Changes in WhatsApp’s Privacy Policy

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with.

In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice. Some of the data that WhatsApp collects includes:

  • User phone numbers
  • Other people’s phone numbers stored in address books
  • Profile names
  • Profile pictures and
  • Status message including when a user was last online
  • Diagnostic data collected from app logs

Under the new terms, Facebook reserves the right to share collected data with its family of companies.

EDITED TO ADD (1/13): WhatsApp tries to explain.

Posted on January 11, 2021 at 6:17 AM42 Comments

Comments

Winter January 11, 2021 7:19 AM

I understand that the privacy policy will not change in the EU due to the GDPR.

ht tps://digit.fyi/facebook-to-access-whatsapp-user-data-except-in-europe/

Goat January 11, 2021 9:17 AM

Its unfortunate that I am forced to use whatsapp for education and work purposes, I can use this new policy as a tool to push people into signal.. I would resist facebook until I can..

I literallly am poetic about this.

Impossibly Stupid January 11, 2021 11:27 AM

@Petre Peter

I feel betrayed by technology.

Why? Absolutely nothing about this has to do with a change in technology. The problem is not the tool, it’s that the people using the tools are sociopaths. Stop giving them power, and stop associating with those who seek to give them power.

jdgalt1 January 11, 2021 11:53 AM

What we need is a good inclusive list of all companies that participate in or help enable “cancel culture” so that we can boycott them all.

Wild_Bill January 11, 2021 2:13 PM

I am very curious: What do you all think about the risks & benefits of the Signal app on Win10?

Maratin January 11, 2021 2:44 PM

Whatsapp is free…right? Then of course the publisher collects and sells user information. That’s what any rational thinking person would expect. To think otherwise is naive / stupid on the users part.

Clive Robinson January 11, 2021 4:33 PM

@ Wild_Bill,

What do you all think about the risks & benefits of the Signal app on Win10?

If Win 10 is not secure, then it matters not a jot how secure Signal is in it’s various components.

That is true of all current supposedly secure messaging apps.

As we know the overwhelming probability is that Win 10 is most definately not secure, and it’s basic design indicates it never can be.

So, with access to the secure messaging app through it’s User Interface or other system interfaces then any security the app had is bypassed.

So the question you should realy ask is “If Win 10 is insecure and it probably is, do I have any privacy or security?”

To which the answer to both privacy and security is “probably not”. Even if you use the app only when your device is not online, it’s not terribly difficult to make some form of recording malware that can make the offline recordings available when you do go online again…

Secure apps are neither private nor secure when running on a device that has an available communications path and the secure apps insecure interfaces running on it.

Anything else you’ld like to know on the matter?

Arizona-NewMexico January 11, 2021 5:27 PM

@Goat
Its unfortunate that I am forced to use whatsapp for education and work purposes

I was on a situation where I sort of had to use WhatsApp because of a group of friends wanting me in it. What I had was a slightly older smartphone without any contacts, photos or SIM card. I installed WhatsApp on that (I received the activation code on my active phone and just entered it on this otherwise dormant phone).

Only drawback is that its a bit of a hassle to remember to turn it on to see the actual messages.

com January 11, 2021 5:33 PM

@Maratin
Whatsapp is free…right? Then of course the publisher collects and sells user information. That’s what any rational thinking person would expect. To think otherwise is naive / stupid on the users part.

And that justifies it? Of course everyone is free to leave that app too. Anyway there is no law/rule that just because an app is free then of course they collect and sell data.

JonKnowsNothing January 11, 2021 6:48 PM

@Maratin @com

re:Security by purchase is no security either

Neither “free” nor “purchased” have any guarantees of being free from data collection.

Many “purchased” apps/programs only turn off NagWare-Ads. They still collect your data and may still sell it to anyone they chose.

“Free” apps/programs maybe hiding behind reams of TOS/EULA and binding-clauses to limit your knowledge of where and what they do with the data.

There is a current court case exploring the extend of “click to accept” TOS/EULA when the user has no clue what the document includes or has any way to exclude objectionable clauses (One way contract). Even TOS/EULAs that force a “page down to sign” event, are in question, again because the user doesn’t read the terms or have meaningful two-party negotiations.

