WhatsApp To Share Some Data With Facebook

Two years ago when Facebook bought WhatsApp, the instant messaging client said that the deal would not affect the digital privacy of its users. Things are changing now, WhatsApp said Thursday. The Facebook-owned app will share with the company some member information, as well as some analytics data of its users. Bloomberg reports: WhatsApp announced a change to its privacy policy today that allows businesses to communicate with users. The messages could include appointment reminders, delivery and shipping notifications or marketing material, the company said in its revised terms of service. In a blog post, WhatsApp said it will be testing these business features over the coming months. The strategy is an important step for Facebook as it attempts to make money from its most expensive acquisition. In addition to the messages from businesses, WhatsApp said it would begin sharing more information about its users with the "Facebook family." The data, including a person's phone number, could be used to better targets ads when browsing Facebook or Instagram, WhatsApp said.

"Some" data?

[Anonymous Coward]

Try all the data. Privacy is dead, and has been for quite a while.

Re:"Some" data?

[The Real Dr John]

This is why mergers and buyouts are such a problem. People need to start boycotting companies that do this kind of thing. Also time to bring back anti-trust laws and break up any companies that are "too big to fail".

Re:

[Anonymous Coward]

Yeah, we might even be able to come up with a good sound bite for lobbying.

Maybe something like...

Only Yes Means Yes

Re:"Some" data?

[jenningsthecat]

...People need to start boycotting companies that do this kind of thing.

The vast majority of people don't care and don't want to know. They've been trained from birth to not be analytical and to follow the herd. For those in power, making "the people" feel powerless is good; making them feel that everything is OK and that they have neither need nor desire for power, is even better.

Also time to bring back anti-trust laws and break up any companies that are "too big to fail".

To a large extent, laws are effectively written and enforced by the companies that are "too big to fail" and their friends. Unless and until corporate hegemony is upended or destroyed this kind of abuse will continue to grow.

Re:"Some" data?

[The Real Dr John]

Sad but true. But that doesn't mean people shouldn't try and make things better. It's not like these things are unavoidable natural disasters, they are the results of plotting, greedy sociopaths. We can fight back, and that, thankfully, seems to be a recurring theme in this election cycle.

Re:

[unixisc]

HURD could have been the basis for Replicant, instead of the polluted Android

Re:

[Shadow IT Ninja]

Indeed, after talking to a lot of people recently about Facebook, I am impressed at how many have an account because of peer pressure. These people mostly say that they don't log on very often and when they do, they just check items about events and never post anything. So the support for Facebook is very broad but also very shallow.

Regarding antitrust laws, I think there have been different attitudes at different times in history. In fact, I think we are building towards a populist movement now which

Re: "Some" data?

[curt.wetzel]

Of course, corporations are people, so you are actually calling for the death of our corporate brothers and sisters. How Could you say such a thing you genocidal maniac?

Re:"Some" data?

[Anonymous Coward]

The majority of my friends aren't geeks. What really weirds me out is that they say they wouldn't tell their friends everything about their private lives, but if I tell them that IT admins with access to their entire online life are just people like me, their eyes glaze over.

I try to explain it in simple terms: You don't want me to know this private stuff about you - but in my professional capacity I have access to all this information about you. There are numerous examples of governments with political agendas or individuals with personal agendas abusing access to private information. You are relying on the fact that you will never knowingly or unknowingly get on the wrong side of anybody in that position.

But still, blank.

I don't know how to explain it to people. I mean when I was a kid life was simpler, as actions were less likely to have consequences: I'd just go into l33t hax0r mode and obtain files from their machine / school computer account and then show them what I can do. They'd feel embarrassed and I'd teach them a bit about basic security. But as an adult and in this "post-9/11" world of fear, I wouldn't dare take that approach.

I just don't know what to do.

Re:"Some" data?

[jenningsthecat]

The majority of my friends aren't geeks. What really weirds me out is that they say they wouldn't tell their friends everything about their private lives, but if I tell them that IT admins with access to their entire online life are just people like me, their eyes glaze over.

I try to explain it in simple terms: You don't want me to know this private stuff about you - but in my professional capacity I have access to all this information about you. There are numerous examples of governments with political agendas or individuals with personal agendas abusing access to private information. You are relying on the fact that you will never knowingly or unknowingly get on the wrong side of anybody in that position.

But still, blank.

