And if so, why exactly? It says it’s end-to-end encrypted. The metadata isn’t. But what is metadata and is it bad that it’s not? Are there any other problematic things?
I think I have a few answers for these questions, but I was wondering if anyone else has good answers/explanations/links to share where I can inform myself more.
TL;DR: Yes it is, it’s terrible. What would you expect from a Facebook product? Use Signal instead.
Thank you, but I’m looking for actual arguments that would sway someone that is trying to come to a rational conclusion. “The reputation of the company is bad” is of course valid evidence, but it would be much more interesting to know what Facebook actually gains from having users on WhatsApp.
First, it is very likely that the WhatsApp encryption is compromised, it definitely shouldn’t be trusted, as it is completely proprietary and thus not transparent to users and independent auditors. Also, unlike Signal, WhatsApp doesn’t encrypt any metadata. The biggest source of WhatsApp user data for Facebook though are address books. When you grant WhatsApp permissions to access your contacts, that data is sent to Facebook servers unencrypted. That way, Facebook can see the names and phone numbers of all of your contacts. This is not just bad for you, it’s also bad for everyone whose phone number you saved in your address book, their data is sent to Facebook, even if they don’t use any Facebook services themselves. Also, when you have WhatsApp or any app installed on your phone, it by default has access to many things that you can’t control or restrict. For example, it can access some unique device identifiers and look at stuff like the list of apps you have installed on your phone or access sensors like the gyroscope and accelerometer which can absolutely be used to track you. It’s better to keep shady apps like those made by Facebook, Google, Amazon, Microsoft or other surveillance corporations off your devices. Use FOSS alternatives with a proven track record like Signal if they are available.
I understand they have access to all this information you listed, but what do they gain from that if I don’t use any (other) Facebook services? Normally, I understand that it allows for better ad targeting, but WhatsApp does not have ads, and if I don’t use any other Meta services that actually serve ads, how could this info being out be a problem for me?
Facebook has your address book, so they have the phone numbers and names of all of your friends, work colleagues, family members and other people you happen to know. They can see your entire social graph. This kind of metadata is extremely valuable. If you just have the phone number of someone in your phone book who at some point becomes a terrorist, you are now also under full investigation. I don’t know about you, I find this scary and dystopian, but unfortunately it’s real. If someone you know does something that’s wrong, you are now also a suspected criminal. Metadata is sometimes even more valuable than the actual data itself. To quote the former NSA director Michael Hayden: “We Kill People Based on Metadata”. Especially since the Snowden leaks we know that we should protect ourselves from corporate/government overreach and surveillance and the best way to do this is avoiding proprietary software. FOSS is superior in any way: It’s built by voluntary individuals who just want to help out other people and try to make the world a better place, it’s transparent to the user and can be verified, you have the freedom to do with it whatever you want. We really shouldn’t be supporting multi-billion dollar corporations lead by weirdos. Did you know that Mark Zuckerberg bought all the land around his house, so that none of his neighbors can see what he is doing for privacy reasons, while he probably caused the biggest invasion of privacy in the last decade? We shouldn’t be supporting such people. We really shouldn’t.