Some of this is due to the affects of the “binding arbitration clauses” currently popular in such contracts that are intended to limit court redress or challenge.

The only safe app is: The one you do not use, The one you do not install.

You are not safe even so, as noted, Good Friends include you in their unsafe practices.

Goat January 11, 2021 6:49 PM

@Arizona that seems like a good idea, I can do it while I convince people but ultimately I wish to get rid of this tool of exploitation.

@Maratin, Whatsapp is non-free but zero price. Proprietary software quite often does come with mal-features, even if it’s paid eg. Windows. That said we must donate to signal to keep their incentives aligned

Goat January 11, 2021 9:31 PM

@xcv What we must understand here is that though the government should not surveil on it’s own citizens, just making the govt stop isn’t a solution.

Most online social media exploits people over money, this may only stop when the incentives are well aligned, throwing a boatload of legal-ease would just help fill the lawyers coffers and the draconian jargon would engulf every allowance they can.

We must understand that these businesses are behavior manipulation machines. No one agrees to use of their information for and in advertising when they are sane.

As far as my opinion is concerned legalizing substance abuse is not the solution to any problem(many eminent people’s arguments have failed to convince me), though changing the response to the sufferers may be. In reality there exists such trade in the real world which goes unabated quite often while propoganda on online vigilance due to trade of such substances continue.

Ismar January 11, 2021 11:24 PM

Makes perfect sense as you pay for software either directly by money or indirectly by data and being forced to endure the adds, which makes me wander what business model Signal relies on ?

Clive Robinson January 12, 2021 12:41 AM

@ Goat, xcv, ALL,

What we must understand here is that though the government should not surveil on it’s own citizens, just making the govt stop isn’t a solution.

Making the Government stop surveiling on their citizens will be hard enough. In all probability impossible.

It does not matter if we like it or not, “we the people” have given Governments power over us for Centuries. Even if we give them no more power, they can and will kill to keep the power they have already gathered by any means they can.

For instance do US citizens know just how many “Wars on …” the US Gov has actively got?

It should be easy to know, because they are under law supposed to be reviewed on a regular basis… I’ll be honest and say I’m not aware of any of these “Wars on …” being reviewed and stopped in my life time.

But whilst you can kind of see that abuse, what about “secret laws” how many are there of those?

If you try and argue with the Gov for removal of powers they will come up with excuses that they try to make sound plausable, or if not plausable have an emotional appeal that is “Think of the children” etc.

Almost inarguably that is propaganda, which in theory the US Gov is not supposed to use on US Citizens…

I could go on seemingly endlessly about the laws in place to stop Government abuse of citizen’s… But the sad truth is they just ignore the law all the time knowingly, and quite blatantly much of the time. Which in turn raises the question of what other laws are they breaking as covertly as possible?

The reasoning for this is basically given by,

1, We are exceptional, because,
2, We are the good guys, because,
3, We do things for the common good, because,
4, We have the power to do so, which makes us exceptional.

And so the argument wheel of self justification turns endlessly. In essence the argument is “Might is right” which every psychopath and school bully uses to justify doing what they want to do because they have neither morals or impulse control.

We have a saying,

“Power corrupts, absolute power corrupts absolutly”

Like many such observations it’s the wrong way around, because we hide from the truth.

The reality is “corruption seeks power by any means” that is the default state of government is “corrupt” the rest is excuses to try and hide this.

All the corrupt do is seek excuses to make what they are going to do look either a necessity, defendable, or excusable, so that people do not look, thus do not rail against them, or rise up and stop them.

The sad thing is that way to many people actually believe the excuses, they take comfort in them, and they will not just rail but rise up against those who point out the truth…

We’ve seen this cognative bias writ large over the past year with what is now a pandemic but in other areas as well.

The fundemental rule is,

“At all times, power must not just be questioned, it must not be just challenged, it must always be permanently removed when bounds are exceeded”.

If you do not think this is so, then others have made quotable quotes of that rule.

If I say “The price of liberty…” most will fill in the “eternal vigilance”, likewise “The tree of liberty” and they will fill in “refreshed with the blood”.