I have the same problem. I think it has something to do with 'out of sight, out of mind'. If our friends don't know, will likely never meet, and don't know about the people who have access to their private data, then it's easy for them to keep their heads in the sand. It's comfortable, it requires no additional effort, and the threat of having to change their daily routines and upset their social structures feels more imminent and more dangerous than the (in their minds still abstract) threat of having their private info revealed to the world. I think this is partly just a human trait, and partly the result of indoctrination in public schools in an industrial society.

I don't know how to explain it to people. I mean when I was a kid life was simpler, as actions were less likely to have consequences: I'd just go into l33t hax0r mode and obtain files from their machine / school computer account and then show them what I can do...

I just don't know what to do.

I've never been remotely close to being a hacker, never mind 'l33t'. But I also don't know what to do. I offer my friends help with making their online activities safer and more private, and all I hear are crickets. And I'm not talking about ditching Facebook, Twitter, and the like - I'm just talking about ad blockers, NoScript, and a basic education about the types of places and behaviours to avoid. If they won't even do the Internet equivalent of asking a partner about STD's before having sex, how the hell would they ever come to terms with the fact that companies like Facebook are just using them and plundering their very lives for profit? Sometimes I feel like Neo in The Matrix.

Re:

[FatdogHaiku]

...Sometimes I feel like Neo in The Matrix.

Are you the person that sent that "Help, I'm trapped in series of progressively worsening movies!" text?
Seriously, when I try to explain actual privacy issues to my friends, I come to the conclusion that I need some brighter friends...

Re:

[Gussington]

I have the same problem. I think it has something to do with 'out of sight, out of mind'.

But why is this a problem? You value privacy because you grew up in an environment that considers it valuable. What if I grew up in an environment that doesn't?
For most of human civilisation privacy wasn't a thing, then for a brief time it was, and now it's not again. That might be a shock for those in the transition phase, but from my kids generation onward it's normal. Welcome to old age.

Re:

[UnknownSoldier]

Sadly, there is nothing you can do. :-/

You can fix ignorant but you can't fix stupid.

The only way people will learn is when it personally effects them in a negative way until then you're talking to a log who has no concept of fire. :-(

Re:

[Anonymous Coward]

What matters is alternative action routes, rather than information.
If Facebook provides me with great benefits (emotional, social, financial, whatever) and you say it is bad, what am I to do? To give up these benefits?
If you provided some alternative: "google knows too much about you, when you want to be forgotten use duckduckgo" it's easier to act upon your advice.
What is the alternative you propose? How can I be informed of social activities and promote my products without Facebook?
For me, I took the choi

Re:

[acrimonious howard]

tldr Your friends may not have experienced any really negative consequences, or possibly even known anyone that has.

I do agree with you, but I'll play devil's advocate a little. I've cleaned out malware from an older family member repeatedly. They eventually got their email hacked. They changed their password, and the problem was fixed. I explained that email could have been used to get into other accounts. So, they change the pw for their bank sites. But everything else just doesn't matter to the

Re:"Some" data?

[TheRaven64]

It was always a stupid-sounding idea to use Whatsapp (I mean that as a totally independent fact, relative to whether or not Whatsapp was actually any good or not). From the very beginning, it was just someone's proprietary app that used an undocumented protocol. Nobody who is trying to do things right, is going to use anything like that.

Of the proprietary messengers, WhatsApp was the least bad. It was founded by people who grew up in the Soviet Union and left with an abiding hatred of surveillance, had a very strong privacy policy, and did end-to-end encryption. Also, using Erlang on FreeBSD, it had a lot of geek cred. Unfortunately, when Facebook bought it there wasn't much chance of it keeping the philosophy of the founders. On the plus side, they did donate $1m from the sale price to the FreeBSD Foundation.

I used to be a big advocate of XMPP, but it's largely been mismanaged into the ground by a lack of leadership in the standards body and a lack of decent reference implementations for the client side. Tox [tox.chat] seems like the best bet at the moment for producing something that is both secure and open, yet with implementations that you can give to normal humans and get them connected.

Re:

[Cigarra]

Nobody who is trying to do things right, is going to use anything like that.

Oh, you're such a nerd. Not that's anything wrong with that! But the world doesn't work like that. Most of the people don't make app usage decisions based whether or not they're based on open standards / protocols, but on what kind of User Experience they get from the apps. In that sense, Whatsapp was FAR FAR better than the SMS they were competing with they started, back in 2009-10. The rest is history.

