What’s up with WhatsApp

Over the past few days, there has been a massive backlash over WhatsApp’s updated privacy policy in India, becoming a matter of concern for the instant messaging giant and prompting it to issue full front-page ads on all major newspapers in the country.

WhatsApp’s front page ads clearly indicate how the giant is scared of losing one of its largest consumer base in the world. Imagine waking up to a day where you won’t be receiving ‘Good Morning’ messages on your family WhatsApp groups, no matter how cringe-worthy they are. And what about WhatsApp University, the one true source of verified facts and information (sarcasm intended) for millions of Indians?

While there are tons of messaging apps on the app store, no other app has been able to capture the market like WhatsApp. WhatsApp today is no less than a necessity like the proverbial ‘Roti, Kapda, Makan’ (food, clothes, shelter) with it’s voice/video calling features becoming more popular than the traditional network calls.

WhatsApp’s success is attributed to its no-ads policy, easy to use interface, and seamless messaging between individuals and groups. We are all used to the dark green background filled with icons and it’s going to be difficult to break up with WhatsApp. Amidst privacy concerns, Indians have started migrating to Signal/Telegram, and every other day I receive a text from someone stating how I won’t find them on WhatsApp anymore. The whole thing has turned into a huge memefest.

Let us leave the memes aside for a moment and come to the bigger question here: Do you really care about your privacy or you are just jumping on the bandwagon to look cool? In this issue, let us first understand what WhatsApp’s new privacy policy means and what data it does/doesn’t collect and then address the question of privacy.

The whole Issue/Confusion, Explained!

A few days ago, WhatsApp started rolling out an in-pop stating that it is updating its terms and privacy policy and urging its users to agree to the new policy by February 8th 2021 (has been pushed to May after backlash) if they don’t want to be kicked out.

The updated terms of service can be found here. Broadly, the updated policy has more information on how WhatsApp handles your data and shares it with parent Facebook (they believe they are being more transparent because of these changes), and how you communicate with businesses on WhatsApp.

Frankly, not much has changed then how it was earlier, except that Facebook is working towards its goal of unifying Messenger, Instagram, and WhatsApp and making the latter a seamless platform for businesses and transactions.

So, what exactly went wrong? With the changes reflected in the privacy policy, people thought that Facebook would now be able to read their chats and messages and thus their privacy would be breached. What followed has been a result of utter confusion and misinformation because WhatsApp did a sloppy job in explaining the changes first-hand.

First, let’s take a close look at the journey of WhatsApp and Facebook and what information they collect and then clear the confusion.

Facebook, WhatsApp, and what they are collecting from you?

Since Facebook bought WhatsApp in 2014, it let WhatsApp operate independently which allowed the platform to grow and acquire billions of users worldwide. However, in recent years as Zuckerberg’s influence grew heavier and concerns about FB’s position on user data and its handling grew, the founders Jan Koum and Brian Acton had a falling out and left the company in 2018. For them, the privacy of the users was of utmost importance and they didn’t want to compromise on their values. Their stance has always been on how privacy is encoded in WhatsApp’s DNA.

Facebook also became a subject of numerous controversies especially the confusion around the manipulation of voters data before the 2016 presidential election and the whole Cambridge Analytica thingy. This further created the perceived mistrust among its users. The bottom line is that many people claim to not trust Facebook with their data.

With Facebook trying to integrate the messaging services between Messenger, Instagram and WhatsApp requiring immense efforts, many felt that the security of WhatsApp will be compromised and the centralized control of data with one company could be dangerous.

In 2016, WhatsApp founders announced that they are introducing end-to-end encryption for all communications on their platform and no one, not even WhatsApp employed would be able to read the messages between two people. Later that year, WhatsApp shared that it would share the phone numbers and user analytics data with Facebook to improve its operations.

Therefore, we have been knowingly or unknowingly sharing a lot of information with Facebook since 2016. Before we go onto what information you are sharing, it is important to know FB’s business model which is based on getting people to interact more with their website and display targeted ads to users on the basis of their interests.

WhatsApp on the other hand has always been ad-free with little focus on money making, but it had to start sharing information with Facebook to allow the company to gauge how users interact with the messaging platform and allow businesses to contact the customers directly through their platform. The move was the first towards monetizing WhatsApp.

Thus, they updated their privacy policy in 2016, post which FB would have access to the user’s phone number and usage analytics that it would use to improve its services such as better suited ads or suggestions. WhatsApp also announced that the data sharing would help in fighting spam text messages on its platform. However, you had the option to opt-out of disclosing this information to FB. It is ‘this’ option that the recent policy changes withdraw, making it mandatory for all its users to share the information.

So here’s all that FB collects:

  • Your phone numbers
  • How often you use the app i.e. time, frequency, and duration
  • How much you interact with personal account vs. business accounts
  • How much time you spend on voice/video calls and other people’s status updates
  • Your location (even if you have it turned off for your device, it can access it via your IP address)
  • Your device’s properties: screen resolution, battery levels, network operator, etc.

While most of these are usage and log information, some of them do raise a few eyebrows, for example, your location can be pinpointed without your approval. Moreover, you might not want the app to have access to your device features.