And many more like them, but that rule is based on a fundemental, accurate observation,

“Power is ever stealing from the many to the few”

But less pithy but more accurate was Samuel Johnson’s observation which also gave cause,

“Power is gradually stealing away from the many to the few, because the few are more vigilant and consistent.”

The rest as they say, “follows on” from this, including why you are only alowed to vote for corruptible “representatives” and even then infrequently.

Winter January 12, 2021 1:17 AM

@xcv
“Social Media or Socialist Media?”

Companies exploiting the population? News channels being controlled by their owners? From news papers printing what their owners wanted to TV channels bringing all the news their owners wanted this has been the story of the USA since the start.

That has been capitalist since the inception of capitalism.

But now, YOU want that the President can control what news can be distributed. That is more socialist than anything we have seen before.

Winter January 12, 2021 1:25 AM

@Clive
“Making the Government stop surveiling on their citizens will be hard enough. In all probability impossible.”

On the other hand, the attempt to murder elected politicians in the Capitol was caused by the government not knowing what their citizens were planning and organizing. Even more so with organized crime, companies endangering the population, and wholesale fraud in the financial sector.

To have a government means that they keep informed about what the citizens are doing.

The crucial point principles are the legal framework that enforces the rights of the citizens against the executive. It is clear that the US, like many others, is pretty bad in this respect.

RMCholewa January 12, 2021 2:26 AM

Never in our history have there been entities with…

  1. Almost unlimited resources;
  2. Access to large amounts of information / social behavior in real time, globally;
  3. Almost unlimited power due to the lack of regular, external audit;
  4. Global social compliance

Mass awareness potentially influences this in the long run, changing item 4 (social compliance), an essential part of the power equation and leading to better legislation that can go beyond privacy as a universal right (item 3).

User or Licensing Agreements are not “law”, nor are they created in our best interest. In principle, there should be no harm in that and it makes sense.

#Bigtech’s products and services exist for the benefit of stakeholders / shareholders, by capturing behavioral trends, with the intention of increasing persuasion and market share.

Causality of #bigtech products and services: profit and shareholders. The means to achieve them? Our identities, through behavioral collection and aggregation. “Social networks” do not exist, but a surveillance apparatus.

Like someone said before, most people (in fact, all of them) use WhatsApp where I live (I think Brazil is the biggest WA user worldwide). It is not a matter of simply changing to other products, but being unable to do business if I do.

What is happening right now is the change in item 4 above. We are all from infosec or tech, and most of us are aware of such implications. But we are 1% only. Without mass awareness, regulation and legislation won’t ever happen.

Winter January 12, 2021 2:36 AM

@RMCholewa and others
Note that Facebook changes the privacy policies of Whatsapp everywhere, but in Europe. The only entity that has a binding and effective privacy regime.

It shows that to curb overarching companies requires strong laws and credible enforcement, i.e., strong governments.

I have not yet seen a credible alternative to strong privacy legislation with enforcement.

CMOT Dibbler January 12, 2021 6:11 AM

Whatsapp still has end to end encryption right, so it’s kind of a big job for them to mine the data in your messages isn’t it? Or do they have a master key/backdoor?

Fair enough if you don’t want your contacts, photo and status harvested, but personally that ship has sailed.

Winter January 12, 2021 6:28 AM

@CMOT Dibbler
“Whatsapp still has end to end encryption right, so it’s kind of a big job for them to mine the data in your messages isn’t it?”

No one is interested in your writings. It is the meta-data they are after. Linking your phone number to your loyalty card(s) and your FB account and your email address, and your credit card etc. etc.

That is way more valuable than anything you will ever write in Whatsapp, combined.

tfb January 12, 2021 6:46 AM

Does anyone have a really definitive answer as to what will or will not happen in Europe, and specifically in the UK (so, outside the EU but not all the way to the dark end of the street quite yet)? By ‘definitive’ I ideally mean ‘from a technically competent lawyer or someone close to that’: there is a lot of myth and lore circulating, some of it overtly conspiratorial.

