This article was originally posted on VICE Germany.
It’s time to choose a more trustworthy messenger service.
Big Tech is famous for its nefarious data collection methods. But, for whatever reason, Facebook-owned WhatsApp has flown relatively under the radar.
With 2 billion monthly users, the app is the world’s most popular messenger service. Since it implemented end-to-end encryption in 2016, people mostly trust that the content of their WhatsApp messages is secure – which seems to be true. But that shouldn’t be our only consideration when it comes to choosing a messenger platform.
End-to-end encryption ensures that no one except for the sender and recipient has access to the content of conversations – not even WhatsApp. Using any messenger without this level of encryption is like going for a hike in flip-flops: really stupid.
But WhatsApp also has its flaws. On closer inspection, user privacy and data protection are no longer its priority, and plans to merge it with other Facebook-owned services like Facebook Messenger and Instagram DMs are concerning.
Here are several reasons to cull the app from your phone and replace it with a more more trustworthy alternative.
WhatsApp really, really wants to access all of your contacts, and not just those who use the platform. According to their terms of service, users “provide the phone numbers of WhatsApp users and your other contacts in your mobile phone address book on a regular basis. You confirm you are authorised to provide us such numbers to allow us to provide our services.”
Technically, you can refuse access, but WhatsApp will reprimand you by not showing any of the names of your message threads – pretty annoying for a messenger platform – and will prevent you from making calls or starting group messages or broadcasts.
If you do allow it access, WhatsApp will be able to read the information of everyone from your gynaecologist to your dealer. There’s ongoing debate as to whether or not this is even legal under The EU’s General Data Protection Regulation, which forbids the sharing of personal data without consent. Say you know someone who doesn’t use WhatsApp, but is saved as a contact in your phone. Their phone number is shared with WhatsApp, without their consent.
For comparison, messenger app Signal doesn’t need access to your contacts list. Instead, the app converts the phone numbers of your contacts into unique character values, so-called “hashes”. Signal only knows the hashes, not the real numbers, and immediately deletes the information from its servers.
WhatsApp seems to have little interest in a similarly data-efficient solution. Its ad-fuelled parent company Facebook wants to collect as much data as possible, and by agreeing to the terms of use we grant WhatsApp the right to share information with other Facebook companies and link our phone number to our Facebook accounts. Not to mention Mark Zuckerberg’s plans to merge WhatsApp, Instagram DMs and Facebook Messenger into one monster messenger.
WhatsApp doesn’t know the content of the messages you’re sending – that’s great. But it collects pretty much everything else. According to its privacy policy, this includes “how you interact with others using our services, and the time, frequency and duration of your activities and interactions”. In other words, WhatsApp may not track what you are discussing, but they could know where you are discussing it, who with and for how long.
Depending on whether you change the default security settings, WhatsApp can see your profile picture, nickname, status and “last online time”.
Information like this is often downplayed as “metadata”, but as Edward Snowden wrote in his autobiography: “The unfortunate truth … is that the content of our communications is rarely as revealing as its other elements – the unwritten, unspoken information that can expose the broader context and patterns of behaviour.”
WhatsApp isn’t a police surveillance tool, and tech companies risk PR disasters if they work too closely with authorities. Nevertheless, under certain circumstances it is possible that investigators will request data about you from WhatsApp.
“We are prepared to carefully review, validate and respond to law enforcement requests based on applicable law and policy,” the service outlines on a page set up specifically for law enforcement authorities. Of course, this isn’t always a bad thing, considering that access could potentially help to solve serious crimes.
But the power and motivations of the police change depending on where you live – and no one can guarantee that things won’t go awry in the future, or that WhatsApp’s data treasure trove won’t be hacked by an employee.
The only data that’s truly safe is data that has never been collected. Messenger services like Signal and Threema, which collect minimal metadata and contact information, are your best options.
It’s difficult to trust the direction of WhatsApp under Mark Zuckerberg, when co-founder Brian Acton clearly doesn’t either. After selling to Facebook for a ridiculous $22 billion (£16.9 billion) in 2014, Acton abruptly split with Zuckerberg’s behemoth in late 2017 over privacy and monetisation concerns. “I sold my users’ privacy to a larger benefit,” Acton told Forbes in 2018. “I made a choice and a compromise.”
In March of 2018, he tweeted a simple message: “It is time. #deletefacebook.”
You’ve probably noticed WhatsApp serve you the occasional pop-up message, asking whether you want to save a back-up of your chat history on Google Drive or iCloud. What comes across as a nice service offering is also a trap: these back-ups stockpile your chat history on Apple and Google servers without end-to-end encryption.
“Media files and messages are not protected by WhatsApp end-to-end encryption when they are stored on Google Drive,” according to the WhatsApp FAQ page. The same goes for iCloud.
Messages with a self-destruct timer offer the best protection against this, as they’re automatically deleted after a specific amount of time. WhatsApp does not currently offer this function. Wickr, Signal and Wire all do.
WhatsApp doesn’t want to reveal how exactly it was programmed. This might sound like a security measure, but it’s actually quite the opposite. Software is safest when its code is made public – or “open source” – so that independent experts can examine it carefully for defects and potential weaknesses.
WhatsApp competitors Signal, Wire and Wickr are open source, and Threema is following suit.
There’s one major argument for using WhatsApp, which is: everybody else is doing it. And that’s fair enough – but change has to start somewhere.
Some better alternatives to WhatsApp are Signal, Threema, Wickr and Wire. Not Telegram, by the way. And if you’re into nerdy details, you can read here why even Signal isn’t perfect – because when it comes to tech, there’s no such thing as complete security.
Eliminate scheduling nightmares. Boost bookings. And spend less time on admin work each week.
Get started