To support your public commitment to privacy: OTR or better for WhatsApp, and/or a third party client so we could do this, please.
I'll excuse the metadata issues for a while if you build the app in such a way that confidentiality is protected independent of your infrastructure, and if pushing a "bad" app to clients is detectable. It's still a pain if targeted malware is pushed to individual clients, as those clients are unlikely to detect it. There are some emerging ways to address that, but first things first.
You have literally billions of dollars; it would take at most millions to implement this. Making an app with 450 million uses around the world somewhat more secure would be supremely meaningful, even if it's not perfect.
Facebook will use whatsapp for whatever purpose they see fit. A 19 billion acquisition is not a partnership.
When that will happen deliberately, maybe a year from now, the founders will leave, maybe slamming the doors, and enjoy their riches for the years to come.
Does anyone know the founders' employment history before Whatsapp? Have any of them been a part of a buyout or merger before?
I empathize with Jan & I think he believes what he has written, but does he think Facebook bought them for no reason at all? If he wants us to take him seriously he should explain how Whatsapp intends to make money for Facebook. Even implementing OTR won't totally protect users' privacy, so long as a megacorp is capable of performing traffic analysis.
Yeah, this is probably the most naive thing I've read in a while. Give it a year or two and this service will be integrated, absorbed, or shut down. I can't wait to see the gnashing of teeth over the inevitable TOS change.
Respect for your privacy is coded into our DNA, and we built WhatsApp
around the goal of knowing as little about you as possible: You don’t
have to give us your name and we don’t ask for your email address. We
don’t know your birthday. We don’t know your home address. We don’t
know where you work. We don’t know your likes, what you search for on
the internet or collect your GPS location. None of that data has ever
been collected and stored by WhatsApp, and we really have no plans to
change that.
I don't recall them ever being accused of tracking all this information. The problem is the metadata; They know who you are talking to and for Facebook this is exactly the kind of information that they want. They want to enhance their social graphs and have a better view of who interacts with who. This is auspiciously lacking in their statement.
Sometimes it is more important what a post like this doesn't say.
"You don’t have to give us your name and we don’t ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that."
Great: they don't take my PII - but a person can easily be de-anonymized with just meta-data.
In addition, nowhere does it say "we won't read your messages" or "we won't sell your conversations". I think they are interested in much more than just meta-data. If I were Facebook, I would be licking my chops at the prospect of access to the mountain of saved private conversations.
In his list, they don't-not collect A. my phone number, and B. my entire message history. Certainly he knows that our phone number is PII enough.
It's trivial for someone with the means to tie a cell number back to a person, and only slightly less trivial to look at timestamps and cross-reference tower locations and messages to have a quality bit of intel.
If he was truly about this "we're not the Stasi" bit, I'd imagine we'd see some measure of assurance they don't store messages.
But, then again I don't know that the service would have been worth 19B USD without those.
Facebook started asking for your phone number a few years ago. It's required for all new signups and existing users are asked to provide one (to continue) as well, afaik. And then there's the Facebook app on mobile phones that reads everyones phone number out of their address book.
scaring people into thinking we’re suddenly collecting all kinds of new data
I don't suppose many people outside of the Tinfoil Helmet Brigade doubt this right now, but what of the future? When the piper (fb) comes piping (and that could be a year or three away) what tune will they dance to?
If partnering with Facebook meant that we had to change our values, we wouldn’t have done it.
With no disrespect intended towards the whatsapp team, given the terms of the deal, it's a bit hard for them to say "If partnering with Facebook meant X we wouldn't have done it" unless X is "life would not have been as staggeringly beneficial to us".
The whatsApp team is disrespecting their users and their users' intelligence. To continue misleading/outright lying to their users is horrific in my opinion.
Wow. Not the response I expected. I'm not sure if the naivety is authentic or we should feel punked. They didn't partner with anyone. They were bought. Not changing will be allowed as long as it benefits the buyer.
provided you have whatsapp and facebook on your phone the following happens though.
1. they both know your mobile phone book.
2. they both know your imei
3. they both know your phone number(this doesn't have to be the same by the time you sign up for the other)
just no.1 is already enough to get an accurate estimate on who the person is. notice how they never said that they didn't log that information?
it's also very unlikely that they don't have access logs to their service, which usually includes ip's i.e. location, but for all we know they could be encoding carrier information in a couple of bytes during the transmission of the contact list.
edit: while the mobile ip's don't give you exact information, they still give you enough heuristics to overlap them with other services
> it's also very unlikely that they don't have access logs to their service, which usually includes ip's i.e. location.
In mobile data world, the norm is MASSIVE NAT. Thousands of users per IP (you can IIRC make 65535 distinct connections over a single NATd IP). Also, the connections are usually terminated in one (or fairly few) data centres, so the IP only tells you the country and the provider, nothing more.
Not only that but a few days ago they updated the Android app which can now retrieve your running apps. This means that, given enough time, they know all the apps you have installed. They also force you to update to the new version. Failing to do so means you can no longer use the app.
They turned evil and that's why me and my friends started using Telegram.
They don't care but privacy, they care about money, let's cut the BS.
If I had known for even a second that the reason whatsapp took so long to start up on my phone, was it uploading MY ENTIRE PHONEBOOK to their servers, I would never use it. The damage has been done, but I never will use it.
I don't understand how the whatsapp CEO can come out with a statement like this while presiding over a program that behaves like this.
This may sound naive, but I genuinely believe that Whatsapp cares about user privacy and that they won't silently mine our data and send it to Facebook. That would amount to sheer hypocrisy, and could also come under legal scrutiny. I also think that Zuckerberg, at some level, really does want to connect the world and all that, and Whatsapp is a much better bet than Facebook is, for developing countries.
That being said, Whatsapp does need to improve their security, and irrespective of the facts, this is proving to be a bit of PR disaster for them, with a mass exodus of users to Telegram. (They'd do well to nick some features from Telegram).
This post is complete nonsense, and has no value at all because their words don't match their actions. A company that respects privacy wouldn't partner up with another company best known for infringement of privacy.
What encryption does Whatsapp use? Their FAQ doesn't say.
It also doesn't say if it is end-to-end (client-to-client) encryption or if the data is stored in plain on their servers? (I understand it is not stored permanently.)
I'll excuse the metadata issues for a while if you build the app in such a way that confidentiality is protected independent of your infrastructure, and if pushing a "bad" app to clients is detectable. It's still a pain if targeted malware is pushed to individual clients, as those clients are unlikely to detect it. There are some emerging ways to address that, but first things first.
You have literally billions of dollars; it would take at most millions to implement this. Making an app with 450 million uses around the world somewhat more secure would be supremely meaningful, even if it's not perfect.