The WhatsApp Scare and Signal

Tech journalism gets a lot of things wrong, including alarming people of WhatsApp new privacy policies. I’m glad Shira from NYT did a bit more honest reporting. Let’s talk about this for a minute.

Shira opens with a good explanation:

“WhatsApp’s policies changed cosmetically and not in ways that give Facebook more data. The bottom line is that Facebook already collects a lot of information from what people do on WhatsApp.”

Scanning the new policy, I got the usual goosebumps I get whenever I read this kind of policies telling me what they can do with my data. But nothing unexpected there. Nothing new. WhatsApp is owned by Facebook. Facebook livelihood has always been sucking its users' data dry and selling to the highest bidder without getting caught, or getting caught to the point of manageable damage control. And when you’re a multi-billion dollar company, manageable damage control can be almost anything.

Shira lays out the information WhatsApp has on its users by linking to an article originally published in 2016:

“WhatsApp won’t share messages that people write or who is messaging who, but it will share people’s phone numbers as well as analytical information, like how often they open the app, their operating system, screen resolution, and their mobile carrier. That information could be used by Facebook to, for example, target people with ads and make friend recommendations.”

Why 2016? Because that’s when Facebook started collecting the information about its users the way people think it does today. In other words, not a whole lot changed since then, and if you’ve been using WhatsApp all this time thinking your information is not on Facebook’s servers somewhere, well…

But that’s the problem right there. People don’t read privacy policies, and even if they try, they don’t understand it. Our default behavior is to accept all the legal mambo jumbo because hey, your mom is on the other end waiting on a video chat because it’s COVID and that’s the only app she knows how to use. So what can you do?

So yes, Facebook does have your phone number, it knows where you’re calling from because it has your IP address and probably cell tower information with signal strength (so they can help the quality of the call, of course). They know what phone or computer model and maker you’re using, they know who you’re talking to, they know if you video chatted them for an hour or just text-messaged them for a second and probably a whole lot more from their sophisticated algorithms that calculate all the data folks have been pumping into it since 2016 without a second thought. The one thing it doesn’t have is the actual conversation, or what most folks refer to when they think of “their data”. Why? Encryption turned on by default. Or so it says in the app, if you trust dear ol' Mark. So no, Facebook cannot read your chats1.

Look, I’m far from being a Facebook fan. I enjoy thinking about Facebook scrambling around looking at the torrent of people leaving just because they re-worded a few things on their privacy policy. But this is where me and Shira part ways. It seems she goes out of her way to explain how this is Facebook’s fault for misleading people and being a terrible greedy company. It’s Facebook’s fault, not the innocent users who do not know any better. The poor innocent sheep.

When you wake up at 10 AM late to work because of a hangover from a party your friend threw last night, it’s your fault. Not your friend. No one forced you to be there, even if “everyone you know” were there. The blame is on you, pal. The users should have known WhatsApp is owned by Facebook, should have known what Facebook’s motives are. These two things are far from secret. At least have some common sense to, say, turn location sharing off or not share sensitive PDFs using the service.

Last night, Signal stopped working for many folks including me due to “technical difficulties” which have yet been fully resolved. It seems this is the result of so many people running away from WhatsApp because the sheep got the idea that suddenly Facebook is a bad company that grabs their data and can read their chat. I’m grumpy, and I’m tired of stupid.

First, as we’ve said, Facebook cannot read your data, not the kind of data most people think about when they say data, anyway. Second, you’re using the wrong service. Signal is still a private company. You still don’t own your own data, not any more than you do on WhatsApp. Third, temptation and greed is a human condition. Signal invests in new infrastructure to handle all the new users. It wants them to feel at home, so it adds features. Then it will get the “we’re a social platform” disease like so many others before it and will either get bought or just sell out its users. It won’t happen tomorrow morning, but I’ve seen it happen too many times to believe this time will be different.

The problem is not WhatsApp or even Facebook. The problem is people being uninformed, as they always are, and then be surprised and angry when they find out. WhatsApp in itself is a great chat app with many options that makes it easy and accessible to everyone, partly because - yes - integration with Facebook. All you need to do is to be smart about it, be informed, and use the service. Don’t let the service use you.

Why is this news to anyone?


  1. It’s pretty well-known at this point that WhatsApp’s backups are not encrypted. So this means if you back up your conversations to iCloud or Google Drive or similar, that backup of everything you’ve been saying is not encrypted. Ironically, the folks who have first dibs on that data would be Apple or Google. ↩︎