Reports have surfaced casting doubt on WhatsApp – and its parent company Facebook’s – commitment to user privacy.
According to an investigation from ProPublica, Facebook employs an international team of over 1,000 contractors to sift through millions of WhatsApp messages.
The workers, based in offices in Texas, Ireland, and Singapore, examine content flagged either by users or by the service’s algorithm.
The report said that these moderators deal with cases involving various issues, including fraud, spam, fraud or terrorism.
However, it appears unlikely that they are intercepting messages that the 2 billion or so WhatsApp users send every day. The workers are part of the company’s content moderation team.
According to the messenger’s terms and conditions, when a user reports someone, WhatsApp receives the flagged content, along with preceding five messages and information on recent interactions with the reported user.
Since messages are unencrypted at the point of sending and receipt, users provide the unencrypted messages to Facebook and its moderation team when they report content. Personal calls and messages still cannot be read in transit due to end-to-end encryption.
This still raises questions about whether WhatsApp is as secure and private as it claims.
In addition to reported content, Facebook has access to large amounts of metadata, such as device fingerprinting and connected accounts, from WhatsApp, which is not protected by end-to-end encryption.
Furthermore, it shows that end-to-end encryption only provides security up to its endpoints – once the message is on your device. When content is reported, it is downloaded onto your phone before being shared with Facebook.
As such, the mechanisms exist to allow Facebook, or other groups, to search and access WhatsApp content once it is on a user’s device.
- DIGIT Movers and Shakers | August 2021
- 50% increase in Scottish fintech SMEs as sector growth continues
- Startup accelerator for black tech founders launched
End-to-end encryption has long been a selling point of WhatsApp. The messages were not decrypted in transit, theoretically meaning that the messages could not be intercepted and read by Facebook, authorities, or hackers.
It was end-to-end encryption that WhatsApp used to save face during a major data-sharing controversy this year.
WhatsApp was quick to point out that the content of messages sent on its platform were encrypted, so any data contained within could not be shared. Instead, the data would largely be limited to names, phone numbers, and location. Facebook could then use this data to personalise and target advertising.
The controversy led to a spike in downloads for rival end-to-end encrypted messengers and WhatsApp delaying the new policy. The company also released an advertising campaign defending end-to-end encryption and underscoring its commitment to privacy.