by Ayush Raj (’23) | March 1, 2021
It’s an app used by more than one billion people across the globe to stay in touch. Its users send 65 billion messages and spend more than 2 billion minutes in video and voice calls every day. In February of 2014, Facebook purchased it for a whopping $16 billion. WhatsApp needs no introduction, given the popularity it has gained over the past twelve years. However, in the past few weeks, the app’s popularity took a massive hit over privacy concerns.
On February 8, WhatsApp users were asked to accept its new terms of service and privacy policy or lose access to the app. Accepting this request, however, had some larger than usual consequences. The new terms of service and privacy policy made sharing information with Facebook mandatory for all WhatsApp users.
What kind of information is shared? According to the privacy policy, WhatsApp shares information such as account registration information (the user’s phone number), transaction data, mobile device information, business interaction information (when using WhatsApp’s business services), and the user’s IP address with Facebook. The information shared could also include the user’s profile picture. Before this update, users were provided with the option to not share any information with Facebook, complicating the matter further. For instance, in 2016, users had thirty days to opt out of sharing some or all information with Facebook. If users took the time to read the privacy policy and opt out, WhatsApp will continue to honor that. However, this feature is long gone; new or newly aware users cannot do anything about it.
What about end-to-end encryption? The messages, photos, and videos that are sent from one user to another are fortunately still encrypted, and WhatsApp or Facebook cannot access this information. They can only be viewed on the sender’s and receiver’s phones. “WhatsApp is great for protecting the privacy of your message content,” says Johns Hopkins University cryptographer Matthew Green. “But it feels like the privacy of everything else you do is up for grabs.”
Facebook reportedly will use the data it collects to enhance the user experience. This includes features such as ad customizations and integrations across Facebook’s suite of apps and products. Examples of these include friend or group suggestions on Facebook or suggested events close to a user’s location. Although these customizations benefit some users, they come with the significant sacrifice of one’s personal information.
Is there any way to resolve this conundrum? The good news: yes! There are two mainstream alternatives, Signal and Telegram. The bad news: they are not vastly superior in terms of privacy. Similar to WhatsApp, all messages on Signal, including group texts, are end-to-end encrypted. Signal Foundation cannot read these messages either. With Telegram, messages are encrypted between the user and the Telegram server, but the company in charge of Telegram can read these messages if it chooses to (unless one uses the “secret chat” feature). Telegram additionally does not offer group chat encryption. While some researchers believe Signal’s encryption protocol is miles ahead of Telegram’s, this is still a highly debated topic.
Ultimately, users have choices, albeit not great ones. While there is no single app that is ad-free, highly secure, free to use, and seamlessly integrated across all devices, it’s up to each of us to make the effort to read the fine print, understand the privacy settings, and choose the appropriate settings that work for us.