Respect for Privacy is Coded into Our DNA — Delusion or Reality?

“Committed to user privacy” — WhatsApp

Nishi Agrawal
The Pragyan Blog
9 min readJan 23, 2021

--

In 1981, Steve Jobs famously compared computers to “bicycles for the mind”. Today, imagining life without computers is out of the question. When it became impossible to continue with conventional routines at work or schools, thanks to the pandemic, technology played a significant role in coming up with new possibilities. As telecommunication is becoming more digitalized and computer-oriented with each day, it is facing new challenges as well.

“Sorry, something went wrong!” — YouTube

“505. That’s an error” — Google

Amazon’s cloud computing services faced an outage for nearly 5 hours on November 25, following which Google’s cloud services suffered a significant outage on December 14, which led to a failure of all G-Suite services. On one hand, some had to face problems like an incomplete email, a YouTube crash, a Google Doc that suddenly stopped working. Many, on the other hand, flooded Twitter with memes and sarcasm over the issue.

A meme posted on Twitter after the Google Cloud services stopped working (Source: Justin Sullivan/Getty Images)

Social media has an answer to our problem of not being connected while sitting at home. But it, in turn, brings with it other complications like the overabundance of resources, which makes it hard to search for reliable ones. It has also raised stress and health issues, and posed challenges to one’s privacy!

Have you ever received such messages and wondered why you received them? Is someone randomly texting people or was your contact shared by a known source? Is it not bothersome?

Frequently we see advertisements by the government and various other private companies to not trust any unknown texts, emails, or calls that ask for personal information or ask you to follow some unknown links. But do you think that we are still safe, even if we follow these guidelines? Each day millions of people face fraudulent occurrences across the globe, and we are equally at risk. The internet is flooding with data and information. Our data is a treasure to cyber thieves, and the personalization of services serves as the bait for us!

Security breaches in the past

Over 4,70,000 links to private groups on WhatsApp were recently leaked, where anyone could join any private group on WhatsApp by making a simple Google search. The incident happened when Google indexed the links, which made them available to the public. Imagine the scenes if someone barges into one of your private groups on WhatsApp, starts making random comments, and even after removal, the person continues to message the group members. Sounds terrifying, right? Well, this was something that actually happened, and cases such as this have not been out of the ordinary in the history of social media. .Last year, over a thousand people were exposed to spyware, after which the Central Government took action and warned the company to strengthen its security and ensure privacy for its users.

What is end-to-end encryption?

WhatsApp is currently the most popular messaging app with over 2 billion active users. One of the reasons behind this lies in the fact that it provides default end-to-end encryption to its users. End-to-end encryption is a feature that eliminates the man-in-the-middle situation. The sender and the receiver have unique security keys associated with their accounts which are used to encode and decode the messages being sent. This prevents any unauthorized person in the middle to read the chats.

Image Credits: ThamKC

This functionality provided by WhatsApp makes sure that no one can read or listen to the messages in between but only the sender and receiver. The company also extends this feature to group messages by default.

WhatsApp at 2:00 am

The next day, I see an ad from Amazon in my Instagram stories. This advertisement is promoting the same pair of shoes that my brother shared with me yesterday on WhatsApp. Now, this was something unexpected, wasn’t it?

When I choose to backup my messages in Google Drive, I give it access to my messages as WhatsApp does not provide end-to-end encryption for messages when backed up.

WhatsApp clarifies to the public that either Facebook or even WhatsApp itself cannot see a user’s location in its security update. If you look at the detailed privacy policy, it says that it keeps track of the user’s precise location. It also says that if a user chooses to share their location with another contact, WhatsApp has to access it. But then, it clarified that the location-sharing is end-to-end encrypted. The whole thing is so confusing. How do we decide what the truth is? Let us find out!

Recent updates in the privacy policy

The privacy policy update from WhatsApp gave additional information on handling data and updated new commerce features. Let us have a look at the new commercial features introduced.

If you choose to interact with Shops, your shopping activity can be used to personalize your Shops experience and the ads you see on Facebook and Instagram. Features like these are optional and when you use them, WhatsApp will be completely transparent in showing how your data is being shared with Facebook.

The new ‘Shops’ feature on WhatsApp (Source: WhatsApp Blog)

Did you notice that features such as this are optional? What if we want to use this feature, but at the same time, we don’t want to compromise our privacy? Before coming to any conclusions, we need to know what data is shared and how we are affected.

Key points to be noted

The data shared by WhatsApp with Facebook companies include our account registration information (phone number, profile picture, bio/about), transaction data (if a user uses WhatsApp payments’ service), service-related information, mobile device information, and IP address.

Messages, including media, location, and contact details that we share with private groups and contacts, are end-to-end encrypted until a backup is created.