(Like many people I use better tools in my own life, but still pretty much have to touch WhatsApp with a bargepole because groups I am involved in are not technical enough to move or care. Turning contacts access for it off makes it unuseful unless you enjoy memorising phone numbers.)

Winter January 12, 2021 7:34 AM

@tfb
“By ‘definitive’ I ideally mean ‘from a technically competent lawyer or someone close to that’”

If you follow the links in this linke you will see that Facebook itself says that the changes are not effective in Europe. I suppose Facebook is some kind of ‘definitive’ source.

https://www.bbc.com/news/technology-55573149

In another message from December 2020, Fb are soooo sorry they cannot mine European data to combat child abuse.

https://about.fb.com/news/2020/12/changes-to-facebook-messaging-services-in-europe/

CMOT Dibbler January 12, 2021 8:10 AM

@ Winter.

Thanks man. You’re absolutely right, but that’s just internet SOP for any service FAANG gives for free, to us products isn’t it? Is there something more underhand to it?

P.S. I hope whenever you reassure someone you’re on your way to a meeting or late for an appointment, you message people to say Winter is Coming.

OTC January 12, 2021 12:47 PM

@CMOT Dibbler
Whatsapp still has end to end encryption right

Being that they are sharing some data then at least the bits that they share are not somehow “irrecoverably encrypted”.

And why would they ever be irrecoverably encrypted in ANY case? If your app can display your own past messages then by nature their own DB admins at least are able to do the same. Needed for law enforcement / court cases anyway.

Also WhatsApp was in the news in late 2019 because of an agreement they made in UK to share messages with UK authorities.

Facebook, WhatsApp Will Have to Share Messages With U.K.
https://www.bloomberg.com/news/articles/2019-09-28/facebook-whatsapp-will-have-to-share-messages-with-u-k-police

Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter.

OTC January 12, 2021 3:33 PM

@Winter

obviously in this case it is not that kind of end-to-end encryption. As explained in my previous post.

Winter January 12, 2021 4:02 PM

@OTC
“As explained in my previous post.”

The fact that the LEOs want it does not mean that it is currently possible.

Security Sam January 12, 2021 4:26 PM

Recent changes in WhatsApp’s
Collection privacy data policy
Has morphed in a WazUp app
That knows not which end is up.

vas pup January 12, 2021 4:41 PM

@Clive Robinson • January 12, 2021 12:41 AM
Very true!

@Winter • January 12, 2021 1:25 AM
“The crucial point principles are the legal framework that enforces the rights of the citizens against the executive. It is clear that the US, like many others, is pretty bad in this respect.” Agree 100%.

When ‘watchers’ are not watch over or being even caught got unpunished (or just get slap on the wrist) versus regular Joe/Jane for the same action going to the prison as a rule for many years, then there is no justice.

When legal framework is created by under qualified in particular special field mediocrity, you may have at as best equal implementation of basically unjust law, but no justice whatsoever.

@ALL: split Facebook and WhatsApp utilizing antitrust regulation – that is kind of remedy.

JonKnowsNothing January 12, 2021 7:23 PM

@vas pup @All

re: splitting up corporations by antitrust laws

A couple of notes:

Antitrust laws in the USA undergo regular alterations. The types of “antitrust breakups” envisioned by many cannot happen because the law has been altered specifically so it does not.

Using antitrust laws takes from 10-15-20 years of legal battles. It’s not snap-ready-bake process. During that timeframe much of whatever-it-was that got up peoples noses changes anyway; the market place changes and so the offending parts no longer offend, and quite a few proceedings end up being dropped years later.

Of course, during the years of litigation, some jobs are created and/or preserved and a few participants get richer and some of the companies have to shed a bit of wealth.

Splitting up a corporation yields: TWO corporations. Neither of which have public duty for anything such as “freedom of expression, freedom of access, freedom from excessive charges” or other guarantees in our legal system. They will be 2 (or more) corporations with 2 TOS/EULAS.

To have a more universal system you need a “public utility”, such as the phone system (POTS). During the intervening years, this has been outsourced to “corporations” that are supposed to follow “public access mandates” from the FCC. In theory, corporate approval depends on compliance with directives but in practice this is another legal-snowball fight.

