I wanted to begin this article by saying that I am attempting to provide this information to many different audiences, as opposed to most of my other articles. Therefore, it ends up being a jack of all trades, master of none. I have tried to explain some basic concepts as well as to provide more in-depth links. Hopefully, you will find this helpful, but, please feel free to ask questions in the comments or via email if you need clarification. Feel free to just jump to the key takeaways section at the bottom.
I spent a long time trying to decide how to approach this topic. I decided to approach this situation as a good thing that was done out of complete ignorance. Let me try to explain a bit.
The basic question: Is WhatsApp reading my messages?
No, WhatsApp claims to be end-to-end encrypted which means they can’t read your messages. They are just sharing the metadata.
Let’s break this answer down a bit more. Metadata is actually more important to a company than your private chats.
So what is metadata?
To quote Reddit user SensiSparx “This is data like, who was the message sent to, at what time, was it read or not, who’s in your contacts, who do you chat with, the links you send are fully read by them btw. And all kinds of data we don’t even think about. This, connected with your Facebook and Instagram profile is a treasure trove of unseen worth.”
Metadata is much easier to be processed and utilized by computer systems (especially on aspects like personalization), compared to messaging contents. Those require lots of resources to understand (whether by human power i.e. human analyzers) or by computer (NLP and/or other algorithms).
The Snowden leaks show the power of metadata in all its horrifying glory. Some cool info here.
Here is another cool study with info on WhatsApp’s metadata usage. https://www.researchgate.net/publication/312778290_WhatsApp_security_and_role_of_metadata_in_preserving_privacy
Ok cool, but, they (WhatsApp and law enforcement) still can’t read my messages.
Not quite. Even though WhatsApp has end-to-end encryption based on the signal protocol, WhatsApp is still a closed-source application which means we can’t verify its implementation as well as its backdoors.
On WhatsApp’s own site it insinuates a backdoor or a third public key is used for signing based on the fact they can give information to law enforcement. https://faq.whatsapp.com/general/security-and-privacy/information-for-law-enforcement-authorities
Here is an article explaining how a third public key breaks E2E.
The above article brings up a further point on how your phone number is being used as the key which can be socially engineered from you/your service provider.
So why do I think you are misinformed when you have clearly shown WhatsApp’s issues?
Let me explain what I meant in my preface. You aren’t wrong about WhatsApp’s lack of privacy as has been further demonstrated by the above-mentioned article. Rather, almost everyone I have run into fails to understand the rest of the puzzle.
Go through a typical day in your life.
Typically you wake up from the alarm on your iPhone or Android phone. This may be linked to a smartwatch of some sort. You then go and start typing things into different apps using the iPhone or Android keyboard. IOS and Android have constant tracking going on. Maybe you go into your email app and send a message from your Gmail or iCloud account. You then start browsing the web using a closed source browser and probably Google as your search engine.
It doesn’t take long to realize that in order to be more private you have to drastically change your tech life.
Core Security Concept: Security and privacy VS convenience.
Now you have just learned, the hard way, the concept of security vs convenience. Here is an amazing book that will demonstrate this concept even more.
You should still switch but the question is to what and why.
Baby steps, that is the reason to switch. Hopefully, you will begin to further evaluate other areas of your tech life.
Should you switch because Whatsapp is reading your messages? Absolutely not.
Furthermore, as demonstrated in my previous article comparing Telegram to WhatsApp, the biggest inconvenience per our previous concept is the fact that people aren’t on other platforms. If there is a mass exodus we can increase security with way less inconvenience than ever before.
The Two options people are jumping on are Telegram VS Signal (Vs WA).
Telegram: A much more capable platform in every way. As demonstrated here.
Here are some points by Durov the founder of Telegram, so take them with a grain of salt. To be fair, he does appear to hate censorship and seems very intellectually honest. Also realize that Telegram is banned in different counties due to not sharing the keys.
Some points against Telegram: only the private chats are E2E as well as using closed source encryption. An overview here. And an in-depth analysis here.
One of the biggest pros for Telegram in my eyes is that it’s not on USA soil. Cool story here.
Though I don’t really know why, my gut feeling is that Telegram is more secure than WhatsApp as well as Signal (gasp).
This belief is based on its actions taken over time as well as Durov’s very clear stances about different issues.
Signal: Signal seems to be the best for privacy since it’s completely open-source. But being on American soil as well as endorsed by different American CEO’s makes you wonder what’s actually going on. Signal isn’t nearly as fully-featured as Telegram or even Whatsapp, for that matter.
A really cool video on what to look for in a private messenger.
- Be aware that there are many other companies mining your data.
- Baby steps are good so getting rid of WhatsApp is good. (Just don’t think you are private now.)
- It’s a good idea to learn what you are doing and why before jumping on trends.
- Check out the next list which is a dump of useful privacy resources.
Privacy and Security Resources
In no particular order.