16

WhatsApp is enforcing a new controversy privacy policy that, as far as I understand, shares data from your chat messages with Facebook to provide you with "tailored ads" on Facebook.

How can WhatsApp share this information with Facebook, if the messages are encrypted end-to-end?

Does it mean that the messages are encrypted in my phone, sent encrypted (with the key to decrypt) to Facebook for targeting Ads, and another message is sent with the key to decrypt to the cellphone of the person I'm having a chat with?

Lucas Bustamante
  • 534
  • 3
  • 13

2 Answers2

27

  1. End-to-end encryption means that your message is encrypted and decrypted locally on your and your recipient's devices, using an encryption key that is known only to you and your recipient.

  2. WhatsApp claims to have implemented the "open-source Signal encryption protocol" (which works as described above), but since WhatsApp's actual source code is closed, there is no way to verify that claim. It's like putting a transparent fish bowl in a wooden crate: could be a goldfish, could be a piranha. There is no way of knowing.

  3. Think of an end-to-end encrypted message as of Alice sending a number-locked safe to Bob by a mail service. Alice puts the safe in a cardboard box, writes down Bob's address as well as her own, and delivers the package to the mail service. Now imagine that prior to sending the number-locked safe, Alice met Bob in private, and whispered in his ear that the secret code to unlock the safe is 654321. It means that neither the postal service, nor any thief who may somehow steal Alice's package on the way, has the ability to see what's inside the safe. Unless they know the secret code, the package is nothing more than a piece of metal junk to them, no matter how long it is stored in the postal office and no matter how many hands it exchanges before reaching Bob. Once Bob receives the package, only he can unlock the safe, because only Alice and Bob know the secret code. This is exactly how end-to-end encryption works.

  4. So privacy guaranteed, right?Not yet. Your postal service actually knows that Alice has sent "a package" to Bob. It knows their real names and addresses. It knows how late the package was sent and received, and at which location. It also knows exactly the weight of every package. This information is called raw metadata.

  5. You may think that raw metadata does not tell much on it's own, and you might be right. But because the postal service stores records of every delivery for every client for eternity, it can then analyze metadata to find patterns. Information such as day of the week, time of day, location, (shared) addresses, package weight, (ir)regularity of communication, etc., can all reveal a colossal amount of personal information, if properly analyzed.

Example: Alice and Bob exchange many packages every Wednesday and Friday evening between 21:00 and 22:00 PM. Coincidentally, it's exactly the time that Alice's husband Carlos is training at his gym. This package-exchange is then followed by Alice and Bob both sending packages from the same location at a nearby motel from 14:00 to 16:00 PM every Saturday (which coincidentally falls within the timeframe of Carlos being out fishing with his friends). Postal service also knows that the regularity of this pattern is interrupted when Carlos skips gym or stays home on Saturday.

  1. Now, The Postal Service has revealed something very specific about Alice and Bob — without ever opening a single package! Also note that The Postal Service now even knows something personal about Carlos. And now imagine that The Postal Service decides to partner up with a local Market to sell that information to anyone. Even though Alice is engaged in morally unacceptable activities in my example, she does not deserve to potentially get blackmailed by a malicious fourth party who has purchased her secret on the Market, does she? Please also note that even poor Carlos could suffer from this blackmailing, or potentially get blackmailed himself with this information — which would be devastating.

  2. This is simply an illustration of just one of a million ways how analyzed metadata can reveal personal information without the need of direct access to message content. Keep in mind that the same methods can — and will be — used to hunt down and identify human rights activists, whistleblowers, journalists and minorities. If this (meta)data is sold, than private institutions and foreign governments will gain access to the finest details of your private life, to a degree eventually exceeding human imagination (thanks to AI algorithms). These are essentially the dangers of WhatsApp sharing metadata with Facebook, since Facebook is extremely good at analyzing (meta)data and is known for selling it to third parties.