Re:

[unixisc]

Also word of mouth. Everybody in my family uses WhatsApp, so if I were to switch to, say, Telegram, I'd have to migrate them all to get them there. Since it's a communication app, not a game or tool that I alone may use, I need others to use the same thing I use

Re:

[unixisc]

I'm on WhatsApp but not on FaceBook. So if WhatsApp gives my data to FaceBook, who will the latter associate it w/?

P.S. Reminder to self - delete the email from WhatsApp

Re:

[fluffernutter]

Have no fear, next month banks will be relieving you of the responsibility of having credit because you friended someone who is deep in debt. Or you won't be able to get health insurance because of meds the rest of your family is taking and they think it might be hereditary.

Re:

[unixisc]

habit

Re:"Some" data?

[wvmarle]

WhatsApp messages are end-to-end encrypted - or so they say, at least. I'm by no means an expert so I take their word for it, including it being unbreakable and WhatsApp not being able to read my messages while in transit and so.

This means the only data WhatsApp could possibly have from me, other than my phone number and my contact list, is encrypted messages (something they can't search for clues about my interests - yes I'm conveniently ignoring the time before they encrypted it all), and how many messages I exchange with whom, and the size of those messages and maybe info about attachments (type and size).

Where is the value in such data when it comes to targeting ads?

Re:

[chihowa]

WhatsApp messages are end-to-end encrypted - or so they say, at least. I'm by no means an expert so I take their word for it, including it being unbreakable and WhatsApp not being able to read my messages while in transit and so.

Either there's no value in the data that Facebook has negotiated to pay lots of money for or the sentence above is just marketing (ie. lies). Facebook, after likely doing its due diligence, is betting on the former...

Re:

[Gussington]

Where is the value in such data when it comes to targeting ads?

These privacy discussions are funny because a lot of people seem to focus on the "oh noes, they wanna see me dick pics!"
I have no idea, but I would assume Google, Facebook, MS etc don't care about your penis, the real interest is who is connected to who, how often, what types of relationships you have with others etc. This can be obtained simply by gathering contacts and message size/frequency. This is enough to build a good pattern of marketability that can be converted to ad revenue. There may be more to

Re:

[Shadow IT Ninja]

Privacy can be taken back. You may have lost control of your existing data but that doesn't mean you can't protect yourself going forward. Besides, privacy is a complex family of issues and I there are a lot of aspects which aren't dead yet or which could get a lot worse. We have not yet come to a point where people are tracked with facial recognition (and other identifying technologies) everywhere they go in the physical world. We have not yet come to the point where our DNA is analyzed to discover wha

Re:

[Anonymous Coward]

Pull together? All of, say, 4 of us? Nobody really cares. Revolt against... What? They're consumer choices what we're dealing with. Nothing more. There are no dark forces of evil or anything moving about. The vast majority has made its collective choice. We can adapt, wring our hands, and lose out privacy or rebel, stay outside in the cold and lose our privacy anyway. All it takes is one random acquaintance tagging you on a picture or video and you're in the system. Forever. What are you going to do, threat

Re: that does it!

[Anonymous Coward]

Try Signal. It's free and open source with encryption.

Re:

[unixisc]

Or Telegram

Re:

[Anonymous Coward]

Telegram rolled its own security. Independent analysis of the protocol has shown the service to be insecure. The encryption employed by Telegram is client-to-server rather than end-to-end in WhatsApp. This has been known for several years but people continue to ignore the warnings. Only the client is open source, the server is proprietary. Plus, the company has an aura of mystery since it doesn't publish any business information including office location.

Re:

[unixisc]

Does Signal have end to end encryption? Also, is it there on all platforms - not just iOS & Android, but Windows 10 Mobile & Blackberry?

Repeat after me...

[HungryMonkey]

If you're not paying for the product, you are the product. Surprise, surprise.

Re:

[mwvdlee]

In a way. If we weren't users of Linux, Linus wouldn't be so famous or get any of the benefits of this fame.

Re:

[Anonymous Coward]

I think this analogy does not work. Linux is an Open Source tool that we *use* [and contribute to openly] to build products. Facebook is a tool to herd products that will be sold to its paying users.

Re:Repeat after me...

[Anonymous Coward]

It's open source. You're not the product, you're the quality control department.

And if you are paying...

[Laxator2]

... does that mean that you are not the product ?
It only means that you are a much more profitable product, one who is willing to pay to be taken advantage of.
You get the freeloader treatment anyway, so no point in paying.
The well is irreversibly poisoned.

Re:

[TheRaven64]

Not sure if it still is, but WhatsApp used to be free for the first year and then $1/year thereafter. $1/year isn't much, but it should be more than enough to cover the costs of moving short plain-text messages to and from users.

