Complex Made Simple

Cybersecurity expert weighs in on WhatsApp privacy policy controversy

AMEinfo got in touch with Nicolai Solling, Chief Technology Officer at cybersecurity firm Help AG, to hear what they think of WhatsApp's new privacy policy change.

WhatsApp faced some backlash last week when it announced new changes to its privacy policy, set to go into effect February 8, 2021 The new privacy policy sees the app sharing an expanded list of user information with parent company Facebook and its subsidiaries like Instagram, even if the WhatsApp user does not own an account on those other platforms "For long-time users, the option to share data with Facebook was made available in 2016, but it was just that: optional and temporary. From Feb. 8 it’s mandatory for everybody," Bloomberg explains

WhatsApp faced some backlash last week when it announced new changes to its privacy policy, set to go into effect February 8, 2021. The new privacy policy sees the app sharing an expanded list of user information with parent company Facebook and its subsidiaries like Instagram, even if the WhatsApp user does not own an account on those other platforms. 

“For long-time users, the option to share data with Facebook was made available in 2016, but it was just that: optional and temporary. From Feb. 8 it’s mandatory for everybody,” Bloomberg explains

The list of data WhatsApp will now collect from user devices includes hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information and more. 

This naturally drew a strong reaction from world leaders, privacy advocates, and even businessmen like Elon Musk who are encouraging people to switch to services like Signal

Looking to get an expert opinion on this matter, AMEinfo got in touch with Nicolai Solling, Chief Technology Officer at cybersecurity firm Help AG. 

Nicolai Solling, Chief Technology Officer at cybersecurity firm Help AG

Here’s what he had to say: 

Understanding the issue

WhatsApp has announced a number of changes to how messages are processed specifically when communicating with a business via the app. To be exact, the updates open up the option to a business account to store and share data to allow for more targeted advertisement, particularly on the Facebook platform, as Facebook owns WhatsApp.

At the core of WhatsApp, the ability to encrypt messages end-to-end has always been important to users. The changes to the terms and conditions have led to a lot of speculation on whether this end-to-end encryption was being removed or jeopardized. 

WhatsApp later clarified that the announced updates are not changing end-to-end encryption between individuals and that certain types of data, such as location information, will still be maintained in an encrypted format.

So, while our normal person-to-person messages may still be safe, there is no doubt that with this move WhatsApp is trying to reel in business communication much closer into the Facebook platform.

What do customers stand to give up if they continue to use WhatsApp after the date?

There are many reasons why users are concerned and may opt not to use WhatsApp after February 8. WhatsApp was historically an independent company which fought for users’ privacy and generally took the position that all messages should be private. When Facebook acquired WhatsApp in 2014 for the astronomical sum of $19 billion, WhatsApp founder Brian Acton continued in the new business unit, but departed the organization in late 2018, citing a disagreement on the future direction of how to monetize the application.

Furthermore, Facebook has had a rough ride when it comes to the privacy of user data, and the 2016 Cambridge Analytica scandal, as depicted in the 2019 Netflix movie The Great Hack, highlighted that our data was not always safeguarded the right way and the impact this can have.

So, this latest development has all the elements of a good conspiracy theory.

Fundamentally, it has always been a bit of a puzzle how WhatsApp could fit into the business model of Facebook, [a company which] lives off monetizing the data from its userbase, whereas WhatsApp was historically extremely privacy-focused.

Many users see the recent changes to the user terms as the first move in starting to monetize the platform and ultimately for many customers, the concern is that this is challenging the privacy we have gotten so used to today.

Moreover, the fact that users’ data will be shared with Facebook under certain circumstances is concerning, as WhatsApp collects information on users’ phone numbers, mobile device information, IP addresses, and other possibly sensitive data, according to the WhatsApp Privacy Policy. Big data collection inherently introduces security risks, as a data breach could expose sensitive information about millions of users, as we have seen in recent years. This is exacerbated by the sheer size of WhatsApp’s userbase, especially in the United Arab Emirates. Thus, the fact that users’ data may be shared with Facebook, which has a spotty history of user data privacy, is alarming.

In short, if users continue using WhatsApp, they stand to give up more of their privacy and the security of their data if they interact with business accounts. Some users may consider their data and privacy too high a price to pay and therefore cease or minimize their usage of WhatsApp. 

Read: Has Facebook become the big bad of the social media world?

What do Help AG advise customers to do?

First of all, no one should be in doubt. If you are not paying for the product, you are the product – with Facebook, this has been the case since day one, and it is the reason why Facebook is one of the most successful companies in the social media space.

If you are unwilling to be part of this bargain, there are plenty of alternatives available. Messaging platforms such as Signal and Telegram have been skyrocketing in downloads lately as they are largely considered to be much more sensitive to users’ privacy, but up until now have not had the same user acceptance as WhatsApp.

Both Signal and Telegram are slightly different as they are both released under an open-source license and operated by non-profit organizations that rely on donations to fund their operation. While this itself is a clearer operation model, it of course also means that the platforms operate with very different budgets and resources than a platform as big as WhatsApp.

Editor’s note: It seems that Facebook still holds the reigns here, and the situation will require a significant chunk of WhatsApp’s 2 billion or so users to migrate for Facebook to even reconsider its latest decision. The social media giant has had a shoddy record with protecting its users’ data over the years, and truth be told, we’ve already been under the company’s thumb since the first day we decided to use its services. This new privacy policy is just an expansion of how much of our data we are willing to give this company that wants to integrate into all facets of our lives. 

Read: Facebook has a problem, and it’s spilling over to subsidiaries Instagram and WhatsApp