Facebook doesn't really get a strong advantage in keeping keys to read your messages on its own servers. Intelligence services would benefit from this, so would fraudulent or corrupted employees. For Facebook, storing keys to your message is more a burden, if anything.
Facebook derives valuable data about you through WhatsApp in three channels:
- analyzing the content of your discussions before they get encrypted and sent,
- the app acts like a Trojan horse into you smartphone. It collects data such as your device model, geolocation, contacts, text messages with all activation/verification texts from third parties, the list of apps you installed, when you wake up or go to bed, when you sleep or do other things in bed (thank you gyroscopic sensors), etc.
- Through the correlation of real-time data collected from other smartphones, Facebook also acquires who you met, spend time with, where and when.
As you can see, you don't get end to end encryption for philanthropic reasons but because that's simply not where the money is and that's what gullible customers ask for.
end to end encryption is like when you get offered tap water at the restaurant: for many customers, it provides then with a feeling of self satisfaction.
But it doesn't improve the quality of the food at all...
> WhatsApp still won't be able to access any of your communications or share them with Facebook. Meanwhile, WhatsApp will be able to share user account information like your phone number, logs of how long and how often you use WhatsApp, device identifiers, IP addresses, and other details about your device with Facebook. Plus, WhatsApp can share transaction and payment data, cookies, and location information with Facebook if you grant permission. All of which has been true since 2016.
More is detailed in the WhatsApp privacy policy [1] (emphasis mine):
> We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Services; the features you use like our messaging, calling, Status, groups (including group name, group picture, group description), payments or business features; profile photo, "about" information; whether you are online, when you last used our Services (your "last seen"); and when you last updated your "about" information.
I suspect nokya was exaggerating somewhat, but only somewhat.
None of this is about knowing apps you have installed. Cant be exaggeration if it isn’t true in any sense. That’s the only specific point brought up by your parent comment.
Agree for iOS, i didn't know the list of installed packages was only known to Apple. On Android, it seems to be a new restriction that is being deployed in A11 (search for discussions on Android developers inquiring about the new "QUERY_ALL_PACKAGES" permission that some are struggling with already.
For the exaggeration, I would happily answer but I would need to know on which access you felt I exaggerated (except the fact I did not know Apple kept this list only to itself and friends). The data categories I mentioned are quite straightforward and not specifically obtained by WhatsApp only.
> With gdpr, you can at least download all the data they have collected about you.
I don’t believe this is correct: They may only have to provide data they “control” (in the GDPR-sense of the word; see Art.15,3)
If they merely downloaded it for processing into market segments or even just generated high-value marketing segments directly on the device, they would only have to and be able to give you the list of those segments, and maybe explain broadly that they learned this from “on-line activity”.
If they do exfiltrate everything, they could hold this data for “legitimate interests” such as for lawful intercept, fraud detection, or disaster recovery. If it is not a “normal” business practice to access[1] it they may not be required to reveal that they have it.
Note I am not verifying that Facebook does these things only what my understanding of their obligations are under the GDPR. This does not constitute legal advice, I am not your lawyer, and so on.
[1]: FB’s normal business is selling ads and they don’t typically let ad sales or traffickers access this raw data directly.
Indeed. This concept is sadly too often misunderstood. Many users feel they get everything when they ask for their data, but these data sets are usually restricted in two ways:
1. You only get the data you provided to the service, not the data they derived from your use of the service. Incidentally, this second data set can be as much critical when shared to third parties.
2. You only get the data they kept about you, not the data that resulted from the various transfers to their partner companies and which was thereafter correlated with other databases.
These two sets of data are about the user, but the user never gets to see it, unless it is explicitly requested to the partner companies.
Facebook works directly with oppressive central governments to implement censorship against their citizens.[1] Some might consider that getting screwed over.
Facebook derives valuable data about you through WhatsApp in three channels:
- analyzing the content of your discussions before they get encrypted and sent,
- the app acts like a Trojan horse into you smartphone. It collects data such as your device model, geolocation, contacts, text messages with all activation/verification texts from third parties, the list of apps you installed, when you wake up or go to bed, when you sleep or do other things in bed (thank you gyroscopic sensors), etc.
- Through the correlation of real-time data collected from other smartphones, Facebook also acquires who you met, spend time with, where and when.
As you can see, you don't get end to end encryption for philanthropic reasons but because that's simply not where the money is and that's what gullible customers ask for.
end to end encryption is like when you get offered tap water at the restaurant: for many customers, it provides then with a feeling of self satisfaction.
But it doesn't improve the quality of the food at all...
Hope I brought some light in the topic :)