What about that Whatsapp privacy policy change?

You may have heard recently that Whatsapp’s privacy policy has changed ‘for the worse’ and that it is now sharing user account information with Facebook. What’s that all about and what should you do about it?

Whatsapp is a mobile phone app that provides messaging services between users of the app. Whatsapp accounts are linked to phone numbers. Facebook is an online social media platform with 1.7 billion monthly users (as of June 2016). Facebook bought Whatsapp for US $19 billion in 2014 and now Whatsapp has over 1 billion users. Prior to its acquisition, Whatsapp charged a fee to its users – a nominal $1. After the acquisition, the fee was eliminated, leaving the company’s business model unclear to users. Whatsapp announced earlier this year that they would introduce tools to let businesses connect to users.

One of the founders of Whatsapp, Jan Koum, was born in Soviet-era Ukraine and the matter of privacy is said to be personal to him. Whatsapp now encrypts all messages that are sent between users using updated versions of the app, meaning not even the company can read messages that are sent through the app.

Why then are we so concerned? The information that Whatsapp does have is metadata – data about data. Whatsapp has the contacts on your mobile phone (required to provide its service), the time you last checked the app, the person whom you messaged, when you messaged them, how many times, etc. Go back three years and you might recall that this is the kind of data collection by the NSA that caused a huge uproar when Edward Snowden blew the lid on it.

A record of phone calls or messages between you and a specialist doctor may reveal medical concerns of yours. Phone records between two parties may allow for inferences where nothing may be relevant – or they may give away something about one’s life that one prefers to keep private. The choice of whether these matters are made known to others belong to the people whom they concern – not to an internet / communications company, the government or advertising firms. You will lose that choice if your Whatsapp account data is transferred to Facebook. Facebook is an advertising company and the metadata is going to be used to serve you with advertisements from businesses.

What causes more worry is the manner in which this has been implemented. We have the option to opt out of the sharing of account data. The opt out is designed to be easy to miss. You still have 30 days to go back and update your settings, but after that the choice to opt out is removed entirely.

But does it really matter? Many of us do share a lot of information about ourselves publicly on our social media profiles. Even the content that is restricted to ‘friends’ can be copied, screenshotted and shared by our contacts. A certain level of sagacity is called for when sharing matters that one may think are not public and that is upto your own judgement.

Take the following steps now to take control of your Whatsapp account data: https://www.whatsapp.com/faq/general/26000016

Secure messaging

We send a lot of communication over messaging services that send a few characters of text per message. Have you ever considered how easy (or difficult) it would be for someone to spy on these communications? What if the messaging service provider wanted to spy on you? The Electronic Frontier Foundation (EFF), a non-profit organisation dedicated to “civil liberties in the digital world” has some answers.

The EFF has checked a number of messaging apps against security concerns. It continues to update the list as the app owners / developers make updates to the respective apps. Things that you might want to watch out for: Skype, Whatsapp, Facebook chat and Snapchat are all built with their customers’ security and privacy as afterthoughts. Even the once-popular Blackberry Messenger is terrible at security.

The page explains each criterion in detail. I shall explain two of them right here: “Encrypted so the provider can’t read it” – consider the fact that Google scans through your conversations to know what advertisements to serve you. How about the fact that any of these providers could be served with a subpoena to have a conversation of yours made available. Properly encrypted, this becomes impossible.

“Is the code open to independent audit” – it is possible to make the claim that one has built a secure system. It can be verified that the system is reasonably secure only if the code is open to investigation by independent parties. Trusting the maker to have done it right is not something that we do in the security world.

Read all about it: EFF’s Secure messaging scorecard
Exciting news: Signal messaging app has now come to Android