It says it's end-to-end encrypted.
Whatsapp is closed source and made by a advertising company. Wouldnt really count on that
Edit: Formatting
this post was submitted on 23 Oct 2023
68 points (90.5% liked)
Privacy
39971 readers
132 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
Saying they do E2EE but not doing it would be a literal massive scale fraud. Can't say I put Meta past those behaviors to be fair though lol
But as the other guy said, metadata is already a lot.
They would just say that they have a different definition of E2EE, or quietly opt you out of it and bury something in their terms of service that says you agree to that. You might even win in court, but that will be a wrist slap years later if at all.
No single individual will beat a corporation as large as Facebook in a court battle. You could have all the evidence in the world and they'll still beat you in court and destroy your life in the process. It took a massive class action lawsuit to hold them accountable for the Cambridge Analytica case, and the punishment was still pennies to them.
Look at the DuPont case. There was abundant evidence that they were knowingly poisoning the planet, and giving people cancer, and they still managed to drag that case on for 30 years before a judgement. In the end they were fined less than 3% of their profit from a single year. That was their punishment for poisoning 99% of all life on planet earth, knowingly killing factory workers, bribing government agencies, lying, cheating, and just all around being evil fucks. 3% of their profit from a single year.
“We just capture what you wrote and to whom before it gets encrypted and sent; we see nothing wrong with that” —Mark Zuckerberg, probably
They don't really need the actual contents of your messages if they have the associated metadata, since it is not encrypted, and provides them with plenty of information.
So idk, I honestly don't see why I shouldn't believe them. Don't get me wrong though, I fully support the scepticism.
All they need is the encryption key for the message, and it's not the message itself.
If they keys are held by them, they have access.
When you log into another device, if all your chat history shows up, then their servers have your encryption key.
load more comments
(2 replies)
This is what I came to express as well. Unless the software is open source, both client and server, what they say is unverifiable and it's safest to assume it's false. Moreover, the owning company has a verifiable and well known history of explicitly acting against user privacy. There is no reason to trust them and every reason not to.
The biggest problem is that it uploads your entire contact list and thus social network to Facebook. That alone tells them a lot about who you are, and crucially, also leaks this information about your friends (whether they use it or not).
With contacts disabled it's a pain to use (last time I tried you couldn't add people or see names, but you could still write to people after they contacted you if you didn't mind them just showing up as a phone number).
It still collects metadata - who you text, when, from which WiFi - which reveals a lot. But if both you and your contact use it properly (backups disabled or e2e encrypted), your messaging content doesn't get leaked by default. They could ship a malicious version and if someone reports your content it gets leaked, of course, but overall, still much better than e.g. telegram which collects all of the above data AND doesn't have useful E2EE (you can enable it but few do, and the crypto is questionable).
It's owned by Meta, you better forget about privacy lol!
Is Facebook bad for privacy?
Whatsapp is Facebook. Literally. Whatsapp sold themselves to Facebook.
So yes: it's bad for privacy.
TL;DR: Yes it is, it's terrible. What would you expect from a Facebook product? Use Signal instead.
Thank you, but I'm looking for actual arguments that would sway someone that is trying to come to a rational conclusion. "The reputation of the company is bad" is of course valid evidence, but it would be much more interesting to know what Facebook actually gains from having users on WhatsApp.
First, it is very likely that the WhatsApp encryption is compromised, it definitely shouldn't be trusted, as it is completely proprietary and thus not transparent to users and independent auditors. Also, unlike Signal, WhatsApp doesn't encrypt any metadata. The biggest source of WhatsApp user data for Facebook though are address books. When you grant WhatsApp permissions to access your contacts, that data is sent to Facebook servers unencrypted. That way, Facebook can see the names and phone numbers of all of your contacts. This is not just bad for you, it's also bad for everyone whose phone number you saved in your address book, their data is sent to Facebook, even if they don't use any Facebook services themselves. Also, when you have WhatsApp or any app installed on your phone, it by default has access to many things that you can't control or restrict. For example, it can access some unique device identifiers and look at stuff like the list of apps you have installed on your phone or access sensors like the gyroscope and accelerometer which can absolutely be used to track you. It's better to keep shady apps like those made by Facebook, Google, Amazon, Microsoft or other surveillance corporations off your devices. Use FOSS alternatives with a proven track record like Signal if they are available.
load more comments
(2 replies)
It might be E2EE but it's not encrypted on your phone and it's closed source. How do you know they don't send the conversation data to their company? How do you know they don't get the encryption keys to decipher the messages for them?
How do you know they don't get the encryption keys to decipher the messages for them?
My guess is that they just capture keywords before you send it. They don't need to read the contents of the sent conversation when both parties to the conversation are using an app they own. They can detect keywords before sending, log and report them, then send the message encrypted. No need to retain encryption keys since they already extracted what they want.
load more comments
(2 replies)
Are you really asking about privacy of a Facebook's app?
Are you going to be flippant or help educate the person?
The answer is: Yes, WhatsApp is bad for privacy.
While the messages itself are encrypted, the WhatsApp App itself can still collect data from you from the Device your using it on:
- Phone number
- operating system
- associated contacts Etc.
And given this is a Meta owned company, we can probably assume they profile you from that.
If you're on Android, the E2E is meaningless as WhatsApp can read what you type, just as the Facebook app can, since they have keyboard access.
I don't know that they do this, just saying it's a leak point, and since it's Meta/Facebook/Zuckerberg, well, let's just say I'm a bit cynical.
Your address book is uploaded to Facebook servers when you use Whatsapp. And each time you interact, they know with who and link this information with other profiles and users of the Meta products.
That's what they say. ~~Meta~~ Facebook already lied before countless times, so who knows.
(You can google Facebook lawsuits. The number of the results is scary.)
Yes.
WhatsApp Moderators Can Read Your Messages - https://gizmodo.com/whatsapp-moderators-can-read-your-messages-1847629241
load more comments
(5 replies)
Yes
view more: next ›