When Facebook purchased the encrypted mobile messaging app, WhatsApp, for $19 billion in 2014, some users were concerned about the security of their information and the implications of their private correspondence being handed over to the largest data mining operation in human history. At the time, WhatsApp founder Jan Koum claimed there would be no changes in operations, claiming:
“There would have been no partnership between our two companies if we had to compromise on the core principles that will always define our company, our vision and our product.”
Surprise! WhatsApp announced Thursday it would be sharing all user information with Facebook, compromising the core principle that defined the company — privacy.
When you agree to the Terms of Service, you are agreeing to share your information with Facebook and “other companies in the Facebook family,” which includes Atlas, Instagram, Onavo, Parse, Moves, Oculus, LiveRail (now operating as Facebook Audience Network), and Masquerade. The reasons (listed below) for sharing your information consist of a string of verbs that sound professional and positive but remain vague enough to cover almost any use of your information.
From the new policy [emphasis in text added]:
“Affiliated Companies: We joined the Facebook family of companies in 2014. As part of the Facebook family of companies, WhatsApp receives information from, and shares information with, this family of companies. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings. This includes helping improve infrastructure and delivery systems, understanding how our Services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities. Facebook and the other companies in the Facebook family also may use information from us to improve your experiences within their services such as making product suggestions (for example, of friends or connections, or of interesting content) and showing relevant offers and ads.”
The new policy details information WhatsApp intends to share with Facebook and its family companies, which includes the information you provide to them, information about you provided by other users, contacts in your mobile address book, who you interact with, when you interact with them, information given to them by third parties, your location, when you are online, and when you read your last message.
“Your Account Information. You provide your mobile phone number to create a WhatsApp account. You provide us the phone numbers in your mobile address book on a regular basis, including those of both the users of our Services and your other contacts. You confirm you are authorized to provide us such numbers. You may also add other information to your account, such as a profile name, profile picture, and status message.”
In the “Your Messages” section, WhatsApp stresses that communications are definitely still encrypted.
They go on:
“Your Connections. To help you organize how you communicate with others, we may create a favorites list of your contacts for you, and you can create, join, or get added to groups and broadcast lists, and such groups and lists get associated with your account information.”
The new policy further details more reductions in privacy:
“Usage and Log Information. We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.”
It addresses real-time tracking, as well:
“Status information – We collect information about your online and status message changes on our Services, such as whether you are online (your ‘online status’), when you last used our Services (your ‘last seen status’), and when you last updated your status message.”
(Okay, that one is not totally unexpected but it’s still a bit creepy).
It explains how others can provide additional information about you:
“Information Others Provide About You. We receive information other people provide us, which may include information about you. For example, when other users you know use our Services, they may provide your phone number from their mobile address book (just as you may provide theirs), or they may send you a message, send messages to groups to which you belong, or call you. (So even if you don’t have WhatsApp or Facebook, your information is still available to them through any family, friend, or business contacts you may have.)
“Third-Party Providers. We work with third-party providers to help us operate, provide, improve, understand, customize, support, and market our Services. For example, we work with companies to distribute our apps, provide our infrastructure, delivery, and other systems, supply map and places information, process payments, help us understand how people use our Services, and market our Services. These providers may provide us information about you in certain circumstances.”
Some sites have advertised that they can help you “opt-out” of this information-sharing, but these are ultimately just efforts to get you to click on their page; you can’t actually opt-out, short of deleting the app altogether. It’s easy to be confused, however, because the top of this WhatsApp FAQ page reads:
“How do I choose not to share my account information with Facebook to improve my Facebook ads and products experiences?”
“If you are an existing user, you can choose not to share your account information with Facebook to improve your Facebook ads and products experiences.”
Well, that sounds promising! It’s not, though. It’s more than misleading. After detailing two ways to stop your information from being used to target Facebook ads, this disclaimer adds:
“The Facebook family of companies will still receive and use this information for other purposes such as improving infrastructure and delivery systems, understanding how our services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities.”
It’s not as if any of this is some big secret. It’s not hidden, it’s just cleverly-worded in a lengthy agreement that not everyone takes the time to read.
There is a lesson to be learned here, and that’s that the days of privacy are long gone. Our information is flying around cyberspace whether we like it or not. If that is a concern for you, there are some things you can do to attempt to keep your information safe, like setting up two-step notification on your email and social media accounts, putting a “fraud alert” on your credit report, installing a mobile security app, using a password manager, being careful about what you click on, and as we learned today, always reading the fine print.
* * *