If we share any links from any shopping websites in our private groups or chats, in no way does it mean that Facebook will track it down, as messages are end-to-end encrypted, and thus one should not confuse the updates on new commerce features as an attack on personal chats.

When we choose to interact with Facebook shops by using WhatsApp as a medium of interaction, our data can be used by the business for data analysis and commercial purposes. This data includes your contact number, about/status, profile picture, and messages you sent to that particular business account. Again, it is up to us to continue interacting with them and sharing our personal information through WhatsApp. If you are thinking about using the WhatsApp payments service, do have a look at this.

There is no change in the data being shared with Facebook after the policy updates; instead, there are changes in how the data will be used further, which was already being shared, as already mentioned above.

The users aggressively reacted to these updates. Have we never used any shopping sites before? Have we not shared our addresses, credit card details, or contact details ever before? We have also allowed them to personalize our experience based on our shopping carts and Google Search history. But why does this appear scary when WhatsApp introduced it? The reason behind this lies in the fact that they have made too many assumptions before looking deeper into the matter.

Data collected v/s data stored v/s data shared

Let us head back to our earlier question. There was a lot of confusion about the location information used by WhatsApp.

When we share our location with someone through WhatsApp, what exactly happens? We let WhatsApp collect the information, encrypt it, and send it to the recipient. This information was collected but not stored by WhatsApp. Instead, when we allow it to access device location through the device settings, that information can be used by WhatsApp.

Similarly, the messages, media, external links, etc., are not stored by their servers, but the service-related information such as the time and frequency of services used can be reserved. So, one must not confuse between the data collected, the data stored and the data shared by the company.

Comparing alternatives

The discussion does not end after looking at the updates on WhatsApp alone. Let us have a look at the alternatives available in the market currently.

When WhatsApp complained about Apple’s iMessage not having a privacy label, this was how Apple responded.

Difference between the metadata collected by iMessage and WhatsApp, Credit: Apple App Store ‘Privacy labels’ (Source: 9to5mac.com)

The above picture makes WhatsApp look worse as you compare both options.

“Asking for too many permissions is dangerous; these permissions can be misused as an exploit to access more device components, such as call logs, phone numbers, and browsing history”, ESET malware researcher Lukas Stefanko explains.

WhatsApp has been questioned about privacy and suspected of sharing information since 2014 when it became a part of Facebook Companies. People had already been suspicious about Facebook since the introduction of the Off-Facebook activity feature. If you are already a Facebook user, have a look at this.

Comparing the metadata collected by Signal, iMessage, WhatsApp, and Facebook Messenger (Source: 9to5mac.com)

The social media giant Facebook is no less than a data machine. But when we compare platforms such as Signal, where not even a user’s contact number is linked to them, the decision-making process seems to be easy. Even Elon Musk tweeted on the issue and told people to “Use Signal.”

There is one more popular messaging service with more than 400 million active users, Telegram. But if you are thinking of switching over to Telegram from WhatsApp, this would be nothing but a regressive move. “The lack of default end-to-end encryption gives users a false sense of privacy,” warns security analyst John Opdenakker. Telegram does not provide default end-to-end encryption to its users. Though users can chat using the private chat feature, which offers end-to-end encryption, the feature is still not extended to groups or channels.

“Telegram mingles messaging methods that are end-to-end encrypted with others, such as normal chats and channels, that are not. Most people won’t tell the difference, opting for a feature that is less secure.” said one of the scientists, Tommy Mysk.

There is one more thing that needs to be considered — WhatsApp allows a backup of messages in cloud services based on the user’s choice, Telegram backs it up in their servers, and Signal does not store any messages at all because of security reasons. Hence, in terms of privacy, Signal seems a better option, followed by WhatsApp.

The need to switch.

Now since we have looked at the policy updates from WhatsApp, analyzed how our data is being collected, stored, and shared by various platforms and also the risks associated with it, the question arises, do we need to switch? Well, again, it depends on how we use these services and for what purposes. If you are already a Facebook user, changing the messaging app alone would change very little. WhatsApp continues to be the most simple, reliable, and the world’s largest messaging platform to offer free default end-to-end encrypted messaging services. While Signal does promise more privacy than WhatsApp since it collects less metadata from users, it is fully open-source and hence vulnerable to security researchers.

Science is nothing but an answer to the questions we throw at life. With time, we are entering deeper into the world of technology. Researchers are working on making the dream of the unhackable internet come true. It aims to enable an inherently secure connection and hence the messages sent over should also be totally secure. Until then, none of the platforms that are available in the market currently guarantee 100% secure service.

All we can do is to prevent partial information from becoming fodder to confusion and chaos. By laying out facts and spreading reliable information, we can help others make an informed decision as well.

--

--