The source content for blog.juliobiason.me
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

3.6 KiB

+++ title = "Commented Link: Giving More Time For Our Recent Update" date = 2021-01-19

[taxonomies] tags = ["privacy", "whatsapp", "facebook"] +++

WhatsApp recently decided to change the way they allow people using their platform, allowing Facebook to collect information. But the backlash was a bit too much and now they are... erm... giving more time for you to accept it. But some things really don't pan out.

First of all, the next paragraphs may be the result of bad PR, but the fact is: Some things don't look good.

For example, they mention that people are "confused" and that there is "a lot of misinformation" floating around. But what points are people confused about? What misinformation is being spread and what is real? Those two point are not pointed out, so you don't know what is real and what is not.

And there isn't a single word about "change". They are not changing the wording on their update to clear the confusing, they are not changing the update itself. Get used to it. Accept or get out.

But, then again, that could be simply bad PR. No idea on what to do, no experience in this kind of communication problem, so not a single word that could give security that those changes are not what they seem.

But let me take this a bit deeper: WhatsApp is constantly reassuring that end-to-end encryption will not change, even when you communicate with business. The post points to their FAQ, with a link that says they are providing "more options", but the FAQ itself shows that those are not options: It shows things that will happen. If there is no selection to get out/disable these things, it is no option at all.

And even if the conversation is end-to-end encrypted, there is no word about metadata. Metadata is important 'cause it tells a lot without saying exactly what. For example, in a end-to-end encrypted conversation, nobody can see what I discussed with my (non-existent) wife, but the metadata says that our location is not the same for a while (they don't capture your location, but a lot can be said with your IP), there was a long discussion between us ('cause, again, characters and number of messages is pure metadata, not the data itself) and, for some reason, after this talk, I opened another talk with someone whose Facebook profile says it is a Divorce Lawyer. But no, your data is safe.

Why this is a problem? One of the changes in this update is that "some information may be shared with third-parties" and you can be sure that one of those "third-parties" is Facebook -- although this is not troubling yet. But imagine that I use WhatsApp to talk with my favorite vegan pizza place. Again, metadata is shared between WhatsApp and Facebook, and now Facebook, collecting my profile, knows that I like vegan pizza. And now there is another data point on it. While this is not bad for me, it is bad for the vegan pizza place, 'cause I'll start getting pizza ads on my Facebook feed. This basically means that business using WhatsApp business are shooting themselves in the foot.

Also, the wording in their "Shared With Facebook FAQ" (which is another link away) says that business may use Facebook infrastructure to provide receipts and chatting. But this could still be end-to-end encrypted, so there was no change at all: Facebook would be simply a service provider for storing that information. If instead of Facebook, WhatsApp decided to use AWS infrastruture, there would be a change in their privacy terms?

I'm not saying that this change looks like a huge breach in our already eroded privacy, but from 10.000 feet view, it looks like something is bad.