blog/content/links/whatsapp-giving-more-time-f...

+++
title = "Commented Link: Giving More Time For Our Recent Update"
date = 2021-01-19

[taxonomies]
tags = ["privacy", "whatsapp", "facebook"]
+++

WhatsApp recently decided to change the way they allow people using their
platform, allowing Facebook to collect information. But the backlash was a bit
too much and now they are... erm... [giving more time for you to accept
it](https://blog.whatsapp.com/giving-more-time-for-our-recent-update). But some
things really don't pan out.

<!-- more -->

First of all, the next paragraphs may be the result of bad PR, but the fact is:
Some things don't look good.

For example, they mention that people are "confused" and that there is "a lot
of misinformation" floating around. But what points are people confused about?
What misinformation is being spread and what is real? Those two point are not
pointed out, so you don't know what is real and what is not.

And there isn't a single word about "change". They are not changing the wording
on their update to clear the confusing, they are not changing the update
itself. Get used to it. Accept or get out.

But, then again, that could be simply bad PR. No idea on what to do, no
experience in this kind of communication problem, so not a single word that
could give security that those changes are not what they seem.

But let me take this a bit deeper: WhatsApp is constantly reassuring that
end-to-end encryption will not change, even when you communicate with business.
The post points to their FAQ, with a link that says they are providing "more
options", but the FAQ itself shows that those are not options: It shows things
that *will* happen. If there is no selection to get out/disable these things,
it is no option at all.

And even if the conversation is end-to-end encrypted, there is no word about
metadata. Metadata is important 'cause it tells a lot without saying exactly
what. For example, in a end-to-end encrypted conversation, nobody can see what
I discussed with my (non-existent) wife, but the metadata says that our
location is not the same for a while (they don't capture your location, but a
lot can be said with your IP), there was a long discussion between us ('cause,
again, characters and number of messages is pure metadata, not the data itself)
and, for some reason, after this talk, I opened another talk with someone whose
Facebook profile says it is a Divorce Lawyer. But no, your data is safe.

Why this is a problem? One of the changes in this update is that "some
information may be shared with third-parties" and you can be sure that one of
those "third-parties" is Facebook -- although this is not troubling yet. But
imagine that I use WhatsApp to talk with my favorite vegan pizza place. Again,
metadata is shared between WhatsApp and Facebook, and now Facebook, collecting
my profile, knows that I like vegan pizza. And now there is another data point
on it. While this is not bad for me, it is bad for the vegan pizza place,
'cause I'll start getting pizza ads on my Facebook feed. This basically means
that business using WhatsApp business are shooting themselves in the foot.

Also, the wording in their "Shared With Facebook FAQ" (which is another link
away) says that business may use Facebook infrastructure to provide receipts
and chatting. But this could still be end-to-end encrypted, so there was no
change at all: Facebook would be simply a service provider for storing that
information. If instead of Facebook, WhatsApp decided to use AWS infrastruture,
there would be a change in their privacy terms?

I'm not saying that this change looks like a huge breach in our already eroded
privacy, but from 10.000 feet view, it looks like something is bad.
Commented Link: WhatsApp privacy changes 3 years ago			`+++`
			`title = "Commented Link: Giving More Time For Our Recent Update"`
			`date = 2021-01-19`

			`[taxonomies]`
			`tags = ["privacy", "whatsapp", "facebook"]`
			`+++`

			`WhatsApp recently decided to change the way they allow people using their`
			`platform, allowing Facebook to collect information. But the backlash was a bit`
			`too much and now they are... erm... [giving more time for you to accept`
			`it](https://blog.whatsapp.com/giving-more-time-for-our-recent-update). But some`
			`things really don't pan out.`

			`<!-- more -->`

			`First of all, the next paragraphs may be the result of bad PR, but the fact is:`
			`Some things don't look good.`

			`For example, they mention that people are "confused" and that there is "a lot`
			`of misinformation" floating around. But what points are people confused about?`
			`What misinformation is being spread and what is real? Those two point are not`
			`pointed out, so you don't know what is real and what is not.`

			`And there isn't a single word about "change". They are not changing the wording`
			`on their update to clear the confusing, they are not changing the update`
			`itself. Get used to it. Accept or get out.`

			`But, then again, that could be simply bad PR. No idea on what to do, no`
			`experience in this kind of communication problem, so not a single word that`
			`could give security that those changes are not what they seem.`

			`But let me take this a bit deeper: WhatsApp is constantly reassuring that`
			`end-to-end encryption will not change, even when you communicate with business.`
			`The post points to their FAQ, with a link that says they are providing "more`
			`options", but the FAQ itself shows that those are not options: It shows things`
			`that will happen. If there is no selection to get out/disable these things,`
			`it is no option at all.`

			`And even if the conversation is end-to-end encrypted, there is no word about`
			`metadata. Metadata is important 'cause it tells a lot without saying exactly`
			`what. For example, in a end-to-end encrypted conversation, nobody can see what`
			`I discussed with my (non-existent) wife, but the metadata says that our`
			`location is not the same for a while (they don't capture your location, but a`
			`lot can be said with your IP), there was a long discussion between us ('cause,`
			`again, characters and number of messages is pure metadata, not the data itself)`
			`and, for some reason, after this talk, I opened another talk with someone whose`
			`Facebook profile says it is a Divorce Lawyer. But no, your data is safe.`

			`Why this is a problem? One of the changes in this update is that "some`
			`information may be shared with third-parties" and you can be sure that one of`
			`those "third-parties" is Facebook -- although this is not troubling yet. But`
			`imagine that I use WhatsApp to talk with my favorite vegan pizza place. Again,`
			`metadata is shared between WhatsApp and Facebook, and now Facebook, collecting`
			`my profile, knows that I like vegan pizza. And now there is another data point`
			`on it. While this is not bad for me, it is bad for the vegan pizza place,`
			`'cause I'll start getting pizza ads on my Facebook feed. This basically means`
			`that business using WhatsApp business are shooting themselves in the foot.`

			`Also, the wording in their "Shared With Facebook FAQ" (which is another link`
			`away) says that business may use Facebook infrastructure to provide receipts`
			`and chatting. But this could still be end-to-end encrypted, so there was no`
			`change at all: Facebook would be simply a service provider for storing that`
			`information. If instead of Facebook, WhatsApp decided to use AWS infrastruture,`
			`there would be a change in their privacy terms?`

			`I'm not saying that this change looks like a huge breach in our already eroded`
			`privacy, but from 10.000 feet view, it looks like something is bad.`