If you read around their points, it sounds like they track general location, log group messages, and provide specific information on request to a government.
Meta can also just lie about it. If they were secretly granting backdoor root access to some NSA spooks, like Microsoft did with PRISM or AT&T did with 641A, most likely no one would find out, so, there'd be zero actual downside to simply lying.
Usually the three letter agencies will send you a National Security Letter. If somebody sends you a NSL you're not allowed to talk about it, which makes it very difficult to even tell if the NSL is legal or not because it's very difficult to retain legal counsel with these kinds of matters, and secret courts don't have a whole lot of accountability either.
Because the entire rest of society has wrapped itself around Facebook, Whatsapp, and Instagram. It is easy to be a free software purist until you need to know if your child's school has a snow day. Websites and mailing lists are dead. I cannot be involved in my child's school or any of the informal social networks around the parents and teachers without using Meta's platforms. I cannot volunteer at a non-profit I care deeply about without using Meta's platforms, because that's what they have to coordinate.
Are you going to suggest to me that I should force them onto Signal and a pile of other DIY platforms? I dare you. Look a burned out parent in their bloodshot eyes first.
I live in a mostly rural part of Norway, and I have had a very similar experience with a volunteer group I cared deeply about. I created a Facebook account solely to access two groups they used to coordinate events. Initially it worked, but over time, Facebook’s algorithms stopped showing me new posts at the top. Since I was not an active user, I missed important messages and caused real frustration, both for others and for myself. Trying to explain why I was not seeing the content was more awkward than simply saying, “Sorry, I am not on Facebook.”
Eventually, I decided to step away. This was partly because I was not willing to engage more deeply just to make the platform work properly, and partly because of personal circumstances, such as having twins. After deleting my account, I noticed a significant reduction in stress.
These days, my children’s kindergarten uses a dedicated app to communicate with parents, and their sports club uses another (Spond, which seems fairly common in Norway). However, when I try to connect more informally with other parents, the conversation almost always leads back to Facebook, Messenger, or "insta". Even when people express understanding or sympathy for my choice to avoid those platforms, exchanging phone numbers or using alternatives rarely leads to real communication. It feels as if, socially, I cease to exist if I am not part of those groups.
So no, I would not suggest trying to push others onto Signal or similar platforms. I relate to your experience completely. Although we may have made different choices, the underlying challenge is the same: wanting to participate meaningfully, but finding that the tools we're expected to use often come with a cost we are not willing to pay.
Then you’ll be excluded from a lot of groups and social activities without even knowing. That might be an acceptable trade off for you but it's a trade off nonetheless.
And that’s fine, just pointing out that if you were part of a sports club, parents group, whatever, you’re relying on someone keeping you in the loop and making your life harder if you want to be part of it. I don’t judge, I just don’t see why you think it’s immature to want to have a social life.
There are parts of the world that run on WhatsApp. In Brazil it is impossible to live a normal life without it, as absolutely everything from shopping to parking to healthcare is managed through WhatsApp specifically.
"I am not going to suggest you anything except to tell you that you can live a beautiful live outside of the meta-world. it is super easy"
Great it is super easy for you, but why do you think your individual experience is valid for other people (who might be thousands of km away in a very different setting)?
it may not be but I’ve also heard this excuse a million times before. and whatever the situation is meta products can be avoided. we just have a tendency to give into “hey, we have WhateverSupApp group, why don’t you just install garbage on your phone to be a member of this cool group… thanks, but no thanks :)
Because super vast majority of the population doesn't care. You can just look at the leaks from the last decade and its outcomes. Every company that deals with socials also know that people only care about their privacy within their own small circle. As in, they only care about privacy within their own small bubbles.
Imagine a small local non-profit with 5000 likes on their page. They might be trying their darnedest to improve their newsletter numbers, but they still need to be on Facebook.
meta has made everyone believe that only through their platform can you grow your non-profits and whatnots. and they are obviously great at this, everyone bought that shit. you can organically grow (especially small) non-profits without fucking meta apps.
The alternatives are also probably up to the same sketchy shit, so your choices are to be a hermit, or accept that your services will spy on you.
