaging apps use it. It costs developers
some hassle, because every time you rotate certificates, you have to push an app update,
but it makes interception almost impossible. Unfortunately for Snapchat in 2016, they were not
using certificate pinning. Their app trusted the entire built-in list, like most apps on the app store.
That tiny technical decision, a default setting that 99% of developers don't think about,
turned out to be the perfect crack in the wall.
It meant that if Facebook could somehow convince a user
to install a new certificate authority on their own phone,
Facebook could then sign fake certificates pretending to be Snapchat,
and Snapchat's app would happily believe it was talking to the real server.
The math was almost too convenient,
and Facebook, sitting on top of a Navvo,
was about to realise it had exactly the delivery mechanism it needed,
which brings us to June of 2016,
and to the kind of email that should probably never be sent in writing,
but inevitably gets sent anyway because powerful people seem allergic to the concept of subtlety.
According to documents later revealed in court filings, Mark Zuckerberg fired off a short,
brutal message to three of his top executives. The substance was simple.
Snapchat traffic is encrypted. We can't see what's happening inside it. We have no real analytics
on the fastest growing app in our category, and that is unacceptable. Find a way around it.
Be creative. Make it happen.
Anyone reading that email today can practically hear the corporate panic vibrating off the screen.
That email is the moment of vague competitive frustration crossed the line into a defined intelligence
operation. Inside the company, a project was spun up to do exactly what Zuckerberg had asked for.
The name they gave it was Project Ghostbusters, a winking nod to Snapchat's little ghost mascot
because evidently nothing says professional corporate espionage like a pop culture pun.
The official mission was internally described in much more polite language, but the reality was clear.
The team's job was to figure out how to peek inside encrypted traffic from competing apps,
not just Snapchat eventually.
YouTube and Amazon would later get added to the wish list, but Snapchat was the first target.
Snapchat was the white whale, and here is where the story gets darker, because not everyone
inside Facebook nodded along.
According to internal emails that surfaced years later as part of class action litigation,
several senior people at the company looked at the plan and basically lost their minds.
One executive in the Infrastructure Division wrote,
in language that almost never appears in corporate email,
that he could not think of a single justification for why this would be acceptable.
His exact words, according to the filings,
were along the lines of saying that nobody responsible for security
would ever sign off on something like this.
He wasn't drafting a press statement.
He was sending a private message to colleagues,
saying out loud that what they were being asked to build was over the line. He was not alone.
Other engineers and security leads inside the company raised similar objections.
They pointed out that the whole approach essentially required tricking users into installing
a backdoor on their own phones. They argued it could expose Facebook to serious legal risk.
They warned that it would amount to a betrayal of the very trust the company kept claiming to value
in its press releases. These were not external critics. These were the people Facebook had hired
specifically to think about this kind of thing. Their job was to be the brakes on the car.
And then management did what management often does when the brakes start beeping. They ignored the
brakes. The objections were overruled, the project was greenlit, and the actual mechanics of how
to spy on encrypted traffic were handed to a smaller, quieter team that would build something
the rest of the world would only learn about years later, when the receipts finally came out.
The team that took on the actual dirty work had a problem to solve that was, on paper, technically,
impossible. Snapchat's traffic was scrambled. The keys to unscramble it lived on Snapchat's servers
and on the user's phone, and nowhere else. There was no magic decryption algorithm to break.
Modern encryption, when it's done right, would take all the computers on Earth working together
until the heat death of the universe to crack by brute force. So the engineers at Facebook did what
every good hacker eventually figures out. If you can't break the lock, don't bother. Walk around
it. The lock only protects the front door. There are always other.
other ways into the house. The way they chose was elegant in a deeply unsettling sort of way.