Surprise?

[DatbeDank]

When I found out that Whatsapp was owned by Facebook, I expected all of my conversations to be polled and mined for data. Are there folks who are surprised by this?

Re:Surprise?

[TheRaven64]

Yes, probably a lot of people. Before it was purchased, WhatsApp had a very strong privacy guarantee and made a marketing point of the fact that their protocol's end-to-end encryption meant that they couldn't spy on you even if they wanted to. When Facebook bought them, they announced that there would be no changes to this guarantee.

Re: Surprise?

[Malc]

They say the messages are encrypted, but nothing about metadata (who you messagesd, when, size of message, etc). This is the kind of thing GCHQ and NSA got in trouble for.

Re: Surprise?

[Lab Rat Jason]

GCHQ and NSA got in trouble???? [citation needed]

Re:

[Espectr0]

there wasn't end to end encryption before the buyout, this was just enabled a few months ago. Lack of encryption was the reason telegram was started.

Standard protocol

[tsa]

I wish the EU would force makers of messaging software to standardize the protocols they use so that I can choose to use the program I want to use. As it is now you have to use what everybody uses to stay in touch with your friends, so now I have to give the datasuckers at Facebook all the information I so desparately don't want them to have because Whatsapp is a handy tool that everyone uses. I would gladly pay for a program that does what Whatsapp did before it was part of Facebook and nothing else, but I can't now because I can't force friends and relatives to use the same thing I do.

Re:

[0100010001010011]

XAMPP, IRC and Email are all pretty well documented. All have multiple clients.

Re:

[TFlan91]

Pray Answered: Signal: https://whispersystems.org/ [whispersystems.org]

Re:

[tsa]

Exactly and that is why this is precisely not what I want: yet another stand alone messaging application. It's time messaging becomes standardized. The only institution with enough power to do that is the EU.

Re:

[TheRaven64]

Signal is probably secure, but all communication goes via OpenWhisperSystems' servers, as does registration (which ties your identity to your account). They can't be forced to MITM your connections (probably - unless someone finds a vulnerability in the protocol), but they can unilaterally delete your account and they can be coerced into doing so. In contrast, Tox is completely decentralised (no central servers, it's a pure peer-to-peer network). Your identity is just a public key, so the only people who

Re:

[TheRaven64]

Considering that the entire selling point behind Signal is that it's supposed to be resistant to "an adversary like the NSA," I would think their ability to trivially associate a key with a real person would kind of turn that on its head.

Any global passive adversary can do traffic analysis on any communication network. Signal's message encryption should stand up against the NSA unless there are any vulnerabilities in the implementation that the NSA has found and not told anyone about or unless they have some magical decryption power that we don't know about (unlikely). Protection of metadata is much harder. If you connect to the Signal server and they can watch your network traffic and that of other Signal users, then they can infer who

Re:

[butchersong]

The permissions for signal seem pretty insane though. Then again, maybe this is standard these days:
http://support.whispersystems.... [whispersystems.org]

Re:

[Gussington]

As it is now you have to use what everybody uses to stay in touch with your friends, so now I have to give the datasuckers at Facebook all the information I so desparately don't want them to have because Whatsapp is a handy tool that everyone uses.

Only because you chose to follow instead of lead. I'm not on FB or Whatsapp and lost contact with some casual acquaintances as a side effect, but the message I'm reinforcing is that not everyone uses it, we have choices.
Change doesn't happen by itself, and it doesn't happen by merely following and complaining. If you want change, you have to participate in the process.

Goodbye WhatsApp, it was fun

[GeekWithAKnife]

Please find me on Telegram. My nickname is FFB

Actually everything else seems better now.

Re:

[tsa]

That only works if you have no one to talk to.

Repeat after me

[Anonymous Coward]

Nothing Facebook says can be trusted. Same goes for any company whose product or service you aren't paying for, and lots of the ones you do pay for, too.

Two years ago when Facebook bought WhatsApp, the instant messaging client said that the deal would not affect the digital privacy of its users. Things are changing now

Things always change. Companies always break their promises, er, "update their terms of service." Look at how many statements Microsoft made about Windows 10 that turned out to be utterly false, for example. Welcome to America, the show where the rules are made up and promises don't matter.

Privacy bye bye

[Anonymous Coward]

It grabs your phones address book, takes all the numbers in there, and contact details and shares them with Facebook. It does this even though you never had permission from those people to give their details to Facebook.

