One of WhatsApp’s most touted features is end-to-end encryption. It is often claimed that WhatsApp messages are encrypted at the source and only decrypted once they reach their destination and that Facebook themselves cannot see what you and the person on the other end are talking about. This has put Facebook at odds with various governments and authorities who think they are entitled to see certain chats in given circumstances such as during a criminal investigation.
It turns out, according to a recent report, that Facebook can indeed read your WhatsApp messages despite their claiming they cannot. To be clear, Facebook and WhatsApp have not been shown to be breaking their end to end encryption claims. Instead, the issue relates to messages that have been reported by other WhatsApp users as Spam.
This normally happens when you send someone a message for the first time. If they are not in your contacts you do receive the message but when you open the chat you are presented with the option to report the user who sends you the message and block them. When you do report the message it is sent to WhatsApp’s moderators. The moderators have to see the offending message before they can pass judgement as to whether it’s Spam, abusive, fraud or child pornography.
This means despite claims that no one can see what you send through the WhatsApp network besides the intended recipients is not true. There is a chance that if your message is flagged automatically as potential Spam or if a user reports your message as Spam, something that can happen accidentally on a touch phone, your message is automatically transmitted to moderators who can read it despite them not being your intended audience. In other words, WhatsApp has the ability to moderate content on its network and that ability relies on them being able to read people’s messages.
What’s the big deal?
So you may be wondering what’s the big deal? You see companies like Facebook have shown time and time again that they are willing to put profit over issues like human rights. They have a habit of cheerfully handing your data even to repressive regimes. A lot of people including activists and dissidents rely on their platform as a lifeline. However, if Facebook can access your data this way it means there is a potential they would hand it over to said authorities when pressured. This wouldn’t happen if they didn’t have any data to hand over, to begin with.
Currently, there is an issue of another privacy-minded service Proton Mail which has come under fire for misleading people the same way. For years they marketed themselves as a privacy-focused service that used end to end encryption. As it turns out it was all not true and a “climate change” activist was arrested in France based on data the company handed over. Data they were not supposed to have.
When using such tools you always ought to be mindful that the tool providers may not be telling the truth and take appropriate precautions otherwise relying on the word of a corporate can land you in hot water.