The actual change, on the surface, is not that bad: your e2ee is still there, and your private chat is still private… although apparently your private keys being actually private is now gone from the specs, so you kinda-sorta have to go on Facebook’s promise on that one.
Uh-oh. WhatsApp's canary just died; they removed the statement that they never have access to your private keys. If you were using it because of its privacy, it's time to find something else. https://t.co/vmnSn9JqMK
— 🏳️🌈🐺 Shadow D. Wolf (@SDWolf) January 8, 2021
(This tweet is about WhatsApp’s security whitepaper by the way.)
But we all trust Facebook, don’t we?
As a private person with nothing to hide (copyright Eric Schmidt), this is still sorta-kinda fine. The problem is with the metadata. Facebook will now be sharing this across its platforms, and you can bet your e2e encrypted buttocks they will use your WhatsApp metadata to refine their behavioral tracking and targeting ever better ads to “improve your experiences” by sharing “battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers (including identifiers unique to Facebook Company Products associated with the same device or account).”
- read this part first,
- then read the policy again and look for the ‘Information We Collect’ part,
then I don’t see what’s limiting Facebook to actually share any data WhatsApp collected, with the Mothership.
So yeah Facebook, a FAQ is nice, but you know what’s better if you want to ensure people you don’t do what we think you do?
Then you are at least liable. That, to me, is easier to trust.
(Not to go deep into politics, but if you want to see how good Facebook is at half truths, you need to go as far as Sheryl Sandberg’s perfectly executed response on 6/Jan Qanon stuff.)
So what to do?
As an ordinary dude, not much I’m afraid.
Leaving WhatsApp, with school comms happening there, is not a realistic option.
In any case, I limited the app as much as iOS allows it:
And Containerised the web client (is that even a word) in Firefox:
But of I’ll eventually accept the new policy, and will sadly feed my Facebook shadow profile. At least my Pihole is taking care of filtering out all the ads I’d be targeted based on the data my WhatsApp shared.
And if you need to tell me something, you can always contact me on Telegram rather than WhatsApp.
Header image, as usual, is mine: a rainbow over the Waterland, near Amsterdam. you know, pot of gold, privacy, rainbow, nudge-nudge.