What’s changing and what’s not?

As mentioned above, with the new policy, WhatsApp now reserves the right to share your data with Facebook which earlier you could opt-out from, and is now mandatory for everyone to use its services. The policy states:

“WhatsApp receives information from and shares information with, the other Facebook Companies. We may use the information we receive from them, and they may use the information we share with them, to help operate”

Another point to note here is that the option of opting out earlier didn’t mean that Facebook wouldn’t collect information, it would still collect information but it wouldn’t use it to improve its services to show you targeted ads or friend suggestions based on your contact lists. So, basically, WhatsApp is not removing the option to refuse to share your data with Facebook, that option was never there! That’s why once again I’d iterate that not much has changed.

Here’s what WhatsApp has responded:

The whole policy update is a step further in monetizing the platform by allowing you to interact with businesses efficiently. And frankly, this move was hinted because WhatsApp added a shopping button to allow users to view the business catalogs to view the products and services offered a few months ago and soon started rolling out payments feature to all users which were earlier accessible only to business accounts.

WhatsApp would still be free of third-party ads but you could interact with these businesses in the platform itself. Again, FB’s revenues come mostly from ads and it wants to use how you interact with businesses on WhatsApp to serve you more targeted ads on Facebook and Instagram, that’s all there is to this puzzle.

How these policy changes come into effect can be illustrated with a few examples:

Case A: You are browsing Instagram and come across a backpack ad that captures your interest. You follow up by clicking on the ad with a button to message on WhatsApp and thus redirected to the WA businesses account where you can pay for the product using WhatsApp Pay.

Case B: You are browsing through a business’s catalog on WhatsApp and you’ll start seeing those products ads on Facebook and Instagram.

So, these changes reflect the interweaving of different Facebook platforms and the possibility of making commercial transactions over them. The winners here are businesses that can use the new features to communicate and sell better to their customers (prospective) across platforms.

Since these businesses could use your information for their marketing purposes, your privacy gets somewhat compromised, but this is only for your chats with business accounts.

For your personal chats, WhatsApp maintains that they are completely safe and you shouldn’t worry. Check this infographic that WhatsApp has on its website to clear the rumors:

WhatsApp chats have end-to-end encryption which means that for each and every chat there’s a unique lock and the key to that lock is only with the individuals involved in that chat as shown below. Whatever you type gets encrypted when it’s sent to the other person, the encryption key that the receiver has on his/her end is the only key that can decode the message.

So neither WhatsApp nor Facebook can see or read your messages, a feature that WhatsApp boasts off and never plans on compromising, you can see the lock for yourself if you open the chat window and tap on your friend’s profile. When you tap on the lock, it will give you a numeric code and a QR that you can scan from your friend’s phone to verify that your messages are end-to-end encrypted.

WhatsApp also maintains that unlike network operators, they don’t store logs of whom you voice/video call because it’s going to be a challenge for them to store that data both storage and security-wise.

Now coming to the location part is tricky, that’s why they say ‘shared’ location which means that whatever location you share in the chat can not be accessed by them though they have access to your IP to get your location as I said earlier.

They have also said that they don’t access your contacts list to share with Facebook but only so that WhatsApp can identify what other numbers have a registered WhatsApp account and you can identify and message them easily.

Among other points are how groups remain private and have the same end to end encryption of private chats. WhatsApp recently included the disappearing messages which have been there for a long time in Telegram that allows you to self-destruct your messages after a time interval set by you. Further, WhatsApp payments are UPI enabled and have their own separate privacy policy which is not at all affected by these changes.

Why is the policy different globally?

Another matter of concern is the difference in WhatsApp’s privacy policy globally which is a result of the difference in privacy and data laws among countries. WhatsApp released separate privacy and data sharing policy for Europe which does not require EU users to share their data with Facebook for the purpose of Facebook using this data to improve its products or ads.

Soon after the policy changes were announced, the Indian government said that it’ll look into the issue and question WhatsApp on why its policy in India is different from Europe. This also called for the need for better data and IT laws in the country from legal and privacy experts.

The reason why the policy remains unchanged in Europe is due to the presence of stringent privacy laws (read General Data Protection Regulation) in the EU which can fine companies up to 4% of their global revenue if they breach it.

When the changes first happened in 2016, even then European antitrust authorities had raised concerns and fined FB $134 million for misleading them during its takeover of WhatsApp because the social media giant had then stated that it wasn’t technically possible to combine WhatsApp with its other services (which is now its main goal with this update).

The GDPR requires that service providers collect only that information that is essential to provide their services else they’ll be liable to a hefty penalty. Unlike the EU, Indian doesn’t have such strict laws and the Data Protection Bill is still sitting with the joint commission of parliament.

We do have an IT act (2000) in place which requires businesses to take user’s consent before collecting information and ensure security measures to protect it, however, it’s enforcement remains an issue that we must resolve in days to come.

How much do you really care about your Privacy?

Now that you have a fair understanding of the issue, let’s come to the question of your digital privacy.

The Internet is an open medium and the growth of internet-connected devices has been on the rise across the globe. As long it’s on the web, there are chances that someone else can access it, so what do you do?