Instead of trying to read encrypted traffic, they would convince the user's phone to encrypt it
twice. Once for Facebook, then again for Snapchat. The trick was to insert themselves into
the middle of the conversation so smoothly that neither side would notice. In the security world,
this attack has had a name for decades. It's called a man in the middle attack, and it's exactly
what it sounds like. You stand between two people who think they're talking privately, you pretend to be
each of them to the other, and you quietly read every message that passes through your hands while
smiling and nodding. Until 2016, this was the sort of thing covered in cybersecurity textbooks
under the section called Bad Things that hackers do. Now it was about to become a quarterly
product strategy at a publicly traded company. To pull it off, Facebook needed two ingredients. The
first was a way to get a fake certificate authority installed on the user's phone, because without
that the entire plan collapses. The second was a piece of infrastructure that could sit on Facebook's
servers and do the actual interception in real time. The first part was almost embarrassingly easy.
OnoPOTECT, the so-called privacy VPN that millions of people had voluntarily downloaded,
asked users during setup to install something called a trusted route certificate on their device.
The wording in the prompt was friendly and reassuring.
Something about enabling secure connections, optimizing your protection, making sure the VPN could do its job properly.
Users tapped accept the way they accept cookie banners in terms of service, which is to say, without reading a single syllable.
That single tap was the entire ballgame. The moment the certificate was installed, the user's phone added Facebook to its short list of trusted notaries.
From that point on, any certificate signed by Facebook would be accepted by the phone as legitimate, even for websites and,
and apps that had nothing to do with Facebook. Your phone now believes deeply and sincerely
that Facebook was qualified to vouch for the identity of literally any service on the internet,
which is roughly as wise as letting your nosiest neighbour write notes excusing you from work,
weddings, and federal court. But the user had agreed, technically, somewhere in the fine print,
so Facebook felt morally fine about it, or at least legally fine, which in Silicon Valley
is often the same thing. The second ingredient lived in Facebook.
Facebook's own infrastructure.
The internal tool they built for this had the cheerful name Squid, which sounds like a children's
cartoon character, but was in fact one of the most aggressive pieces of corporate surveillance
software ever assembled.
Squid sat as a server in the middle of the user's connection.
When a Snapchat user opened the app and tried to talk to a Snapchat server, that request
had to pass through Onavo first.
Onavo, instead of letting the request continue normally, handed it over to Squid.
Squid would then create two completely separate encrypted conversations.
On one side, it pretended to be Snapchat and talked to the user's phone.
The phone, seeing a certificate signed by the freshly installed Facebook route, smiled and accepted it.
On the other side, Squid acted as a normal user and talked to the actual Snapchat server.
Snapchat, seeing a perfectly ordinary request, smiled and answered.
In between, in that tiny invisible gap, every message was briefly unencrypted on Facebook's servers,
analytics data, usage patterns, click behavior, the structure of internal API calls,
the engagement signals Snapchat itself relied on to improve its product.
All of it was decrypted, copied off to Facebook's data warehouses, and then re-encrypted
and sent on its merry way as if nothing had happened.
From Snapchat's perspective, the conversation looked completely normal.
The traffic patterns matched what they'd expect from a real user.
There were no alarms, no warnings, no telltale signs that anyone was left.
listening. They were essentially being robbed in slow motion by a thief who waved at them through
the window every morning, and the irony of the whole setup deserves its own commemorative plaque.
The product Facebook was selling to users, with all that warm, fuzzy branding about protection
and shielding your data from prying eyes, was itself the single largest prying eye on the
consumer market. Honavo Protect was advertised as a VPN that would keep your information safe
from hackers, snoops and creeps lurking on public Wi-Fi at coffee shops. Naturally, the very
company shipping that promise was running the most ambitious snooping operation in the room. It was like
buying a guard dog from a guy who turned out to be the burglar, and finding out only after the dog
had been quietly photographing your living room for two years. What makes the whole scheme
even more darkly impressive is how routinely it worked. This wasn't some occasional thing,
it was an industrial pipeline. Day after day, week after day, week
After week, millions of taps inside Onarvo were getting silently rerouted through Squid.
The data warehouse on Facebook's side was filling up the kind of granular behavioral information
that no legitimate market research firm could ever buy at any price.
Facebook now knew not just what Snapchat users did, but how often they did it,
in what order, on what kind of phone, in what part of the world, and with what kind of friends.
