Platform
11 January 2021 Security Tips Vlad
WhatsApp and your data privacy in 2021
Ce contenu vous plait
Partagez-le sur les réseaux
TL;DR: Following the announcement of the change in WhatsApp's terms of use, many users are migrating to other solutions.
Putting your parents or even grandparents on a smartphone is not easy. Allowing them to receive photos of their children or grandchildren through Whatsapp, as well as to see them in a video call is even less simple but many have taken to it. <<Mom, I see your ear there, it's a video call>> is a classic phrase and I refer you to these videos by Cyprien: https://www.youtube.com/watch?v=uFpKj3JbORset https://www.youtube.com/watch?v=ZJD1zoAaCmo
Migrating these populations to another application is even less simple but, to my surprise, my close circle of friends and family migrated to Signal without difficulty. But why migrate?
You've seen it everywhere in the press and on the Internet: Facebook, the parent company of Whatsapp, has decided to change the terms of use of the latter in order to allow the crossing of databases.
https://9to5mac.com/2021/01/06/whatsapp-share-your-data-with-facebook/
https://www.engadget.com/whatsapp-privacy-policy-update-facebook-data-sharing-205451955.html
Concretely, what is changing?
Terms and conditions of use
Old: https://www.whatsapp.com/legal/terms-of-service
New: https://www.whatsapp.com/legal/updates/terms-of-service-eea
Privacy policy
Old: https://www.whatsapp.com/legal/privacy-policy?eea=0&lang=en
New: https://www.whatsapp.com/legal/privacy-policy-eea
There is no big change on what they collect but it's mostly the sharing displayed with Facebook that changes:
I love the justification they give for collecting and sharing your information with third parties:
I translate 😉: Your contacts have your phone number and can share it, so why bother us when we do?
The main thing that changes is that with this new update of the terms and conditions, either you accept or you don't use WhatsApp anymore, tough!
On the other hand, it is stated that if the user is European, then, these changes only partially apply: thank you RGPD!
I recommend you to read this article from Le Monde on the subject: https://www.lemonde.fr/pixels/article/2021/01/07/whatsapp-revoit-ses-conditions-d-utilisation-sur-le-partage-des-donnees-utilisateurs-avec-facebook_6065529_4408996.html
Phew, Europeans are saved! Finally...
The General Data Protection Regulation (GDPR) is our savior, great, long live Europe!
Great, but no, in reality, WhatsApp has been sharing data with Facebook since 2016: https://9to5mac.com/2016/08/25/whatsapp-facebook-data-opt-out/
Following Facebook's acquisition of WhatsApp in 2014, Facebook had pledged not to cross-reference data, including phone numbers, for at least 5 years but finally did so after 3 years: https://ec.europa.eu/commission/presscorner/detail/fr/IP_16_4473
<< contrary to Facebook's claims ... the technical possibility to automatically associate Facebook user IDs with WhatsApp user IDs already existed in 2014. At this stage, therefore, the Commission is concerned that Facebook may have deliberately or negligently provided inaccurate or misleading information to the Commission in violation of its obligations under the EU Merger Regulation.
...
It is essential that companies comply with the obligation to provide accurate and non-misleading information for the purposes of merger investigations so that the Commission can effectively review mergers and acquisitions.
Facebook had been sanctioned with 100 million euros: https://www.lefigaro.fr/secteur/high-tech017/05/18/32001-20170518ARTFIG00072-la-commission-europeenne-sanctionne-facebook-d-une-amende-de-110-millions-d-euros.php
Of course, there is no proof that the data was cross-referenced, but Facebook lied: it has been possible, since the beginning, to cross-reference WhatsApp and Facebook data.
The repeated changes to their terms of use and privacy policies are just trying to bring them into line with the... shall we say... supposed uses 😉. But you'd have to be naive to think that they don't already cross the data, while trying to limit the risks like for example not sharing the phone number but a unique and non-reversible fingerprint, which would allow to cross the data, without technically sharing the phone number (which would be total hypocrisy and not being a lawyer, I don't know if it would hold in front of a judge 😉 ).
This change of conditions has woken up the world a bit, which is starting to realize the abuses of Facebook and is starting to change platforms, especially for Signal, created by one of the founders of WhatsApp who left at the time of the takeover by Facebook and supported by the "Freedom of the Press Foundation".
So I can only recommend you to migrate from WhatsApp to something else and let you choose for yourself, see "Security Secure messaging solutions (or not)".
Isn't it already too late?
To be honest, I have no idea but if you delete your WhatsApp account, I doubt that Facebook or WhatsApp will keep your data at the risk of getting another severe fine from the European Commission.
And I'd take the old adage here: it's never too late 👍.
How to do it?
Personally, I mostly use Signal, which has a fat client for Windows, macOS and Linux: https://signal.org/download/
There are other secure messaging solutions like Olvid or Telegram (which does not encrypt end-to-end communications by default), which I also use but for specific purposes. Friends, family, neighbors... it's Signal.
So I started to migrate my WhatsApp exchanges and groups to Signal, sending a message describing the problem, which for me was :
Hello, due to the takeover of WhatsApp by Facebook, WhatsApp will provide all user information to Facebook, starting February 8th: https://www.bleepingcomputer.com/news/security/whatsapp-share-your-data-with-facebook-or-delete-your-account/
In addition to the phone number (which will be cross-referenced with Facebook databases), there will also be all the other information such as the address book, the installed applications...
I was already very reluctant to use Whatsapp but this change marks for me the end of this tool, in favor of Signal: safe, open and just as easy to use (with cooler features like being able to react to a message with an emoticon).
End for a person: To contact me, you will have to use the Signal application, or the mail, or the phone 😉
End for a group: I will create a Signal group with the same name, here is the link: https://signal.group/ ...
I admit I could have done better, talk about the European commission, be more precise, more moderate, but I already find it too long 😉.
And if not, yes, I love to give my opinion on messages with emoticons, which WhatsApp does not allow :
Ok but if everyone leaves, Facebook will back off!
Some people assume that if people migrate massively from WhatsApp to Signal (or any other solution), then they will backtrack on this sharing decision. Personally, I highly doubt it because sharing is at the heart of their business model and the WhatsApp buyout.
I rather think that people will not switch massively to Signal and that "normal" people will keep WhatsApp on top of Signal, so they can keep chatting with their strange friends/husband/wife/cousin/... geeky computer scientist who rebel against Facebook.
On its side, Facebook will keep its back to the wall, accept the loss of accounts and continue because future generations will maybe forget that before, there was a notion of privacy, that any company couldn't buy all the information about a person's life to harass them with useless ads*... I don't hope for that, but it's a possibility and it seems to me to be the strategy of Facebook.
Let's stay optimistic 🤞 in the face of this kind of business model based on the unlimited plundering and reselling of personal data going against individual freedoms. Maybe a massive awareness could make it precarious and unprofitable.
Good migration 😄
*in the best case, in the worst case with a significant influence on our lives and I suggest you listen to this program: https://www.franceinter.fr/emissions/le-code-a-change/pourquoi-s-est-on-mis-tout-noter-avec-vincent-coquaz and this one https://www.franceinter.fr/emissions/le-code-a-change/ils-cherchent-les-trucs-bizarres-qu-il-y-a-dans-vos-telephones-rencontre-avec-des-traqueurs-de-trackers