pure.by
  • 831
  • 7
  • 6
  • 1
    In police investigations, metadata often tell more to the investigators than the actual content of eg. telephone calls. The information that person A, who is (for example) a suspected murderer, called person B who is a relative of the murder victim shortly before the murder happened, is usually much more worthwhile than the information what were they actually talking about. – raj Jan 21 '21 at 14:57
  • Can metadata also mean, that Whatsapp is kind of "tagging" the messages and send this information to the server? If the messanger app analyzes the texts locally (on the phone) and only sends tags like "Metallica", "shopping", "encryption", "politics" or "dogs", then it technically does send the texts end-to-end encrypted, but the topics of conversation are still easily logged as well. These tags could be encryted as well, but with a key that is available to the server. – jusaca Jan 21 '21 at 15:21
  • 1
    @jusaca Well, that would not fall under the definition of "metadata" any more, that would be a "backdoor". Metadata includes technical information like phone numbers, timestamps, IP addresses, geolocation, message size, etc. What you described is not technically impossible, however I don't believe it's implemented for a couple reasons: if such a backdoor is implemented, they may as well send a full copy of every message — why bother with just "the label"? And second, as duly noted by raj above, it's just unnecessary: raw metadata tells everything, if you can properly analyze it. Which FB can. – pure.by Jan 21 '21 at 15:39
  • 1
    Interesting. So WA claims to implement end-to-end encryption. By your very good explanation, the two ends must have exchanged keys via a separate channel. But I don't remember to have ever exchanged any kind of key with my peers. Does this mean WA simply sent the keys through its own server, thus defying all the end-to-end encryption? – Ruslan Jan 21 '21 at 20:42
  • @Ruslan Yes, "the secret 654321 code" from my example IS communicated through WhatsApp servers. However, that does NOT mean defying e2e-encryption at all — there are very sophisticated encryption algorithms at work that can guarantee that the encryption key is passed on 100% privately though virtually any server. That is: if the encryption protocol is properly implemented. My point is: there is absolutely NO WAY of knowing HOW EXACTLY WhatsApp (or Signal Messenger itself, for that matter) have implemented the encryption protocol in their applications that you download from Play/AppStore. – pure.by Jan 21 '21 at 21:44
  • 1
    Few comments here: 2/ yes, you cannot take a look inside the box, however WA has (ongoing?) deal with security experts and academics that check that what's in the fishbowl is actually a goldfish. 5/ data like that is not stored for eternity, there are timelimits on all personal data, unless required to provide service (e.g. FB posts are expected to be available until you delete them or your account, but deleted posts or deleted message threads are deleted (eventually - commonly in 90, often 30 or less days) – Faboor Jan 22 '21 at 10:48
  • 1
    6/ FB, Google, Amazon NEVER give out this data (raw or deduced) to "The Market". It is this data that makes their ad targeting better, if they give it out, they would straight up compromise their (advertising) market advantage. Nor do they use the data like that anyway. Motel advertisers can come and say "Please show my ad to people who might be interested in staying in my motel" or "who has stayed in a motel in past 1 year". What FB does NOT do is tell them "Try message Alice and Bob". If they did, anyone could then recreate their targeting and suddenly the advertisers go elsewhere cheaper. – Faboor Jan 22 '21 at 10:58
  • @Faboor Regarding [5]: You are confusing Personal Data and Metadata. The timeframes from Privacy Policy that you are citing do not apply here, because metadata is exactly what falls under the category "required to provide service" from your own example. Also, private data can often be "anonymized" so the Privacy Policy limitations are no longer applicable. "Anonymized" data can often be easily deanonymized at any later moment. Nobody knows for sure what data FB stores and for how long, but given it's their bread and butter, it's not unreasonable to assume no information is ever really deleted. – pure.by Jan 23 '21 at 16:18
  • @Faboor On [2]: this is a textbook example of "after investigating itself, the committee concluded there were no wrongdoings committed" :-) However, I am very interested in any sources that you can provide on that claim. On [6]: Well, that's like saying that a baker will never sell you all the bread, because you could then start your own bakery — it's just silly :-) Besides, exactly what you are claiming in capitals "NEVER happens", has already happened before: Cambridge Analytica scandal. And this is just one incident that leaked and became public knowledge. – pure.by Jan 23 '21 at 16:44
  • @pure.by On [6]: Cambridge Analytica was using existing API to get information from users that consented (plus some info from friends which is a much bigger issue). This wasn't CA coming to FB to buy user data. Remember the Farmville type games or those annoying quizzes. CA was basically that - users click Yes for some bs app and they pull those person's data - which notably doesn't include anything FB gets from tracking - only on FB user activity such as like or (and this is an issue) their friends list. – Faboor Jan 24 '21 at 13:38
  • @pure.by [6 continued] - Baker analogy fails. To make money, baker has to hand the product away. In case of FB however, no data has to be given away. FB analyses what data they have and act on it themselves. The service they provide isn't data collection, but targeting. – Faboor Jan 24 '21 at 13:54
2