Most of us use Google from Search to Gmail to YouTube on a daily basis, we have digital and home assistants to make our lives simpler but do we ever pay notice to how much our information is getting collected on a daily basis? We don’t, unless you have always been particular about your privacy at an almost paranoid level (because that’s how others will perceive you).

If you’ve watched Snowden or The Social Dilemma, then you might be slightly aware of what the actual scenario is and how all of our data is in danger. It’s indeed true that the big companies are after your data and are tracking your browsing habits and basically everything that you do on the internet. It would be fair to say they know more about your nature than most of your friends. There’s a reason that people have started selling their digital identity for money because of how much demand is out there for your data.

Will simply switching from WhatsApp to its rival apps ensure your privacy? You know very well that it’s not enough but announcing that you’re switching to Signal on WhatsApp is the thing at the moment, so why not?

Don’t get me wrong here, I’m not against people switching to Signal, I’d advise it too but I’d say don’t just stop there. If you really care that much about your privacy, you need to take other steps as well. In this section, I’ll cover some aspects of other apps and the steps that you need to take for a digital private life.

Switching to Signal

Coming to the heat of the moment, one of the platforms that have benefited the most out of this whole WhatsApp privacy policy is Signal, a messaging app owned by a foundation created by Brian Acton, WhatsApp’s founder. The platform has also seen a surge in downloads after Elon Musk asked his followers to switch to Signal.

The number of downloads went so high that the app claimed the №1 spot in the free app category in app stores in India and other countries. Signal is solely focused on privacy and one of the testimonials on its site is by Edward Snowden himself. The app runs on donations rather than advertisements so there’s really no emphasis on making money.

With the tagline of ‘Say Hello to Privacy’, Signal too has end to end encryption, in fact, WhatsApp’s end to end encryption are based on Signal protocol. It’s pretty much same like WhatsApp in terms of features, you can voice/video call, individually reply to messages and so on.

The big difference is that it doesn’t collect any information apart from your phone number and occasionally use the numbers in your contact list to identify other Signal users. That’s all, everything else is end-to-end encrypted including your profile name and picture.

Among other privacy features is ‘Relay Call’ where your calls go through a Signal server so that your IP is not revealed to the contacts. You can also turn off ‘typing’ and ‘online’ indicators when chatting, a feature that hasn’t yet come to WhatsApp.

Signal maintains that it does not sell or monetize your information and your data is all stored on the device only, it can’t be backed up to the cloud nor stored on Signal’s servers (except for some encrypted that is sent to devices that are temporarily offline).

Moreover, Signal is only meant for personal communications and you cannot interact with businesses unlike WhatsApp, hence it steers clear of all the fiasco surrounding WhatsApp.

Tips for a Digital Private Life

Switching to Signal could be the first step towards a private digital life but if you go to the Apps section of your phone settings you’ll be able to find what access/permissions they have. There are a lot of apps on your phone that are collecting a lot of information (almost all of them take log and usage analytics) and we subconsciously keep on checking the boxes and allowing them permissions to do the same without going through it. When was the last time you didn’t sign up to an app because it needed access to your contacts?

As I said earlier, if you are on the paranoid level about privacy, you’ll delete all your accounts and go completely off the grid. But most of us can’t do that because we are after all social creatures and we seek meaningful connections.

So here, I present some simple tips that you can take into consideration towards your digital privacy:

  • Ditch Google Search. Use Duckduckgo instead, it doesn’t track you!
  • Uninstall the apps that you don’t need. Install apps from trusted and verified developers. If you can do something on a browser, avoid getting the app for it
  • Review your app permissions, uncheck the ones that you don’t want your apps to access
  • Don’t give location access to websites/apps. If they need a location to function, they’ll usually have an option to manually enter the location
  • Choose the right browser. The fact that Chrome collects a lot of information is not hidden, you could Firefox instead which has inbuilt tracking protection and put much more focus on user privacy or use Tor browser that offers complete anonymity
  • Avoid browsing with your social media accounts signed in, they are tracking whatever you browse. You would have seen smartphone ads popping on your FB feed after you spent some time finding the right phone for you
  • Advanced levels of privacy including installing a VPN that masks your digital fingerprint
  • You could also ditch Gmail and use ProtonMail developed by CERN and MIT scientists offering better encryption for your mails

These are only a few points to keep in mind, the list could be endless given how much we use the web today.

Now, if you are making the move to Signal from WhatsApp and communicating that on Facebook and Instagram then how does it even matter? They aren’t reading your messages anyway, so if you are active on FB/Insta, you might as well be on WhatsApp.

I agree that it’s a great way to look cool & join the trend but you should take appropriate action with all other apps as well if you truly care about your privacy.

However, sharing this article will definitely make you look cool. Please go ahead ;)

//All thoughts are based on observations online from different sources, please confirm facts before you reuse it. I haven’t verified all sources.

If you found value in this newsletter, consider sharing it with your friends, or subscribe if you haven’t already. Also, I’d love to hear your thoughts in the comments below 👋

Originally published at https://ayushj.substack.com.

I love solving hard problems. Democratizing opportunities for developers at pesto.tech