Except it is more private than alternatives like Instagram DMs and FB Messenger (ironically all by the same company), which are not e2ee.
@glacier’s response pretty much covers it all, and it’s confirmed in the Whatsapp Faq.
Sure, they could find out who you are based on someone who added you as contact. But if you don’t have a FB account, or don’t use your real name there, all they’ll know is that you have a WhatsApp account, but won’t see your messages, unless someone reports your messages. Sure, that’s not as great as Signal, but much better than Discord/Slack/Snapchat/etc.
There’s also the issue of trust. Can we trust Whatsapp when they claim it’s e2ee? There’s no way to verify, but the same can be said for other OSS alternatives; for instance, telegram servers are not open source and the client you download might not be the one you see on GitHub., So there’s no guarantee your private key is not sent to the server at any point.
if you don’t have a FB account, or don’t use your real name there, all they’ll know is that you have a WhatsApp account, but won’t see your messages, unless someone reports your messages
but the same can be said for other OSS alternatives;
Well, your example is not open source, so yes, you cannot trust Telegram. Signal open sourced their server code some time ago. Even with FOSS you have to stay vigilant though and complete trustlessness is hardly achievable (do you trust your device? Your carrier? Your communication partner’s? Etc.)
It’s good enough for NSA to catch a terrorist, not necessarily useful enough for FB to produce targeted ads. If one plans to commit terrorism, Whatsapp is definitely not the best platform.
According to the article you linked: “In most cases, if metadata must be generated and/or used, it should be either 1) minimal or 2) encrypted so that it’s unreadable by the server handling the request(s)”. So most of the important metadata from your files will be encrypted, which make them inaccessible by Whatsapp unless they decrypt it (thus breaking the e2ee promises). Maybe they’ll know the file size or the file name, which you can easily change; what will they do with that?
So they are pretty much left with IP (if you don’t use VPN) and phone numbers you have contacted (which is already know by Apple/Google, NSA, etc. if you have a phone number and use it for calls).
It’s good enough for NSA to catch a terrorist, not necessarily useful enough for FB to produce targeted ads.
I disagree. Identifying a terrorist and their whereabouts for targeted assassination is not that different to serving personalized ads. It’s all about gathering information about the person.
True, file metadata is unaccessible like message content but I was referring to message metadata which covers ip address and phone number (as you mentioned) but also geo location (possibly live - WhatsApp is an application after all), when you communicate with whom how often. You can derive lots of info from that especially if your communication partners are more careless about their data and may maintain an active social media profile with Meta.
It’s definitely easier than finding out info about someone whose life depends on not being found - like a terrorist.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Whatsapp is end-to-end encrypted
They asked about privacy, not security. WhatsApp is profiling you.
Except it is more private than alternatives like Instagram DMs and FB Messenger (ironically all by the same company), which are not e2ee.
@glacier’s response pretty much covers it all, and it’s confirmed in the Whatsapp Faq.
Sure, they could find out who you are based on someone who added you as contact. But if you don’t have a FB account, or don’t use your real name there, all they’ll know is that you have a WhatsApp account, but won’t see your messages, unless someone reports your messages. Sure, that’s not as great as Signal, but much better than Discord/Slack/Snapchat/etc.
There’s also the issue of trust. Can we trust Whatsapp when they claim it’s e2ee? There’s no way to verify, but the same can be said for other OSS alternatives; for instance, telegram servers are not open source and the client you download might not be the one you see on GitHub., So there’s no guarantee your private key is not sent to the server at any point.
They don’t need your chit-chat to profile you. Metadata profiling is where it’s at and that’s why that whole e2ee introduction was just a marketing ruse. It’s good enough for the NSA, so it’s good enough for Meta. And Meta does collect that data even without an account.
Well, your example is not open source, so yes, you cannot trust Telegram. Signal open sourced their server code some time ago. Even with FOSS you have to stay vigilant though and complete trustlessness is hardly achievable (do you trust your device? Your carrier? Your communication partner’s? Etc.)
It’s good enough for NSA to catch a terrorist, not necessarily useful enough for FB to produce targeted ads. If one plans to commit terrorism, Whatsapp is definitely not the best platform.
According to the article you linked: “In most cases, if metadata must be generated and/or used, it should be either 1) minimal or 2) encrypted so that it’s unreadable by the server handling the request(s)”. So most of the important metadata from your files will be encrypted, which make them inaccessible by Whatsapp unless they decrypt it (thus breaking the e2ee promises). Maybe they’ll know the file size or the file name, which you can easily change; what will they do with that?
So they are pretty much left with IP (if you don’t use VPN) and phone numbers you have contacted (which is already know by Apple/Google, NSA, etc. if you have a phone number and use it for calls).
I disagree. Identifying a terrorist and their whereabouts for targeted assassination is not that different to serving personalized ads. It’s all about gathering information about the person.
True, file metadata is unaccessible like message content but I was referring to message metadata which covers ip address and phone number (as you mentioned) but also geo location (possibly live - WhatsApp is an application after all), when you communicate with whom how often. You can derive lots of info from that especially if your communication partners are more careless about their data and may maintain an active social media profile with Meta.
It’s definitely easier than finding out info about someone whose life depends on not being found - like a terrorist.