They were essentially watching Snapchat's product analytics dashboard, in real time from the inside,
with better numbers than Snapchat itself had on most metrics,
because Facebook could see absolutely every user,
not just the ones who agreed to share data with Snapchat directly.
And once that pipeline was producing,
the next obvious question inside Facebook became,
What do we actually do with all this?
Because data on its own is just expensive sand.
The whole point was to turn it into a weapon,
and Facebook's product teams were sharpening their knives.
The first and biggest payoff came with Instagram stories.
By 2016, Instagram had been part of Facebook for four years and was already a hit,
but it was bleeding attention to Snapchat's signature feature.
The disappearing photo and video format Snapchat had basically invented.
For a long time, Facebook's engineers and designers had been guessing about which exact mechanics
of Snapchat made it so sticky for teenagers.
Was it the disappearing nature of the content?
The doodling tools, the friendless structure, the face filters, the replies feature,
the way notifications worked.
Until Ono, all of that was educated guesswork and rumour.
With Anavo's pipeline running full speed, the guessing stopped.
The team could see, with painful precision,
which Snapchat screens kept users glued,
which features drove repeat sessions,
and which little design choices kept teens coming back
at three in the afternoon when they should have been doing geometry homework.
In August 2016, Instagram launched Stories,
same vertical full-screen format, same 24-hour expiration, same swipe-up navigation, same sticker and text overlay tools.
The Instagram head, Kevin Sistram, openly admitted in interviews that the team had taken obvious inspiration from Snapchat,
which was the corporate equivalent of saying, yes, we copied their homework, but we changed the name at the top.
What Sistram did not mention, and probably did not even know in detail,
was that the precise design choices being copied had been informed by Ono data,
showing exactly which of those features were most addictive.
The team had a cheat sheet that nobody outside the company knew existed.
The result was catastrophic for Snapchat.
Within a year of stories launching on Instagram, Snapchat's growth absolutely flatlined.
The company had been adding millions of new daily users every quarter.
Suddenly that number dropped to near zero, then briefly went negative.
When Snap Inc went public in early 2017, the stock initially soared on excitement.
Then the Instagram story's effect started showing up in the numbers.
The stock collapsed, losing more than half its value in a brutal stretch.
Evan Spiegel, the founder who had so casually turned down billions of dollars from Zuckerberg a few years earlier,
suddenly had a much harder time recommending the same move at parties.
Internally at Snapchat, employees later described the period as feeling like getting hit by a truck that nobody had heard coming.
The truck, of course, had a license plate that read Onavo.
Stories was not the only example.
According to Wall Street Journal reporting that came out years later,
Ono's data was also responsible for tipping Facebook off to a smaller,
but rapidly rising threat in the live video space.
Two apps called Mirkat and Periscope had appeared in 2015,
allowing users to broadcast themselves live to followers in real time.
To the outside world, they were quirky experimental apps used mostly by tech enthusiasts.
To Facebook, looking at Onavo's view of mobile traffic, they were the early warning signal
of a coming category.
Unavo data reportedly showed unusually fast growth in usage time and retention for live video,
particularly among younger users in the United States.
Facebook responded within months.
They launched Facebook Live, through the entire weight of the platform behind it,
paid celebrities and publishers to use it, gave it preferential ranking in the news feed,
and within a year had effectively flattened both Mirkat and
Periscope into footnotes. Periscope, owned by Twitter, lingered for a while before being quietly
shut down. Mircap pivoted, then pivoted again, then disappeared from most app stores. Both companies
had been blindsided by how quickly Facebook had identified the trend and rolled out a competing
product at scale. Pattern after pattern, the same story played out. A small app would start gaining momentum,
Unavo would notice. Facebook's product teams would receive a tidy internal report telling them
exactly what features were driving the growth, on which devices, in which countries, with which
demographics. Engineers would build a clone, often with a few extra bells and whistles, and the giant
distribution machine of Facebook and Instagram would drop it on top of the audience like a piano
falling out of a sky. Months later, the original app would be struggling or sold. Facebook would post
another solid earnings quarter. Analysts would marvel at the company's mysterious ability to always
see the next trend coming. What's striking is how confidently Facebook publicly described its own
product strategy during this exact period. Press releases talked about listening to users, watching trends,
responding to consumer demand. Executives gave keynote speeches about innovation and user-first
design. The phrase that did not appear in any of those speeches for some reason was industrial-scale
digital wire-tapping. That part of the strategy stayed inside the building, and as long as it stayed
inside the building the gravy train kept rolling, but the VPN had a ceiling, and Facebook was
already building something far more invasive. The reckless decision was called Project Atlas internally,
and it had quietly been running on a parallel track to the Onavo operation since around 2016.