If you want to participate in society, you have to either trust a very large list of untrustworthy people... Or acknowledge that they are untrustworthy, and mitigate accordingly. Part of that mitigation is accepting the possibility that if the Mossad want to murder you by blowing up your toaster, nobody's going to stop them.
don’t use any alternatives. I have been off social media for years now and my life and health and relationships and career and … have improved so much I cannot put it in words. even if one says “well that’s crazy, I must get my dopamine through an “app” on my phone meta is on another level of insanity to even consider infesting your life and especially your loved one’s life
Checking out of society or any number of other activities you don't feel a huge need for may work for you. You are not everyone and what works for you may not be appropriate for any other individual or group of individuals.
> I have been off social media for years now and my life and health and relationships and career and … have improved so much I cannot put it in words.
It sounds like you personally had a problem. Congratulations I suppose on solving it. However, I have no such issues. My life, health and relationships are all already where I want them to be, and are not impacted by occasional interaction with others through technology as luckily, I have had no such struggles with self control or moderation.
My relationships would be impacted on the other hand if I was to throw a big toddler tantrum about using whatsapp for two weeks whilst i'm overseas with my employer and twenty other people. So i'm probably not going to do that.
Sure, I can also avoid putting chemicals on my body by washing my hair with apple cider vinegar and baking soda, and I can also churn my own butter by hand, and if mom wants to hear from me, she can cross an international border and drive for five hours, with her travels being logged by countless security and traffic cameras, gas station payment processors, and no less than two governments, so that she can converse with me in person in my RF-shielded, copper-lined[1] Faraday-cage basement.
There's social media use and there's social media use. Hacker News, Reddit, Facebook, Instagram, Whatsapp, EMail, and my phone's SMS systems all serve dramatically different purposes, and all of them are a varied mix of pros and cons and risks.
---
[1] Any Arcanist worth his salt knows that copper has no name, and thus cannot be turned against you.
Hyperbole much? The only social network I use is HN. As a matter of fact last week I was chaperoning a middle school parade. The other chaperones wanted to make a WhatsApp chat group t0 keep in touch during the parade - which I rejected as a matter of principle; so we did a phone chat group. I do not wash my hair with vinegar or do any of the other nonsense you mentioned.
this is too funny how you mind believes social media is “advancement in society” of any kind… don’t blame you though, you are with the majority (and you know what they say when you are… :) )
I believe nothing of the sort about social (or mass) media.
I do, however, believe that you aren't engaging with what I'm saying, or recognizing some very obvious logical holes in your arguments. Your argument seems to be one of dogma, not one of reason.
huh? let me quote one of the commenters here and see if you recognize the words
Sure, I can also avoid putting chemicals on my body by washing my hair with apple cider vinegar and baking soda, and I can also churn my own butter by hand…
c’mon mate, the first sentence is the most important sentence to reel me in :)
jokes aside, I did read your entire post and I don’t disagree with a single word you wrote. I still don’t understand why anyone in their right mind would install a Meta-owned application on their PHONE. Lots of people overall and number on this thread go with “hey, the GOVERNMENT is already spying on you so why don’t I also let one of the most evil corporations in the history of mankind access to all my everything too… I don’t expect privacy in general, it is 2025 after all and we are talking on HN but these silly “plate reader excuses” are really too much… like saying “well the government can obviously break into my home whenever they want (in 2025 without a warrant as well) so why don’t I leave the door wide open, if government can enter why would I care if someone else does :)
Signal lagged so far in polish and features that getting friends and family to use it was doa. So I can choose to communicate with friends and family on the apps they use, or I make it very difficult for them to communicate with me.
That ends with them mostly not communicating with me, not with them switching apps.
all these are easy excuses… you are here on HN, probably some dope SWE doing amazing shit, I am sure you are more than capable of solving any “picture sharing” problem that is an issue with SMS.
I am not capable of solving shitty downscaled image sharing; flakiness with mms message receipt (esp photos) both on tmobile and verizon; and even worse downscaled video sharing. Because those cannot be addressed by anyone but the telcos.
Nor the inability to add people to groups. sms doesn't have groups; it has pools of numbers. And it works terribly when, eg, one of you is traveling or living outside the US.
You send the photo via mms. When there's that one great shot you really want to save, ask them to email it to you. This isn't nearly as hard as you make it out to be.
You're using a telephone to call and message people?
If you think that your phone provider isn't spying on you, I would like to cut you into an incredible, once-in-a-lifetime investment opportunity in some Louisiana waterfront property.
