WhatsApp assures users that no one can see their messages — but the company has an extensive monitoring operation and regularly shares personal information with prosecutors.
@chiefstorm
link
517d

Hah… trusting facebook not to put spying devices into whatsapp was never a good idea. Although, I am partial towards open source programs, for good reasons.

@AgreeableLandscape
admin
link
718d

Can we undermine Facebook already? Please?

@OprahsedCreature
link
113d

To be fair, they did that to themselves just fine. By existing.

riccardo
creator
link
3
edit-2
19d

From the article:

Clarification, Sept. 8, 2021: A previous version of this story caused unintended confusion about the extent to which WhatsApp examines its users’ messages and whether it breaks the encryption that keeps the exchanges secret. We’ve altered language in the story to make clear that the company examines only messages from threads that have been reported by users as possibly abusive. It does not break end-to-end encryption.

It should be no surprise that messages reported by users are forwarded to Facebook’s moderators as plaintext so they can evaluate whether the report is legitimate or not. It should also be pretty straightforward that once an encrypted message reaches the receiver’s device, the client has access to the plaintext data to show to the user (and can do whatever it wants with it as long as nobody notices). We didn’t need this investigation to know these two claims are true.

However, the article brings up some interesting details about how this data is handled and packed together with users’ metadata:

Artificial intelligence initiates a second set of queues — so-called proactive ones — by scanning unencrypted data that WhatsApp collects about its users and comparing it against suspicious account information and messaging patterns (a new account rapidly sending out a high volume of chats is evidence of spam), as well as terms and images that have previously been deemed abusive. The unencrypted data available for scrutiny is extensive. It includes the names and profile images of a user’s WhatsApp groups as well as their phone number, profile photo, status message, phone battery level, language and time zone, unique mobile phone ID and IP address, wireless signal strength and phone operating system, as a list of their electronic devices, any related Facebook and Instagram accounts, the last time they used the app and any previous history of violations.

It is no news that WhatsApp can access a ludicrous amount of metadata and can share them with Facebook (in non-European countries), but it’s interesting to see this practical usage being disclosed for the first time. More on this:

U.S. law enforcement has used WhatsApp metadata to help put people in jail. ProPublica found more than a dozen instances in which the Justice Department sought court orders for the platform’s metadata since 2017. These represent a fraction of overall requests, known as pen register orders (a phrase borrowed from the technology used to track numbers dialed by landline telephones), as many more are kept from public view by court order. U.S. government requests for data on outgoing and incoming messages from all Facebook platforms increased by 276% from the first half of 2017 to the second half of 2020, according to Facebook Inc. statistics (which don’t break out the numbers by platform). The company’s rate of handing over at least some data in response to such requests has risen from 84% to 95% during that period.

[…]

WhatsApp has for years downplayed how much unencrypted information it shares with law enforcement, largely limiting mentions of the practice to boilerplate language buried deep in its terms of service. It does not routinely keep permanent logs of who users are communicating with and how often, but company officials confirmed they do turn on such tracking at their own discretion — even for internal Facebook leak investigations — or in response to law enforcement requests.

@Helix@feddit.de
link
318d

It does not break end-to-end encryption.

Well, in my opinion, it kind of does, since it doesn’t notify the user that their messages are being forwarded.

company officials confirmed they do turn on such tracking at their own discretion — even for internal Facebook leak investigations

Oh, I’m sure, that never caused any problems in the past. Just like it never caused problems at other companies like Apple or three letter agencies like the NSA.

@ethicallypulmonary
link
217d

Well, in my opinion, it kind of does, since it doesn’t notify the user that their messages are being forwarded.

That’s more than Signal does. This is not a typical feature; I can’t think of an end-to-end encrypted messenger that does do this. If you want to make this argument, all end-to-end-encrypted messengers must be broken because the person who receives the message can then send it to anyone else without your knowledge, or take a photo. It’s trivial.

@Helix@feddit.de
link
114d

The thing is that this can be triggered externally. It’s not the user forwarding to another user, it’s the company having a spy feature built in.

@tomtom
link
214d

well it seems like they track the unencrypted metadata and share it with law enforcement. i wouldn’t necessarily consider this breaking end to end encryption…

there is a separate issue with the “reporting” feature where the other end can voluntarily send your (decrypted) messages to facebook for content moderation. i dont think the article claimed that decrypted messages were being automatically sent…

@Helix@feddit.de
link
114d

it seems like they track the unencrypted metadata and share it with law enforcement

Not only that, but a machine learning algorithm “reports” messages. That’s the problem here, not the user reporting.

@tomtom
link
115d

lol nice point

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 38 users / day
  • 83 users / week
  • 215 users / month
  • 618 users / 6 months
  • 3490 subscribers
  • 1892 Posts
  • 8440 Comments
  • Modlog