The basic complaint inside Facebook was simple. Onavo was great, but it was a VPN. Users had to
actively install it and keep it running, which limited the audience to people interested in.
in mobile data savings.
That meant most of the data was coming from adults
in budget conscious regions,
not from the demographic Facebook actually cared about most.
The demographic Facebook cared about most
was teenagers, specifically American teenagers,
the same group that had been quietly abandoning Facebook
for years, the same group that lived on Snapchat and YouTube
and a dozen other apps Facebook desperately wanted to understand.
The product team wanted full visibility
into how those kids actually spent their digital lives,
not aggregated, not partial, full.
The solution they cooked up was both technically clever and ethically catastrophic.
Instead of disguising surveillance as a free VPN, Facebook decided to just pay people to be surveilled.
The program offered up to $20 a month, plus referral bonuses,
in exchange for installing something called the Facebook Research VPN.
$20 a month is not a fortune by adult standards.
It barely covers a streaming service.
But to a teenager whose entire monthly economy revolves around fast food and concert tickets,
$20 bucks a month for tapping except on an installer is essentially free pizza money for life.
The math, from a corporate perspective, was unbeatable.
For roughly the cost of a single banner ad campaign,
Facebook could buy total visibility into a target user's phone for a year.
There was, however, a tiny problem.
No teenager who saw a recruitment ad from a company literally called Facebook
would have agreed to install a VPN labelled Facebook research.
Even teenagers, who as a group have not historically been famous for their cautious decision-making,
have enough self-respect to draw the line at handing Mark Zuckerberg their text messages
for the price of a movie ticket.
So Facebook went out of its way to hide the fact that Facebook was running the program at all.
The recruitment was outsourced through a small constellation of beta-testing companies.
The names that surfaced later in reporting included beta-bound, applause, and you-test.
These were legitimate companies in the field of consumer software testing.
Their normal business model was to recruit ordinary users to try out unreleased apps
and provide feedback in exchange for small rewards, totally standard stuff.
But for this particular project, their job description quietly expanded into something stranger.
They would post ads on social media platforms looking for participants in a research study about teen and young adult internet habits.
The ads were colourful, friendly, and full of vague language about helping researchers understand
how young people use the internet.
Nothing in those ads mentioned Facebook.
According to later TechCrunch reporting, in some cases the participants were not told
that Facebook was the client until well after they had agreed to join.
In other cases, they were never told at all.
They simply assumed they were helping out an academic study or a generic market research
firm.
The minimum age for participation was set at 13, which is technically the same means.
minimum age Facebook itself uses for its main platform. From a public relations standpoint,
this was the company hoping that a 13-year-old plus a permission box equals informed consent.
From a common-sense standpoint, this was a multinational corporation paying actual middle
schoolers to surrender their digital lives. Parental consent was required on paper,
but the actual verification process was, by most accounts, a checkbox.
Nobody from Facebook was driving out to suburban houses to confirm that mom and dad had really read
the agreement, the system relied on participants and their parents to police themselves,
which is roughly as effective as relying on a child to police the cookie jar.
The technical side of Project Atlas was even more aggressive than a Navvo setup.
Once installed, the Facebook Research VPN demanded the same kind of route certificate trick.
But this time, because Facebook needed access to deeper data,
the program also asked users to enable special permissions that went well beyond what a normal VPN ever requires.
The full surveillance package included almost everything that crossed the phone.
Private messages on platforms like Instagram, Snapchat and WhatsApp.
Emails. Web searches. The exact apps the user opened, when and for how long.
