The Startup
Published in

The Startup

Frisking the New WhatsApp Privacy Policy

WhatsApp is a popular messaging app that has 2 billion users worldwide, delivering roughly 100 billion messages a day. India is by far its biggest market, with 350 million users.

An icon your grandma would recognize

It was launched in 2009, and once claimed “Respect for your privacy is coded into our DNA”. In 2014 came its acquisition by Facebook for $19 billion, and the inevitable dilution of this principle.

WhatsApp recently updated its privacy policy, allowing users time until February 8 to accept the terms. This update is largely clarification of previously vague terms, including one real change — It will now share all the data it collects with Facebook. This along with other adjustments saw the announcement face criticism like the recent Instagram update, for similar reasons — The vague terms, when spelt out, made the terms look questionable.

While I recommend you take time to read it (and every other privacy policy before signing up for something), here’s the gist:

  • WhatsApp will now share all the data it collects with Facebook. The previous privacy policy versions allowed users to opt-out of this, but not anymore.
  • Businesses on WhatsApp are free to share information — including chats — with third parties. WhatsApp is not liable for this — This data is governed by the privacy policies of said businesses (and, it follows, the third parties).
  • Facebook gets data about you from services that are linked to WhatsApp usage. For example, if you opt to ‘Share via WhatsApp’ from any other website or link your WhatsApp account to your travel/ticketing service for updates, that website/app can pass data about you to Facebook if its privacy policy allows it to.

What data is being collected?

This comment on r/privacytoolsIO is a helpful breakdown of some of the vague language, clearing up what ‘device-specific information’ is collected. For the full (and now unambiguous) list of information, you can go through the “Information We Collect” section of the new privacy policy.

Some potentially problematic items:

  • Status, profile picture, when you are online, timestamps of messaging activity, group details (Name, description and display picture)
  • IP address, location and identifiers associated with other Facebook services

So what?

This is covered in the primer for digital privacy. You can go straight to the section “Why should anyone care about online privacy?”

All this seems a bit much. I’m getting rid!

Deleting WhatsApp involves a bit more effort than simply uninstalling the app. The privacy policy is clear about this, and WhatsApp does helpfully describe the right way to go about it (iPhone and Android), should the policy seem objectionable.

What alternative do I have?

Signal (endorsed perennially by Edward Snowden) would be a good choice for your new messaging app. It is open-source, crowdfunded, and doesn’t store any media (it warns you if you try to download something to storage, in fact), device/usage data, metadata or chats. There isn’t much loss of convenience compared to WhatsApp — You get group chats, emojis, stickers, attachments, voice and video calls.

It does currently require a phone number (which Signal doesn’t link to your identity), although doing away with it would admittedly make it harder to migrate to a new messaging app (I’ve tried to get people onto Wickr, and it was a nightmare).



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Follow if you like what you read