What’s going on with WhatsApp?
Given how pervasive WhatsApp is, and how little most people typically care about their personal data when it comes to apps and services they rely on so heavily, I suspect most people won’t think twice about just tapping Agree. I clicked the button before I really considered what the upcoming change would involve, and I’m kicking myself.
At the same time, WhatsApp is one of my most heavily used apps. I use it to keep in touch with family, friends, inumerable school and parent chat groups, and even to receive updates from our city about the latest COVID-19 stats.
Why I’d prefer to use Signal
When I gave this more thought, I decided it’s time to change some of that. I started switching my family over to the more secure Signal. While they are reluctant, I feel more comfortable with the switch, and I enjoy using the app. It’s a pretty good looking app, and basically works a lot like WhatsApp.
I had a few thoughts about why I prefer to use Signal, and about some of the challenges that face my efforts to convince others to do the same.
To begin with, why Signal, and not Telegram? I’m certainly not an expert on cryptography, so this is based on my limited understanding of a couple aspects of both apps:
Telegram is not encrypted by default. In this respect it is less secure than WhatsApp. See correction below
- Telegram’s encryption, when enabled, is apparently not end to end encryption, so Telegram itself has some access to your messages (this could be based on old or misunderstood information).
- Signal, on the other hand, uses established cryptography, and is end to end encrypted. This means that Signal can’t see your message content, and if you lose your device, you can lose your messages.
- There are some good reasons why you should rather use Signal anyway.
With respect to iMessage, I use an Android phone, so that’s not an option for me.
Correction: My understanding of Telegram’s encryption was incorrect. Nathan clarified this for me on Twitter:
Why change now?
I had a few thoughts about why I want to rather use Signal going forward –
- We periodically see changes to Facebook’s privacy policies that erode the protections that we once enjoyed through WhatsApp after it initially adopted Signal technology to power its encryption;
- Facebook seems to want to bring WhatsApp users more into the Facebook fold to increase value in the userbase for businesses using Facebook to sell their goods, market to users, and use their data for other data analytics (remember that Facebook data has become pretty pivotal to elections through very precise targeting);
- Despite’s WhatsApp’s assurances that this change is intended to enable businesses to provide services to users, I don’t feel comfortable just opening up my WhatsApp profile data to whichever businesses gain access to this data;
- Our kids are not actively on Facebook. We have shared photos of them in the past, and we’ve referenced them (I haven’t shared much content about them on Facebook for a few years now), but they don’t have accounts associated with their identities (one of our kids uses Instagram under a pseudonym). They don’t particularly want to use Facebook, and I don’t want Facebook to be able to collect even more, potentially very specific, data about them.
- This change also affects everyone who we are in contact with, including people who may use WhatsApp, but feel very unconfortable using Facebook itself.
(Update) As it turns out …
Not long after I published this post, I came across this Wired article by way of a friend’s tweet: WhatsApp Has Shared Your Data With Facebook for Years, Actually | WIRED that includes the following:
None of this has at any point impacted WhatsApp’s marquee feature: end-to-end encryption. Messages, photos, and other content you send and receive on WhatsApp can only be viewed on your smartphone and the devices of the people you choose to message with. WhatsApp and Facebook itself can’t access your communications. In fact, Facebook CEO Mark Zuckerberg has repeatedly affirmed his commitment to expanding end-to-end encryption offerings as part of tying the company’s different communication platforms together. But that doesn’t mean there isn’t still a trove of other data WhatsApp can collect and share about how you use the app. The company says it collects user information “to operate, provide, improve, understand, customize, support, and market our Services.”
In practice, this means that WhatsApp shares a lot of intel with Facebook, including account information like your phone number, logs of how long and how often you use WhatsApp, information about how you interact with other users, device identifiers, and other device details like IP address, operating system, browser details, battery health information, app version, mobile network, language and time zone. Transaction and payment data, cookies, and location information are also all fair game to share with Facebook depending on the permissions you grant WhatsApp in the first place.
“WhatsApp is great for protecting the privacy of your message content,” says Johns Hopkins University cryptographer Matthew Green. “But it feels like the privacy of everything else you do is up for grabs.”WhatsApp Has Shared Your Data With Facebook for Years, Actually | WIRED
I’m not sure that brings me much comfort.
Aren’t you being paranoid as usual?
Admittedly, I do have a tendency to be overly concerned about this sort of thing, as if my data has real and substantial consequence in the bigger picture. In truth, it probably doesn’t have major significance. If I deleted my Facebook and WhatsApp accounts, Facebook wouldn’t exactly shudder to a halt.
At the same time, agreeing to allow Facebook to take my WhatsApp profile data, and introduce it to Facebook’s main personal databases is a little like a person who has COVID-19 wandering into a social gathering, and infecting a bunch of their friends, who then infect their friends and family.
This is the seedy part of the network affect. Because we are all connected, Facebook (and other companies) use data points like our contacts, locations, interests, and more to connect the dots between us all, refine data targeting, and developer much clearer and more precise pictures of who we are.
Given our collective propensity to over-share on free social networks, most people won’t think twice about this change. They either assume they have no privacy, or that this doesn’t matter. I probably agree on the first point, and disagree on the second.
As for me, and my family, I’d rather limit how much data companies have access too, even if the limits are modest.
Ok, so what data are we talking about here?
Of course, all of this begs the question what data WhatsApp will share with the blue mothership. After all, WhatsApp messages still appear to be encrypted (thanks for the Signal encryption technology that WhatsApp adopted years ago). So what are we talking about?
Thanks to Apple’s insistance that developers disclose what data apps process, we can see this in app listings for apps in the Apple App store:
Compare that to what data Telegram collects about you:
This is what Signal collects about you (basically just your phone number):
And just for kicks, this is what Facebook reports about its main app:
There is a lot of data there that businesses really don’t need to have. So why do they want to share our WhatsApp data with Facebook? Well, it has to do with the emerging Shopping, Payments, and Customer Service on WhatsApp, and what I understand is a push to consolidate much of WhatsApp, Facebook Messenger, Instagram, and Facebook itself into a more unified experience.
So, are you deleting WhatsApp now?
As much as I’d like to just flip a switch, and only use Signal, it’s not practical. There are too many people who we chat to on WhatsApp who have their own WhatsApp-using networks. Most of those people will not want to give up on an app that has become a verb for them.
In a very real sense, we are all locked into WhatsApp, and the broader Facebook “family of companies”, and will remain this way for quite some time. I acknowledge that.
At the same time, I don’t feel comfortable just surrending all of my data, and our kids’ data to Facebook in quiet resignation. I can affect a small part of how my data is used, and who gets to use it. Sometimes that is all we can really do.
Perhaps change will happen in time.
So, for the time being at least, you can find me on WhatsApp as usual. I’d prefer it if you’d rather message me on Signal, though. You might even like it.