Location data, sometimes in real time.
Photos and videos sent through messaging apps.
In some configurations, the app reportedly even captured purchase activity from Amazon
and a handful of e-commerce platforms.
It was, in practical terms, total information access on the device.
Anyone holding that data could reconstruct a participant's daily life in detail, who they talk to,
what they said, where they went, what they bought, what they watched, what they hid from their parents.
To actually deliver this on iPhones, Facebook had to do something genuinely audacious,
because the App Store would never have approved an app like this in a million years.
Apple's review process, while imperfect, is famously hostile to apps that hoover up that much user data.
Facebook knew that.
So they decided to go around Apple entirely by abusing a back channel called the Apple Enterprise Developer Program.
This program was originally designed for one extremely narrow purpose.
Big companies that build internal apps for their own employees,
a customized inventory tool for warehouse staff, say,
or a private dashboard for the company sales team,
can use enterprise certificates to distribute those apps internally without going through the App Store.
The whole point is that the program is for employees only.
It is explicitly in writing in the developer agreement, not allowed to be used to distribute
apps to consumers, even paying consumers.
Facebook used it to distribute apps to consumers.
Specifically, the Facebook Research VPN was packaged as if it were an internal corporate tool
signed with Facebook's enterprise certificate and then handed out to teenagers and young adults
across the country.
To install it, participants had to navigate a slightly weird process.
They had to visit a special link, manually approve the installation, and click past a series of warnings from iOS that essentially said, hey, this app is signed by a company you do not work for. Are you absolutely sure you trust them with everything on your phone? In a sane world, those warnings would have made anyone bail out. In the world of a 14-year-old who's been promised $20 a month, those warnings were just an annoying extra screen on the way to the prize. Tap, tap, tap, and welcome to Total Surveillance Kid. Enjoy your support.
For about three years, Project Atlas chugged along quietly in parallel with the Onovo pipeline.
Facebook collected a torrent of granular data on exactly how teenagers behaved online.
Not theoretically, not in surveys, but in raw captured digital activity.
Strategy teams used the data to plan products.
Acquisition teams used it to scout future competitors.
Advertising teams used it to refine targeting models.
The whole operation hummed along behind a wall of corporate silence.
Nobody on the outside, including most people inside Facebook, had any idea that their employer
was paying teenagers to surrender their phones in exchange for pizza money.
Until January 2019, when the wall finally cracked.
A reporter at TechCrunch named Josh Constine, working with a young security researcher
named Will Strafatch got hold of details about the program and started digging.
Strafetch had a particular gift for tearing apart iOS apps to figure out what they actually did,
and once he turned that flashlight on the Facebook Research VPN, the picture was damning.
When you're a mid-sized business, you need every competitive advantage you can get.
Like an AI solution that works for you, not against you.
SAP Grow is built with AI embedded at its core, working across every system,
and it's ready to go from day one so you can hit the ground running.
Bring it with SAP Grow, AI Cloud ERP for any size business.
Hey y'all, it's Kelly Clarkson with Wayfair. Ever order furniture online and wonder what if?
Like, what if it doesn't hold up? That sofa was four days old. You should have ordered from Wayfair.
With Wayfair, there's no what if. Just style you love and quality you can trust. Visit Wayfair.com.
Wayfair, every style, every home.
The technical methods, the certificate abuse, the level of access being granted, the age of the participants.
All of it pointed toward an operation that violated Apple's rules at virtually every step and arguably violated a fair reading of basic.
consumer protection law. The story went live on the afternoon of January 29, 2019, and the internet
did what the internet does best. It exploded. Facebook's response was almost comical in its speed.
Within about seven hours of the article appearing online, the company had voluntarily yanked the
iOS version of Facebook research from circulation. Statements were issued. The company tried to argue
that the program had been legitimate, that participants had been fully informed that everything was
consensual. Almost nobody bought it. Apple, in particular, did not buy it. Apple's stance on the
enterprise developer program had always been that abusing it was a fast path to the corporate
equivalent of a parking ticket with teeth. Within hours of the story breaking, Apple revoked
Facebook's enterprise certificates entirely. That move triggered a small earthquake inside Facebook
itself, and this is the part that journalists at the time found genuinely funny.
