WhatsApp belongs to Facebook anyway, what’s the big deal?
Yes, WhatsApp does belong to Facebook. But before the acquisition, here’s what Facebook had promised.
improving their (Facebook’s) services and your experiences using them, such as making suggestions for you (for example, of friends or group connections, or of interesting content), personalizing features and content, helping you complete purchases and transactions, and showing relevant offers and ads across the Facebook Company Products;
They also removed the line “Respect for your privacy is coded into our DNA”. Well, at least they got that one right.
WhatsApp has also been sharing a lot of metadata with Facebook already even before the new policy, which is a bit shady in itself. This leads to the following problems from the top of my head:
- Facebook knowing who you interact with and when, leading to magical friend suggestions for people you’ve been in proximity to.
- Facebook being able to classify you into groups to target you for marketing.
- Allows them to create filter bubbles to influence your opinions.
Facebook has a great track record of being a generally evil company, and I would personally not like to enable them further when alternatives are available.
But I have nothing to hide!
Okay, so would you be alright with giving me unlocked access to your phone and email?
But WhatsApp cannot read my chats because they’re encrypted!
While it might be true that WhatsApp claims to be using a supposedly secure encryption algorithm (same as Signal), most people back up their chats to Google Drive/iCloud. These backups are unencrypted, and there have been many instances of chats being compromised. Additionally, their end-to-end encrpytion implementation is closed source, and thus hasn’t been independently audited. There have also been numerous security vulnerabilities over the years that are concerning.
WhatsApp has been under a lot of pressure from governments, agencies and law enforcement in the past, and it’s likely that they may buckle under the pressure to protect their business interests.
But you are in Europe and nothing changes for you because of GDPR!
Yes, but I do not want to encourage their behaviour in other countries that do not have good data privacy laws.
You just want to be a hipster
While there might be a certain amount of truth to this, I also want to cut down my screen time. Social Media apps are built in a way that tricks your brain into being on them all the time. See “The Social Dilemma” on Netflix if you’re into learning more about this.
Also, I’m pretty sure that I’m not going to lose the people I care about just because I’m not on some app.
Hah! Then why are you on Facebook?
Privacy is not binary. It’s hard for all of us to quit platforms because they’re so integrated into our lives now, but we have choices. We can start by being more aware and taking small steps to not encourage companies to behave in this way. Having worked on the inside for multiple companies as a software engineer, I’ve personally experienced how bad things could be when it comes to misusing personal information.
Trading your privacy for convenience and “free” services is not a good deal. Remember the cliché “If it’s free you are the product”. I’m working on quitting Facebook as well, because at this point, it’s basically full of random people that I haven’t spoken to in years, and have no connection with.
Update: I have since deleted my Facebook account.
Why is Telegram/Signal/Matrix better?
Signal is not for profit and end-to-end encrypted, even for group chats. It runs on donations and cannot be bought by other companies.
Telegram is a good middle ground because people are more willing to switch to it, and it has a decent track record. I will allow the guy who funds it to defend himself, here you go.
You might want to consider a Matrix client if you’re looking for a Discord/Slack alternative, apart from run-of-the mill messaging. It emphasizes privacy and security, while allowing you to (optionally) host your own servers.
They’re all open-source, meaning the their code is public and verifable. (Note: Telegram’s servers are not open-source, but have been independently audited)
Also, just take a look at this.