All I need is your phone number, mother's maiden name, ...
I agree, I think you should just go with tried&true trusted apps made by guy who could not get laid in high school and is trying to compensate for that by fucking with you and all your loved ones that install his shitware on their phones :)
And this is just the publicly known stuff. So perhaps you weren’t privy to everything?
So Facebook (not Meta at the time) just “forgot” to turn off the camera after they were done with it? Sounds reasonable… except wait, they were actively re-activating it while you were scrolling, and until iOS 14 users were none-the-wiser. If it was an honest mistake, do you think FB testers would have not caught it during the MONTHS between iOS 14 developer preview and release? And yet, for this one I do think it was probably a bug about when to activate the camera.
Are you doing one of those 'a lie requires intention, and we can't know their internal state of mind, so we can't know if something is a lie unless they tell us' things?
Do you consider misrepresentation a lie?
If there's a lawsuit which determines that Meta misrepresented something, do you consider that a lie, even if Meta says it was merely on honest mistake made in good faith?
If the European Commission "fines Facebook €110 million for providing misleading information about WhatsApp takeover" and that "contrary to Facebook's statements in the 2014 merger review process, the technical possibility of automatically matching Facebook and WhatsApp users' identities already existed in 2014, and that Facebook staff were aware of such a possibility" then that statement was not actually a lie, right, because no one at Facebook said they lied, correct?
Can you give an example of any company which has lied, but where the company officials have never agreed with that conclusion?
I don't think they misrepresented anything. The European Commission is wrong on the facts. Technology improved in unpredictable ways.
Large public companies do not lie very often because it's incredibly easily for lies to be discovered, and the penalties are high. There are many examples where the popular narrative is the the company lied, but when you look at details it becomes clear that no lying occurred.
For example, David Rainey probably did not actually lie about the extent of the BP oil spill even though most people still believe he did. He was acquitted by a jury who had access to far more information, and more time to think about it, than anyone else.
You can go decompose the binary and check (or monitor network activity). WhatsApp has been audited for implementing E2E encryption and consistently passed.
Well, yes, they have been found to bypass tracking restrictions, most recently using Local Mess (https://localmess.github.io/), but they haven't been found exfiltrating WhatsApp private keys or messages in plaintext. And people are looking for this specifically.
The European Commission has found that Facebook provided “misleading information” about its 2014 takeover of WhatsApp following an investigation into the deal.
The commission’s complaint relates specifically to the sharing of user data between Facebook and WhatsApp. In a submission to the EU made in August 2014, Facebook said it would not be possible to create a reliable automated system for matching users. In August 2016, WhatsApp announced that it would be linking WhatsApp user phone numbers with Facebook user identities.
Read that book in two days. Wild stuff. Of course I don't absolve Sarah Wynn for of her responsibility that is Facebook and it's completely maliciously run company. She is also complicit I don't care how many "I was trying to do the right thing! Whaa!" she sprinkled throughout the book.
The fact that they successfully got the book removed from sale for a while speaks volumes. They not only lie they are encouraged to.
The best lies are corporate lies. And those lies are said plainly, calmly, and with a sense not of conviction but rather it it's not a serious claim because it was always a true statement ... just repeating it now.
They are also uttered on TV, in public talks and to a far lesser extent in court. Court is a formal process. Outside it's not. There's a big difference.
There is some dish detergent that advertises it cleans dishes up to 100% clean. I guess they figure showing “100%” is all that is needed and the dumb public won’t question it further. It’s still an insulting ad.
Ha. This is why the best lawyers in the world work for these people. Over drinks, when I brought up some of the blatant dark patterns in the ad market, someone who worked at one of the biggest companies in the world responded to me bluntly: "yeah, sure, but have we ever lost a case in court over click fraud? No, we have not."
Correct. The best liers like the best bullies are really good at assessing risk. They're honest in close when they sense they're butt is not on the line.
I would classify their "oops we reset your privacy settings accidentally again" as a lie. Granted this was a common occurrence in the 2000's, and not so much the last 15 years.
The privacy settings also did not obviously do what their wording suggested - accidental over-sharing was their goal, and the wording was carefully crafted to deceive and confuse. Is that lying? It's a technical argument, and not really relevant - they are shady AF and always have been.
