Perhaps you’ve seen the latest commercials on WhatsApp, and how it offers privacy to you when you message people through it. WhatsApp is a company owned by Meta (Facebook). But can you trust WhatsApp and Meta?
No, you can’t.
There are multiple pieces to this puzzle. First, in order to be truly private, the message itself, with text/video/audio attached, needs to be exchanged in a way that the platform (WhatsApp) can’t read it. Period. This is not the case with WhatsApp.
When someone reports a message as violating the platform’s rules, the system takes multiple messages and unencrypts them for review. That’s not end-to-end encryption.
Here’s an excerpt from the ProPublica article that is telling:
This forwards five messages — the allegedly offending one along with the four previous ones in the exchange, including any images or videos — to WhatsApp in unscrambled form, according to former WhatsApp engineers and moderators.ProPublica
Second, there’s ‘metadata’ about your messages. Metadata data is basically data about data. A good analogy is information written on the outside of an envelope, along with your DNA on the stamp, and your fingerprints on the envelope as well. A text message includes the phone number you’re texting, your phone number, your profile image, and other things about your device and the context of the message. You’d think that wouldn’t be a big deal, but it is because you can tell a lot about yourself by who, how often, and when you text people. Surveillance!
Apps that care about your privacy will minimize the metadata that they collect.
From the ProPublica analysis of WhatsApp, the metadata that they capture includes:
- names and profile images of a user’s WhatsApp groups as well as their phone number
- profile photo
- status message
- phone battery level
- language and time zone
- unique mobile phone ID and IP address
- wireless signal strength and phone operating system
- A list of their electronic devices
- Any related Facebook and Instagram accounts
- The last time they used the app and any previous history of violations
That’s alot of stuff, but from the ProPublica article: Gen. Michael Hayden, former director of both the CIA and NSA, went even further:
“We kill people based on metadata.”
The fact that they can look at messages at all (setting aside the metadata part), means that it’s not truly end-to-end encryption. We can argue about definitions, but the whole point of claiming end-to-end encryption is that NO ONE can read your messages except for you the person(s) you send messages to. Period.
It’s not simple to provide true end-to-end encryption. There are some companies that do much better than WhatsApp, today I’d recommend Signal (and be sure to donate as they’re non-profit).
So who can you trust with your online identity?
This is a question I’ve struggled with myself, and especially after I created the MeUs concept, created to help people take back their online identity and eliminate the surveillance by companies and the government to the degree they wish. How can you convince people to trust you? I’m not a celebrity and a millionaire, I’m not on Facebook or Instagram so I have no following, so how can I get people to share things about themselves and have confidence that their information will be protected?
MeUs Identity, allowing users to control their own data, is the basis for TrueNews.global as well, as we ‘eat our own dog food,’ creating a unique independent relationship between MeUs (where you register as a person) and TrueNews (where you have an alias and optionally sign comments/news items with your real name).
The only answer I’ve come up with is to be as transparent as possible, have independent reviews done of the technology, partner with the right technology products and use my 30+ years of experience to ensure they do all the rights things to protect my peoples (users) data, and help to educate everyone by helping make the technical accessible.
The full ProPublica article referenced above is here (please support them too): https://www.propublica.org/article/how-facebook-undermines-privacy-protections-for-its-2-billion-whatsapp-users