@itsalexvacca: Facebook once bought a VPN app...
@itsalexvacca
29 views
Jul 31, 2025
1
Facebook once bought a VPN app for $120M and turned it into a surveillance tool that spied on 33M+ users' entire phones for years.
This app helped Zuck buy WhatsApp for a whopping $19B and break Snapchat's encryption.
Thread
This app helped Zuck buy WhatsApp for a whopping $19B and break Snapchat's encryption.
Thread
2
The name of this Israeli app was Onavo.
It promised to “secure your data” and reduce mobile data usage.
When Facebook bought it in 2013, Zuck said the app would help them connect more people to the internet.
Facebook even promised to keep Onavo running as a standalone brand.
It promised to “secure your data” and reduce mobile data usage.
When Facebook bought it in 2013, Zuck said the app would help them connect more people to the internet.
Facebook even promised to keep Onavo running as a standalone brand.
3
But Onavo operated as a VPN that routed all your phone's internet traffic through Facebook's servers before sending it anywhere else.
Facebook could see:
• Every app you opened
• How long you used it
• Which websites you visited
• And at what time you used each app
Facebook could see:
• Every app you opened
• How long you used it
• Which websites you visited
• And at what time you used each app
4
What did this mean for Facebook?
It meant that Zuck could see exactly which one of Facebook's competitor was growing popular among people.
Look how Facebook was tracking these apps (revealed in the court later):
It meant that Zuck could see exactly which one of Facebook's competitor was growing popular among people.
Look how Facebook was tracking these apps (revealed in the court later):
5
By 2016, this data revealed Snapchat was exploding in popularity.
But there was one problem: Snapchat's traffic was encrypted, so Facebook couldn't see how people were using it.
In an email, Zuck says:
It seems important to figure out a way to get reliable analytics about them
But there was one problem: Snapchat's traffic was encrypted, so Facebook couldn't see how people were using it.
In an email, Zuck says:
It seems important to figure out a way to get reliable analytics about them
6
Facebook's started "Project Ghostbusters" - named after Snapchat's ghost logo.
They would use "man-in-the-middle" attacks to break Snapchat's encryption.
Within a month, Facebook's engineers built "kits" that could intercept Snapchat's data before it got encrypted.
They would use "man-in-the-middle" attacks to break Snapchat's encryption.
Within a month, Facebook's engineers built "kits" that could intercept Snapchat's data before it got encrypted.
7
Facebook created custom client & server side code based on Onavo’s VPN proxy app.
This code included a client-side “kit” that installed a root certificate on Snapchat users’ mobile devices.
Then Facebook’s servers created fake digital certificates to impersonate Snapchat analytics servers to redirect & decrypt secure traffic from those apps to Facebook.
This code included a client-side “kit” that installed a root certificate on Snapchat users’ mobile devices.
Then Facebook’s servers created fake digital certificates to impersonate Snapchat analytics servers to redirect & decrypt secure traffic from those apps to Facebook.
8
Seeing Snapchat's success, Zuckerberg offered to buy it for $3 billion.
But when Snap's CEO refused the offer, Facebook launched Snap's most famous feature on Instagram - Stories.
But when Snap's CEO refused the offer, Facebook launched Snap's most famous feature on Instagram - Stories.
9
But this wasn't just about Snapchat.
Facebook used Onavo to systematically monitor Houseparty, YouTube, Amazon, and dozens of other apps.
Any rising competitor was identified, analyzed, and neutralized.
Facebook used Onavo to systematically monitor Houseparty, YouTube, Amazon, and dozens of other apps.
Any rising competitor was identified, analyzed, and neutralized.
10
Apple forced Onavo off the App Store for violating privacy rules.
So Facebook rebranded it as "Facebook Research" and started paying teens $20/month to install it on their phones.
When Apple found out, they revoked Facebook's certificates, breaking ALL of Facebook's iOS apps.
So Facebook rebranded it as "Facebook Research" and started paying teens $20/month to install it on their phones.
When Apple found out, they revoked Facebook's certificates, breaking ALL of Facebook's iOS apps.
11
Onavo shows how Big Tech weaponizes our trust.
33 million people installed privacy protection that was actually the most sophisticated corporate surveillance tool ever built.
33 million people installed privacy protection that was actually the most sophisticated corporate surveillance tool ever built.
12
Thanks for making it to the end!
I'm Alex, COO at ColdIQ. Built a $6M ARR business in under 2 years.
Started with two founders doing everything.
Now we're a remote team across 10 countries, helping 400+ businesses scale through outbound systems.
I'm Alex, COO at ColdIQ. Built a $6M ARR business in under 2 years.
Started with two founders doing everything.
Now we're a remote team across 10 countries, helping 400+ businesses scale through outbound systems.
13
RT the first tweet if you found this thread valuable.
Follow me @itsalexvacca for more threads on outbound and GTM strategy, AI-powered sales systems, and how to build profitable businesses that don't depend on you.
I share what worked (and what didn't) in real time.
Follow me @itsalexvacca for more threads on outbound and GTM strategy, AI-powered sales systems, and how to build profitable businesses that don't depend on you.
I share what worked (and what didn't) in real time.
View Tweet