So the “universal access” doesn’t happen and what’s available is controlled by the carriers just the same.

The FCC has 2 seriously competing, mutually exclusive mandates that have evolved over time. It’s super complex but if you followed any of the “network neutrality” fights, those touched on the two polar aspects of our current system. One is a Utility such as Phones (POTS) and the other pole is Not-Utility such as cable TV, broadband, etc. They have been defined to be Not The Same and have different rules that apply, legal findings, taxation and a pile up of definitions since Alexander Graham Bell first yelled into his device.

So, while you are in there considering that a quick sweep will clean up the mess, you will have to dig into the problems delineated by these two poles of service.

After that, you have to consider carefully:
  What it is you really want and
  how will you prevent the sword from changing orientation.

ht tps://en.wikipedia.org/wiki/Alexander_Graham_Bell
(url fractured to prevent autorun)

Budi Rahardjo January 12, 2021 7:37 PM

this (“Other people’s phone numbers stored in address books”) is too? I thought this one is not. They are stored in user’s phone. Unless it is backed up in the cloud. No?

moz January 13, 2021 10:12 AM

New FAQ from WhatsApp says they aren’t transferring the data; note it makes no promises about the future and is not as precise as it could be (we do not share with Facebook – what about Facebook advertisers?)

https://faq.whatsapp.com/general/security-and-privacy/answering-your-questions-about-whatsapps-privacy-policy

it’s a beginning, however the actual privacy policy https://www.whatsapp.com/legal/privacy-policy states:

We work with third-party providers to help us operate, provide, improve, understand, customize, support, and market our Services. [….] When we share information with third-party providers, we require them to use your information in accordance with our instructions and terms or with express permission from you.

and

As part of the Facebook family of companies, WhatsApp receives information from, and shares information with, this family of companies. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings.

thanks to some Slashdot comments.

Lola January 14, 2021 6:15 AM

Well, I’m curious to know if, after all Facebook’s scandalous admissions of collecting user data, are they still striving for this? WhatsApp will lose a large number of its users who will now start using other applications. However, I doubt that applications such as Telegram or Signal can really be safe. After all, when registering, they still require a phone number. I believe that an application for which personal data is not needed at all can be truly safe, for example, Utopia p2p.

JonKnowsNothing January 14, 2021 10:02 AM

@Lola

re: Data Collection

All internet companies similar to FB collect vast amounts of user data. They collect all that is legally open to them by jurisdiction and more if they can (click tracking, page tracking and if you have 2way video eye movements etc)

All such internet companies use this information to make money aka Generate Revenue.

  A) Sell to data brokers who break down the data into specific tidbits that they sell on for commercial sales uses.

  B) Sell to Law Enforcement for “command center” and tracing information. LEAs can obtain specific information by Warrant; they also buy vast amounts of data just like data brokers.

The primary difference between A and B:
  a data broker wants to sell you something;
  you won’t want to buy anything a LEO is selling.

SpaceLifeForm January 14, 2021 7:01 PM

@ Clive, ALL

If you have not bought a vowel yet, let me spell it out for you.

The Panopticon is Alive.

RSA is Dead.

It is all MITM.

Do not delude yourself.

David Frier January 19, 2021 7:45 AM

@JonKnowsNothing can you give the specifics on this court case about the EULA and the fact that nobody can realistically be expected to have read them? I have also heard about this but I cannot find any coverage.

JonKnowsNothing January 19, 2021 11:19 AM

@David Frier

My google-fu failed. Maybe someone else has a link to the litigation.

iirc(badly)
There are challenges both in USA and EU (not sure about BREXIT) and there are rulings in the USA that mostly hold EULAs to be valid. The EU is mixed on the validity.

This is being challenged because no one reads them and they have binding arbitration clauses (Amazon).

Several SCOTUS Judges admit they don’t read them either.

I think the litigation is between corporations, like Apple Store EULA/TOS kicking out apps that don’t pay Apple a 30% rake-off.

That might not be the same click-through/shrink-wrap-click aspect and more about the monopoly aspect, since side-loading is being blocked too.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.