Back to Silas S. Brown's home page
Unclarity in WhatsApp's new TermsOn 7th January 2021, WhatsApp Messenger asked me to agree to send data to Facebook. I did not.
(WhatsApp had previously asked for agreement in 2016, but at that time there had been an option for existing users to opt out. No such opt-out was available with the 2021 change.)
Although it is disputed that Cambridge Analytica really did swing two major elections in the Anglo-American world power by clever use of Facebook data, it's nevertheless clear that Facebook may be dangerously competent at mining personal data. In fact I would sooner agree to having my data looked after by an oppressive regime than by Facebook, because Facebook's data analysis skills seem stronger than that of major governments.
What I'm trying to avoid with WhatsApp is quite simple:
I do not want my account to be a "signal" in the profile analysis of my contacts.For example:
- I don't want the system to say, in effect, "It looks like you know Silas. Other people who know Silas are interested in this advert, so we'll show it to you too." That would interfere with my freedom to exchange contacts with anyone I meet without having to think "hold on---could adding this person pollute what my other contacts see?"
- I don't want the system to say "Silas himself likes this, so we'll show it to you," as that would compel me to be constantly on guard against accidentally letting their system count me as "liking" something if I'm not sure enough to recommend it to all my contacts,
- and I definitely don't want anybody to be able to trick their system into sending a specific advertisement to my contacts, as in "I don't like something Silas said, and I'll get revenge by showing this nasty advert to all his contacts."
European confusionVarious media reports said data will not be shared with Facebook for users within the EEA (strangely including Britain even after "Brexit" although I'm not sure for how long that would last), but I'd prefer to get my information by reading the agreement itself rather than possibly-mistaken reports about it.
The European version (the one that had
- this statement is not on the policy page itself, but on an auxiliary page---it's not clear that linking to it from the policy makes it part of the policy, and if it's not part of the policy then they could change it at any time without needing any further agreement from you;
- there may be a difference between sharing "your contacts" and sharing data derived from your contacts (for example, Facebook could decide to query WhatsApp about how many contacts you have that fit within a supplied cohort, which would still derive advertising signals from them without counting as "sharing" the contacts themselves);
- another FAQ entry says:
Today, Facebook does not use your WhatsApp account information to improve your Facebook product experiences or provide you more relevant Facebook ad[vertisement] experiences on Facebook. We're always working on new ways to improve how you experience WhatsApp and the other Facebook Company Products you use. We'll keep you updated on new experiences we offer and our data practices.which seems to say they will derive advertising signals from your WhatsApp data, they just haven't figured out how to do it yet,
- and elsewhere it says "Should we choose to share such data with the Facebook Companies for this purpose in the future, we will only do so when we reach an understanding with the Irish Data Protection Commission on a future mechanism to enable such use" and I'm not entirely sure the Commission can be counted on not to declare post-Brexit Britain to be out of their remit, effectively giving Facebook the go-ahead without any further consultation from us.
And would that advertising be allowed to use Contacts data as a signal? Consider:
- and the full range of Facebook algorithms should be available for this, as the wording:
"When we receive services from the Facebook Companies, the information we share with them is used on WhatsApp's behalf and in accordance with our instructions. Any information WhatsApp shares on this basis cannot be used for the Facebook Companies' own purposes."still allows WhatsApp to say "hey Facebook, here's some personal data, don't you keep it, but suggest an advertisement for this person and we'll deliver it from WhatsApp."
I don't want to agree to a policy that might allow sociograms to be used as advertising signals, and I'm not convinced this one is watertight enough.
Sorry leaving this WhatsApp group Friday when my account closes. I asked them about loopholes in new agreement that I think lets them mix our contacts' advert feeds (can't OK that with students on my phone), I suggested words to fix it, but no reply & no change, so I leave at their extended deadline to accept.In most cases I was able to use WhatsApp's "Export Chat" function to send things I needed to keep to K9 Mail and email it to myself. It was also sometimes possible to send these to Telegram (although Telegram makes it possible for all parties to delete history, so it might not be suitable for keeping agreements etc).
I'm still on phone & text, + happy to re-join group if we move it to Telegram or Signal, can help set up if needed. (Telegram has 500 million users & I've had no trouble with it for 6 years, works better than WhatsApp. Not telling anyone what to do, just reporting my personal experience.)
I then closed the account under Settings before deleting the app.
I found closing the WhatsApp account resulted in groups being informed you'd "left" but did not inform anyone sending you a message that you wouldn't receive it---any messages sent just sat as "unread" indefinitely (with no 'last seen' time on the contact). It may therefore be advisable to broadcast individual messages explaining that you're leaving.
But isn't WhatsApp end-to-end encrypted?End-to-end encryption of messages does not stop companies from analysing your contacts. Any messaging system must necessarily get data about your contacts (or at the very least the people you communicate with), so it's a question of picking one that's less likely to do something else with that data.
Incidentally, although the actual contents of messages is not my main concern here, I should still point out that WhatsApp's "end-to-end encryption" means little unless I can verify the client's source code. Skype had end-to-end encryption too, but that didn't stop them from adding 'spyware' in the client in at least one country's version---end-to-end encryption doesn't stop a proprietary client from sending a separate copy of messages to a third party. Closed-source proprietary software is never something I can fully trust: if I haven't seen the source code myself (or know a reliable person who has) then I can't vouch for it. I therefore do not consider WhatsApp communication to be any more "secret" than that of systems not featuring end-to-end encryption. If you want secrecy then use a messaging client whose source code you can verify.
Are we ``wrong'' to think it's unclear?WhatsApp never replied to me but on 11th May a German official was widely quoted as saying "even after close analysis, it is not clear what consequences approval has for users" and disallowing it in Germany, to which WhatsApp reportedly said "the Hamburg DPA's claims are wrong" so they "will not impact the continued roll-out of the update" and the wording of the new agreement was not changed.
Personally I can see why the Hamburg DPA said "it is not clear" after his "close analysis" since that is what I also felt after my own analysis. If the statement that "it is not clear" is included in what WhatsApp calls "the Hamburg DPA's claims" when it says "the Hamburg DPA's claims are wrong", then presumably WhatsApp think they can show the agreement is clear enough---and I'd very much like to read their argument if it can be made available, but meanwhile I'm not in the habit of agreeing to things I feel are unclear just because of some company's unsubstantiated implication that there exists somewhere an argument that shows I'm "wrong" to feel it's unclear. Show me the actual argument and I'll consider it---but it must be based on the actual agreement, not any other statements by the company (there's an "entire agreement" clause in there to make nothing else binding), and if it tries to tell me that the legal meaning of words is different from what I think then I'd appreciate being able to check this from publically-available legal references.
All material © Silas S. Brown unless otherwise stated.
Facebook is a trademark of Facebook, Inc.
Skype is a trademark of Microsoft in the US (but not in Europe because it was too similar to Sky).
Telegram is a trademark of Telegram Messenger LLP.
WhatsApp is a trademark of WhatsApp Inc., registered in the U.S. and other countries.
Any other trademarks I mentioned without realising are trademarks of their respective holders.