Stop Trusting WhatsApp
Despite its many, many flaws, WhatsApp remains one of the most popular messaging apps out there. Debates around its security and usefulness continue unabated and some people still preach it to be the best. However, that could not be further from the truth. Though I could talk for a while about the many flaws of WhatsApp’s UX and its plentiful bugs, I’d like to instead address a common argument that I hear from people who are actually lukewarm on the app. When pressed about why they still defend a product owned by Meta, a product whose creator famously said ‘I sold my users’ privacy’, they reply with “At least it has working end-to-end encryption.”
But does it?
It’s Been Years
The most solid argument for WhatsApp’s end-to-end encryption (E2EE) claims comes from the very company that lent that encryption to them — Signal. Back when they implemented E2EE for WhatsApp in 2016, the process overseen to make sure that no tampering is involved as nobody trusted Meta even back then, Moxie Marlinspike, Signal’s former leader, confirmed that things were intact. He followed up in 2017 with a blog post, saying that he vouched for WhatsApp.
Since then, 5 long years have passed. No further confirmations have been made. In the 5 years of WhatsApp not being questioned on its claims of E2EE, users have faced a litany of security issues, questionable privacy policy changes and a general lack of communication from the company. Considering that WhatsApp is completely closed-source, meaning people cannot verify the code and behavior of the app and its servers, trusting that these 5 tumultuous years passed without any interference with E2EE on Meta’s part is a careless move.
A Face You Can’t Trust
This lack of vetting is especially concerning in light of multiple scandals where users found out that Meta was happily letting third parties track users. It’s never been a secret that Meta shares user metadata with the law enforcement, governments and others, but that aspect has been brought to the forefront as the FBI confirmed that it regularly gets information on users from WhatsApp.
However, as of late, we’ve seen more indications that WhatsApp’s E2EE might not be all it’s cracked up to be. First, news broke that Peter Thiel, notable Meta investor and right-wing lobbyist, funded a startup that developed tools to hack WhatsApp, including some alleged tampering with the app’s encryption. Then, just last month, the FBI revealed it was tracking a terror suspect via his WhatsApp, alluding to the fact that the federal agents were getting more than just metadata.
With all of these revelations, the question of why we trust WhatsApp becomes more and more pressing. How many times must Meta prove that it doesn’t hold its users best interests at heart? The company is keeping WhatsApp closed-source while evidence mounts to prove that it’s not secure and it’s up to the users to recognize when they’re being taken advantage of.
