[hbcondo714]

>b-b-but it's encrypted!

Facebook actually updated their LIMITATIONS OF KEY METRICS AND OTHER DATA section at the top of their annual and quarterly reports[1] this year to say that "as a result of limited visibility into encrypted products, we have fewer data signals from WhatsApp user accounts and primarily rely on phone numbers and device information to match WhatsApp user accounts with accounts on our other products". Prior to 2020, did they not disclose this in their reports.

[1] https://last10k.com/sec-filings/fb

disclosure: I work on Last10K.com

[parliament32]

Yes, we can all agree that E2EE means FB isn't reading your messages and using that data (like they do, for example, in FB Messenger / IG messages). But the metadata is still valuable, and not encrypted, and is probably how they're making money with the product.

[hbcondo714]

I can't attest to this metadata but it's just worthy to note Facebook starting telling shareholders this year that they have "limited visibility into WhatsApp user activity due to encryption".

[Talinx]

A closed-source App could send the private key to a server. I hope WhatsApp doesn't do that.

[parliament32]

They absolutely could. But, given the popularity of FB properties, I'm sure there are several groups who decompile their releases on a regular basis and I'm sure there'd be a lot of screaming if the E2EE wasn't implemented properly (see: the Zoom E2EE debacle).