FB's trick it to bury this in the EULA.

You are linked to these people too, so if they do something bad, you are flagged as their co-conspirator on the naughty lists.

Perhaps you installed Facebook or Whatsapp and like everyone else, never visited the website and never read this EULA. Or worse

Uploading soul

[trumpetto]

Can't find the option to upload my soul.

Re:

[sanf780]

Well, you have Pony Island here and now!

When it went free...

[iampiti]

When it went free I started to worry. If you're not paying they're obviously going to use your data.
I hate how more and more services are going "data-only", meaning that you can't pay with money even if you want to. Windows 10 is one of the worst because is only free to some and it still spies you

How to delete your phone number from facebook

[Ormy]

So obviously even after you 'delete' your phone number from facebook they will still retain that information indefinitely and probably trying to link your facebook and whatsapp accounts/information. You have to make them think your number has changed. You do this by registering a second facebook account (using a second email of course, and any random name), register your phone number with that second account (thereby removing it from the first account) then wait a while then delete/deactivate the second account. This way facebook will assume the number has changed hands (don't let them know the two facebook accounts were owned by the same person, use a different IP or at least spoof your user agent) and *hopefully* won't make the link between your original facebook account and whatsapp account (phone number).

Re:How to delete your phone number from facebook

[sdinfoserv]

It's even more insidious that that....FB creates "dark profiles", these are profiles on people who don't even have or want accounts. For example you go to visit your 80 year old mother who's not on FB, but you mention the fact that you're going to visit in a post.... they create her as a "dark profile". every time someone mentions her in a post, they continue to data mine and aggregate attributes... age, geographic location, income, relatives, what she likes, gifts given,... etc. You post a selfie with her while visiting - now they have facial recognition to add to the profile - all for marketing purposes and clearly without her consent.

Re:

[unixisc]

Same w/ LinkedIn. The site asks me whether to add everyone in my address book/contacts list. Problem is that not everybody uses all emails to be on LinkedIn. I have quite a few email accounts, only one of which I use in my LinkedIn accounts. Others are personal. Yet, I get a LinkedIn invite at an address that's not associated - and won't be associated - w/ my LinkedIn account for the simple reason that I don't wanna lose imported messages in the deluge of 'Hi, unixisc, I'd like to join your LinkedIn ne

Re:

[Xest]

I had a friend on MSN messenger who I knew in real life, we'd never connected on the internet in any other way whatsoever so the only way to link us was via MSN.

I was on LinkedIn but only with 10 or so contacts, all of whom were recruiters and had no common links between me and my friend on MSN.

One day when I logged into LinkedIn it suggested my friend from MSN as a contact, given that the only way to link us was via MSN it was clear that long before MS bought LinkedIn it was engaging in illegal data sales/

Re:

[q4Fry]

Or maybe your friend let LinkedIn trawl his/her contact list. I have never been on Lin, but I receive requests from tangential acquaintances often enough that I think that must be what happened. I've seen similar crap on Facebook: "Awww, you don't have enough friends yet. Sign me in to all of your online services, so I can make you some friends."

Re:

[Xest]

Someone else suggested that when I've mentioned this before, but the issue is that MSN used a Hotmail account that I had set up years ago specifically for MSN, whereas LinkedIn used one of my actual proper e-mail addresses.

If I had to guess it would be that MS was transferring IP address data of machines we connected with + real names.

Re:

[Xest]

Facebook already does this, they're in flagrant violation of European data protection laws, but for some reason no one is touching them, it's frustrating.

For example, I installed the Facebook app on my phone and have never given Facebook my phone number. Next time I logged in on my PC it prompted me to add my phone number with a textbox and an add button, except the phone number was pre-populated with my phone number, they were effectively asking me to confirm it by asking me to add it, because they'd very

"We won't share your data"

[JustAnotherOldGuy]

"We won't share your data, but the people we sell it to will."

Suckers.

Anyone that believes the "We won't share your data" claim is either gullible, naive, or just plain stupid.

Of course they'll share your data, that's what their mission is: to collect your data and share it.

Stop kidding yourselves, this is what it's all about. You'd think people would have learned this by now, but noooooooooooo...

"Facebook family"

[JoeyRox]

The online equivalent of the Gambino family.

Who didn't see this coming?

[alispguru]

I did [slashdot.org], when we talked about WhatsApp back in 2014.

The facebook neural network is always hungry.

[Z80a]

It craves for data. ALL the data.