They can't read the messages.

I'd avoid the notion of "sharing with Facebook" as WhatsApp is Facebook. Instead I'd focus on what's used for advertisement targeting.

Here, metadata (data about the message, not it's content) that they are able to and already are collecting (e.g. who you're sending messages to and when) have been used for various things (e.g. preventing grooming by pedophiles), but not for advertising.

The new policy is controversial, because it technically allows this metadata to be used for advertising as well. They claim this only metadata that is going to be used this way your communication with business using WhatsApp - if you message a bike repair shop, expect to ads see ads for new bikes on FB or mobile apps using Facebook's ads services. But Facebook still wouldn't be able to read the messages, they just know you've now showed interest in bike repair - same as if you went to/liked the shop's Facebook page.

Additionally, businesses on WhatsApp will be able to store the message logs (not sure what this includes) on FB's servers for better access to them - also securely and without FB reading them.

Here's a twitter thread of Head of WhatsApp Will Cathcart explaining some of it: https://threadreaderapp.com/thread/1347660768225841152.html

The Verge article with explanation and sources: https://www.theverge.com/2021/1/12/22226792/whatsapp-privacy-policy-response-signal-telegram-controversy-clarification

Faboor
  • 128
  • 4
  • 3
    "_I'd avoid the notion of "sharing with Facebook" as WhatsApp is Facebook_" I could be wrong, but isn't WhatsApp its own separate entity owned by Facebook _(if so, that statement isn't factually accurate)_? Assuming it is a separate entity, it's not as simple as "WhatsApp is Facebook", being similar to Alphabet and Google, PhillipMorris and Kraft, AT&T and DirecTV, Disney and Marvel, etc. While each may be owned by a parent company, the acquisition company is still its own entity and data sharing between the two must still adhere to the acquisition company's ToS and Privacy Policy. – JW0914 Jan 21 '21 at 13:18
  • 1
    @JW0914 You are right in theory, however practice might often be the opposite. Once a company is acquired by another organization, that organization has all the material power to appoint their agents (personnel or directors) to occupy any position within their child company. This, of course, may still not mean that a physical server with $100000 market value can be sold for $1 between child and parent, but regarding any digital data (which can be easily shared) there is no easy and transparent way of stopping the parent organization from acquiring and processing all the child data. – pure.by Jan 21 '21 at 21:12
  • In theory yes, and it likely does happen at companies, however there are legal and monetary consequences for doing so, as the ToS and Privacy Policy aren't just words, they're legally binding contracts between the service & user and violation of such contracts can be extremely costly _(e.g. the $5B fine leveled against FB for the Cambridge Analytica scandal)_, bringing unwanted regulatory attention to the offending company. Whether such potential consequences matter monetarily to large companies like FB, where $5B is a drop in a bucket, is debatable, but they do care about being regulated – JW0914 Jan 22 '21 at 12:29