Project Atlas: Facebook has been secretly paying Iphone users to install an all-surveilling "VPN" app

Originally published at:


The program recruits users aged 13 to 35

It’s deeply weird they are only interested in users not old enough to run for President.


$20/month in mixed gift cards seems awfully low for granting Facebook pretty much exactly the same level of access(screenshots and article description appear to show an MDM enrollment, added root cert; plus associated application) that your friendly local IT department has(but probably lacks the expertise to do anything nearly as interesting with) on devices it owns.

Somewhere there is, or soon will be, a teenager making bank on feeding the system plausible noise from many virtual devices.


Facebook has been secretly ________…



No, it’s ok, Facebook, like all online companies, takes user privacy extremely seriously.


At least in this case they’re actually paying people for their data, which strangely feels kinda refreshingly honest…


Doing this is in direct violation of Apple’s TOS for developers. If it were a regular startup, doing something like this would get their apps kicked off the app store in jig time. Facebook is assuming they are too big to ban from the app store. (eta: basically saying to Apple, “you wouldn’t dare punish us for doing this,” and it’s true that the only punishment Apple can mete out is to ban Facebook’s apps from the store, which would make hundreds of millions of their customers unhappy because this isn’t some startup, it’s Facebook)

OTOH, Apple is going to lose a lot of face if they roll over and let Facebook walk all over them like this. It’ll be interesting to see which corporate behemoth is going to win this game of chicken.

CF Gruber’s take, where he characterizes this as Facebook declaring war on Apple’s TOS for IOS developers.


Any legal experts out there know how this is legal given wiretapping laws? I mean, they’re not the service provider and are apparently eavesdropping (and likely recording) communications they are not a party of. As far as I am aware, many states require that all parties being wiretapped consent unless there is some specific exception. I’m not sure a teenager can easily be a “consenting” party, and find it a bit of a leap to say a parent could easily sign off on such a carte blanche “consent”.


Don’t forget the lede is that he considers Facebook a criminal enterprise betting that its size will let them get away with it. Me, I would be whispering “Lehmann Brothers” in their ears if I cared about them.


Now we know that our data is worth 20$ a month or 240$ a year.

1 Like

Time was that it seemed that FB were just incompetent or unthinking, and their app so complex and badly designed that leaking data was an obvious consequence. It has been clear for a while that they are actively trying to subvert user privacy. IIUC, this latest set of shenanigans means someone in FB deliberately designed a scheme to con users into parting with a load of data, withut making it clear to them that this was the objective, and did so by hijacking another platform (Apple) by clearly and knowingly contravening its rules.

Maybe someone will be along to educate me (never been on FB) but in what universe is this not a basis for a civil case against FB, if not a criminal one?


I wonder if Apple’s solution will be to ban the apps that allow this one to be installed in the first place; Applause, Betabound, and Utest?

I don’t use any of those apps, so I don’t know what their point is, except to allow an end run around Apple’s wall and into the garden. But if it’s between upsetting those app users/owners, and millions of FB users, I would bet they take that path.

Also, “Project Atlas”, Facebook? Really? Shrug.


Ugh. This clown.

I keep saying Facebook is a criminal enterprise, and I’m not exaggerating. Sometimes a bully needs to be punched in the face, not just told to knock it off.

Apple is a bully. When they get punched in the face gruber goes apeshit about it, or denies it happened.

I’ve been using Apple since the 1980s, so I may be biased. Still, I think Gruber is right about this, and he’s been right about this for a while. As for “punching a bully in the face”, well, that’s been Tim Cook’s attitude all along: he does not like being in the limelight, but he has a strong moral compass. One of his red lines has always been protecting the user’s privacy.

And now Apple has used the nuclear option, so to speak. ALL of their developer certificates have been revoked.

This topic was automatically closed after 5 days. New replies are no longer allowed.