Just to be a bit more clear, this was a while ago. The answer in gp was to the question: "hey, I am not an ads guy, but my friend asked me to look at his account, and he had no geo restriction set. Why did 60% of his clicks for 'barn wedding venue east tennesse' come from Malaysia? Why would so many people from there see that, and click on in it?"
The bragging wasn't about their lawyers' ability in court, it was about their lawyers' ability to draft Terms and Conditions such that they could not be caught in a lie.
Except we dont live in a stasi regime. What the nsa/fbi/cia can get a subpoena for from the courts is well documented in law. So there is no question that meta does provide individual messages. You guys have got to quit living in this fantasy land of big bad g-men just because you like feeling the flutter in your stomach
Palantir, Meta and OpenAI just had executives commissioned as lieutenant colonels in the US armed forces. They are defacto extensions of the US government now.
It is rather shocking seeing how rapidly the US is shifting from all of its historic norms. Trump sees the US as a "store" where he dictates the terms, he directly has control over US Steel after the Nippon Steel "takeover" -- straight out of the communist central control dictums -- and now US major corporations are embedded in the US military.
It is insane. This is stuff people accused China of for time eternal but apparently it was taken as a good lesson to learn from.
But absolutely no one outside the US -- whether enemies or allies -- should trust anything from US corporations now. The country has fallen.
I think group messages would still be considered personal. It would only be messages you send to a business or in a group with a business that wouldn't be personal.
Does the WhatsApp program generate and store/mange the private keys? If so, it would be possible for the program to send private keys on request, effectively backdooring the endpoint. Such an arrangement would allow Meta to put its hand on it heart and truthfully say it is end-to-end encrypted (on the network), whilst still providing a way around it.
Yes, but users can compare fingerprints (sure, most probably don't, but it's definitely a deterrence against MITMing all conversations by default), receive warnings whenever fingerprints change etc.
There's also supposedly a key transparency service deployed (similar to Certificate Transparency), but I haven't looked into that in detail.
Reverse engineering to some extent as well – it's an extremely popular app, and as such attracts both security researchers and bloggers that just want to get scoops on new features behind feature flags etc.
> Would you even know if you got a special copy of Whatsapp (still signed by Meta and valid) that has this explicit code?
Given the above, it's feasible – at least on Android, it's fairly easy to hash the .apk you've received and compare it to publicly know versions.
The threat of somebody finding unusual code on their phone will probably not deter targeted deploys by sophisticated/state level actors to specific users, but it goes some way towards making it implausible that everybody is running a backdoored version, potentially backdoored by Meta themselves, which is arguably the goal.
Yeah. Go review eg. okta verify apk and tell me it doesn't do anything nefarious. It's an app that basically just does a TOTP hash from some short secret for all I care/use it for. I can probably implement what it does for me in about 200-300 lines of C code without any dependencies.
The shit app has 60 MiB compressed. I was not even able to find where in the code it works with the damn secrets it uses for TOTP.
Now do WhatsApp with its zillion features.
If you mean that it's hard to explain away for the devs themselves, then people do much worse things in this world, and are able explain it to themselves just fine as something good, even.
Meta works by identifying users, modelling their behavior, and then combining that data with third party sources (typically your financial activities) and then selling access to that data to third parties. Mostly for advertising.
When you use credit or debit cards your transactions and data related to it is collected and sold. When you apply for mortgages and close on a house all that information you put in there is collected and sold.
When you put your address in for the post office, when you apply for a drivers or fishing license... Your local governments collect that information and sell access to it.
Meta tries to then tie in your online and app/phone activity with your legal/financial identity it can obtain through partner data brokers.
This is Facebook's businesses model.
So, yes, this data is available to pretty much anybody that is willing to pay for it. Which includes governments.
None of this should be surprising to anybody at this point. Apple, Google, Microsoft, etc.. all of these companies will do this to greater or lesser extents nowadays since has worked out so well for Meta's bottom line.
Also take the "can't see your messages" statement with a grain of salt. Like the famous Lotus Notes backdoor [1] they might have given the government an easy(ier) way to decrypt those messages.
The backdoor in Lotus Notes (differential cryptography) wasn't a secret. It was public information. Ray Ozzie used it as a way to circumvent US encryption export laws. Today companies have to be more discrete.
