WhatsApp Privacy Update

Update 24/01/21: WhatsApp have pushed back the deadline for accepting this privacy change (official announcement).

Original article:

If you run WhatsApp on your phone, it will have felt like pretty much as soon as the clock tolled midnight on December 31st 2020, we left the European Union, and the app started pestering us about a privacy policy update. Yes, of course, the two events are linked.

But first let’s cut to the case:

  1. UK users are, for the moment, exempt from the nasty data-sharing clauses of this new privacy policy and
  2. if you run the Facebook app on your phone, you might as well accept the new privacy policy in WhatsApp anyway, because Facebook already know far more about you from that app than WhatsApp can tell them via this new policy.

So! No big deal?!

Well, for the moment, no. However, if you’re a study of prior Facebook practices when it comes to privacy, you’ll be as sceptical as I. You’ll be wondering why they’re foisting this privacy policy on us if we’re exempt from the only benefit they get by doing so. And I suspect that while the EU will continue to be exempt from the data sharing aspects, I doubt the UK will be. How long will the data sharing remain exempt for UK users? Who knows. But without the clout and threat of the European Commission going to war on WhatsApp over data sharing like they did in 2018, I suspect it won’t be long.

When we left the EU, we left behind the protection offered by GDPR. This, despite the fact that we agreed to adhere to GDPR standards after brexit – one of the many instances of how we remain beholden to the EU’s standards, but now lack any input to how they are structured and applied, nor protected by them.

What data does WhatsApp want to share with Facebook? WhatsApp always used to share your name and phone number, but now will add the details of the user’s internet connection (including location) and any financial transactions made over WhatsApp, along with your contacts list and your status updates. Messages will, however, remain end-to-end-encrypted (E2EE), so neither WhatsApp nor Facebook will see the content of your messages.

Again, this is nowhere near the levels of invasion conducted by the Facebook app. That app collects everything that WhatsApp does, but also the Wi-Fi networks you connect to, your location, the data masts your phone uses (in case you turn your location service off, this acts as a backup), the type of phone you have, and all the other apps you have installed on your phone. Thanks to Facebook’s SDK, many apps will also report that you open them. Also, any messages you sent or received on Facebook’s “Messenger” platform are visible to the firm, unless you chose the “secret message” functionality. All of this allows Facebook to build an immense portfolio on your day to day habits, creating a compelling advertising profile that they can both take advantage of, and use as a selling point for their services.

What are the alternatives? The two making headlines at the moment are Signal and Telegram. In terms of a like for like experience, Signal (Google Play / Apple Appstore) is the clear winner. The sign-up process is the same (get a text to your phone number and you’re done), the experience is the same (chats, group chats, emoji, group names/pictures, etc), and the feature set is nearly identical (end-to-end-encryption, text, voice and video chat). Signal is missing Live Location, payment and broadcast functions of WhatsApp. The biggest missing feature, perhaps, is a web front-end. However, Signal do echo that functionality in their desktop apps, available for Windows, OSX and Linux.

For more on Signal, you can read this Guardian article outlining the WhatsApp controversy.

Signal is funded by the nonprofit Signal Technology Foundation (donate here), and is open-source software (github), running on Whisper Systems open-source protocol (wikipedia) of the same name. This makes it extremely trust worthy. Indeed, WhatsApp claim to use the signal protocol for their own messaging platform.

Like all underdogs in the tech industry, however, Signal needs the numbers to create a tipping point. That Guardian article I linked above notes that while Signal was being downloaded roughly 250 thousand times a week in the lead up to this privacy gaff, it spiked at nearly 9 million downloads the week after. Like WhatsApp, when you download the app and grant it access to your contacts, you’ll only see those people who have already downloaded the app, so you can instantly gauge whether or not you can feasibly transition away from WhatsApp.

But ultimately, the choice remains yours. You’d be crazy to trust Facebook at this stage, but perhaps you’re comfortable with the data they have. It boils down to convenience for a lot of people and if the price of that convenience (your privacy) is something you’re comfortable with, only you can make that call.

Still, it can’t hurt to download Signal and give it a whirl!

Scaine has written 15 articles

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>