Have you heard? If you are a user of the free messaging app, WhatsApp, then it would have been hard to miss. After their announcement in January that WhatsApp were upgrading their policy to enable a new set of features around business messaging and “make clarifications and provide greater transparency” around the company’s pre-existing policies according to Niamh Sweeney, WhatsApp’s director of public policy for Europe, the Middle East and Africa.
Viral messages spread quickly, ironically through WhatsApp itself, claiming that the app would be sharing private message data with Facebook, understandably enough this initiated an exodus, and 25 million of us switched to Telegram, another messaging app, within a 72 hour period. A PR disaster and misccomunication on an epic scale, but was it worth it, and if we haven’t already moved, should we bother?
This week WhatsApp published a blog post in an attempt to calm the waters. “We’ve reflected on what we could have done better. We want everyone to know our history of defending end-to-end encryption and trust we’re committed to protecting people’s privacy and security.
We’re now using our Status feature to share our values and updates directly within WhatsApp. We’ll be doing much more to make our voice clear going forward. WhatsApp say that they are “building new ways to chat or shop with a business on WhatsApp that are entirely optional. Personal messages will always be end-to-end encrypted” meaning that the App cannot read messages.
What does end to end encryption mean?
End-to-end encryption is the act of applying encryption to messages on one device such that only the device to which it is sent can decrypt it.
What should you do?
If you are a WhatsApp user, then keep an eye on their status on the app. “In the coming weeks, we’ll display a banner in WhatsApp providing more information that people can read at their own pace. We’ve also included more information to try and address concerns we’re hearing. Eventually, we’ll start reminding people to review and accept these updates to keep using WhatsApp.” In the end though, if you want to continue to use WhatsApp, you will have to accept their terms and conditions. If you want to try out other services, Telegram and Signal are both proving very popular and we will cover these in another article about security and metadata.
How does WhatsApp make a living?
WhatsApp tries to address this saying, “We think it’s important people know how we can provide WhatsApp for free. Every day millions of people start a WhatsApp chat with a business because it’s easier to do so than placing a phone call or exchanging emails. We charge businesses to provide customer service on WhatsApp - not people. Some shopping features involve Facebook so that businesses can manage their inventory across apps. We display more information directly in WhatsApp so people can choose if they want to engage with businesses, or not.”
Don’t forget, you are the product.
It is still a fact though that if you are using Facebook, Instagram or WhatsApp then you are using a service which is free to you, but there is a trade off: your data is used when businesses pay for advertising: your activities online build up a profile which is then used to target advertising to you. This doesn’t just include shopping but can also mean you make up part of the audience for political campaigns for example. With other messaging apps.
Can you trust them?
WhatsApp: “During this time, we understand some people may check out other apps to see what they have to offer. We’ve seen some of our competitors try to get away with claiming they can’t see people’s messages - if an app doesn’t offer end-to-end encryption by default that means they can read your messages. Other apps say they’re better because they know even less information than WhatsApp.
We believe people are looking for apps to be both reliable and safe, even if that requires WhatsApp having some limited data. We strive to be thoughtful on the decisions we make and we’ll continue to develop new ways of meeting these responsibilities with less information, not more.” But this does not address the meta-data which is where the big money is made… We will unpack this information over the coming articles.
In the meantime, what can you do to improve your data security on WhatsApp?
- Avoid malicious content you might receive, don’t open unknown links and attachments.
- Disable the option to automatically save received images in the phone gallery.
- Obtain the PIN number that ‘two-step verification’ offers to prevent hackers from hijacking your account with deception.
- Turn off backups. While the messages are protected as they are sent, if you use the WhatsApp option to back up your chat history to the Apple or Google cloud, those copies are not protected by that end-to-end encryption.