Apple's certificate revocation did not just disable the spyware.
app. It disabled every single internal app Facebook used to run its own business. Employees at Menlo
Park suddenly found that the campus shuttle bus tracking app didn't work. The internal lunch menu app
didn't work. The pre-release versions of Facebook and Instagram that engineers used to test new features
didn't work. Various private collaboration and conference tools didn't work. For roughly a day and a half,
one of the most powerful technology companies in human history was effectively reduced to text
messages and email because its in-house apps had been digitally geared-teened by Cupertino.
Several Facebook employees later told reporters that the mood that day was somewhere between
confused, embarrassed and quietly amused. Apple eventually restored the certificates after Facebook
pulled the offending program and promised in writing to stop abusing the system. The certificates
came back. The internal app started working again. The lunch menu was once again readable.
order was restored, but the public reputation damage stayed. In the years that followed,
regulators around the world tried, with varying degrees of seriousness, to do something about all of
this. In 2020, the United States Federal Trade Commission slapped Facebook with the largest
privacy fine in its history at the time. Five billion dollars, which sounds enormous until you
remember that Facebook earns roughly that amount in a single very good month of advertising. The fine
was tied mostly to the Cambridge Analytica scandal, rather than Anavo specifically, but the broader
pattern of privacy abuse was right there in the paperwork. In 2023, the Federal Court of Australia
issued a ruling specifically about Anavo. The court found that Facebook Israel and Anavo Inc had misled
Australian consumers about the data collection practices of Anavo Protect. The court ordered the
company to pay roughly $13 million in penalties. The financial press did the math at the time,
and pointed out that this represented approximately two hours of Meta's revenue.
Two hours.
The total accountability for years of global surveillance amounted in cash terms to lunch
and an afternoon for one of the largest corporations on Earth.
Ono Protect itself had been shut down earlier in 2019,
after Apple booted it from the App Store for violating data collection policies.
Google followed shortly after on Android.
The Ono brand quietly vanished from the consumer market.
Facebook absorbed the team and the underlying technology,
rebranded the work and kept doing the same kind of mobile analytics in less obvious ways.
Project Atlas was disbanded as a named program, but,
according to later reporting, the company continued to run various paid research panels
that collected very similar kinds of data,
just with better legal paperwork and slightly less aggressive technical methods.
The most lasting effect of the whole affair, though,
is not anything you can point to in a courtroom.
It is a slow shift in what people now consider normal.
Before Anarvo and Project Atlas became public knowledge,
the idea that a major company would secretly pipe your encrypted traffic
through its own servers and read it for competitive intelligence
would have sounded like a paranoid conspiracy theory.
After Anarvo and Project Atlas became public knowledge,
it became a fact people sort of shrugged at over coffee.
The story made headlines for a week,
generated some angry op-eds,
and then quietly dissolved into the general background noise of tech industry scandal.
The fines were paid. The executives kept their jobs. Mark Zuckerberg's net worth continued to climb.
Snapchat survived as a company, but never recovered the trajectory it had been on before Instagram stories.
Apple tightened its certificate program. Regulators wrote longer reports,
and the rest of us got used to the idea that privacy is now a kind of currency, not a right.
most of it is just there, baked into the assumption of modern digital life, and almost impossible
to opt out of without abandoning the conveniences that come with it. The Ornavo story is not just
the story of one app that got caught. It is the story of how an entire era learned to expect
this kind of behaviour from its biggest companies, complained about it for a moment, and then
went right back to scrolling. Mark Zuckerberg did not invent that bargain, but for a couple of very
profitable years, he absolutely perfected it. If you made it this far, thank you for sticking
around through this rabbit hole of corporate surveillance, screaming engineers, and certificates
being passed around like fake IDs at a high school party. Drop a comment with the part of the
story that surprised you the most, and let me know which company you think deserves the spotlight
in the next one. Hit that subscribe button if you want more stories like this, and I will see you in the
next video.