Hello, I received my FP 2 yesterday and I managed to de-google it as much as possible because I care about my privacy. Of course I did not consider to install WhatsApp for the same reason. Now I find out that the new version of WhatsApp is encrypted and, they say, not even WhatsApp can read messages. What do the privacy-concerned FP users think about this? Should I start considering to install WhatsApp?
2 Likes
It is true that they can’t read your messages. But they still can see and use (i.e. sell) your metadata. You must decide if you can live with that.
4 Likes
Well, here are some considerations:
- WhatsApp still is an American company, so we don’t know what they do if they receive a NSL. (They are not allowed to talk about this).
- As @Bergziege says, they still have the metadata.
- The Client is still not OpenSource. So nobody knows that they’ve done everything perfect and that there will be no backdoor in an update.
For me, Signal is the only trustworthy messenger.
8 Likes
End-to-end encryption should every communication have. Private communication should be kept private.
But they can read the metadata (who communicates with whom, date/time of communication). Metadata is considered by some people as more interesting than the actual content. Facebook/Whatsapp can still build a “social network” with the relationships between persons. So, also with end-to-end encryption, don’t go to a non-trustworthy provider. Nobody here can say if WhatsApp is trustworty for you.
3 Likes
Thank you everyone for your opinions. I now it is not an easy question or one you can answer for me.
The thing is, as you probably know, social pressure for using WhatsApps is very strong.
Until now the problem for me was automatically solved because I did not have a smartphone; so, no WhatsApp, sorry. And, I thought, anyway I would not use it because it is very very bad for privacy.
Now I just got my FP2 and, just in time, WhatsApp seems to become a bit more privacy aware, so… I still do not like WhatsApp, but I would like to understand (as I am not very tech-savvy) how worse it is than similar services now.
For instance, is the kind of encryption WA now provides the same as Telegram or is Telegram still more “privacy-aware”?
2 Likes
@morgenstern, I’m pretty much in the same situation as you are. Not using WhatsApp increasingly feels like living without electricity.
However, what strikes me a bit is that while the debate about encryption enjoys a lot of attention, the fact that the very first thing WhatsApp does is reading your complete address book seems to get little to no attention at all. I wonder if I missed something here – but (I’m not talking about you here, @morgenstern) demanding encryption while happily delivering your complete circle of friends and family to WhatsApp before you have even sent your first message seems a little … putting it mildly: inconsistent to me.
For the time being, I have come to a very complicated solution, installing WhatsApp only on my computer using a complicated emulation and my landline phone number (which has no address book connected to it).
4 Likes
with CM one could prevent WA from access to the phone book (don’t know if that is possible in FP2 OS). That meant of course that WhatsApp would only show you numbers (and WA profile picture) it received messages from instead of the names from your adress book. But it helps you remembering your friends’ numbers 
1 Like
the fact that the very first thing WhatsApp does is reading your complete address book seems to get little to no attention at all.
But even lots of privacy-oriented messengers do, don’t they? Signal and telegram for instance.
For instance, is the kind of encryption WA now provides the same as Telegram or is Telegram still more “privacy-aware”?
Telegram is not very privacy-aware at all, even though they advertise so. By default, conversations are not e2e encrypted, you have to opt in. Group conversations cannot be e2e encrypted. In WA everything is e2e encrypted now.
1 Like
Iirc, signal “only” sends hashed values for the entries? So, yes, personal feelings wether it’s OK or not…
Edit: looks like it’s threema that does the hashing
For those interested, an interesting technical discussion of reason why the address book is uploaded by Signal https://whispersystems.org/blog/contact-discovery/
(At least in Jan 2014). It also explains why hashing phone numbers, which seems a good protection, is in fact useless.
2 Likes
Singal allows reproducible builds, WhatsApp only comes from a cloud store. Paranoid dentists would smoke smartphones. What was the question again? 
1 Like
Everything you say is very interesting.
So, I think my main question is: is current version of WP worse than telegram or similar apps?
I do not like WP also because it’s Zukerberg’s and I think he owns already too many personal data, even if not mines (I’m not on fb).
However messaging apps are indubitably useful, especially for people travelling a lot like me. Therefore, before getting a smartphone I though I would be OK with using telegram, for instance. So, besides been Zukerberg’s, is now telegram better, or more privacy aware, than WP?
I’m not an expert. I think you have to decide what’s important for you: Staying in contact with your friends easily? Fighting facebook? Meeting new people? What do your friends use?
What I was mainly aiming at: Smartphones are not secure and companies make money selling your data. They want you to stay around. So they adapt because they want to stay in the market. Apple and Facebook know how to do marketing AND how to stay in business.
Both MM/signal and WhatsApp try to be “user-friendly” and that’s important. You can update them easily and in a secure way. They are maybe not 100% secure and they never can be (your phone cannot be trusted) but they are “good” enough 
Currently I would say it goes: WhatsApp, Signal, Telegram
Don’t think too much about it. Enjoy spring!
Update: And keep in mind that things are changing all the time.
1 Like
Privacy is important but staying in contact with friends and family is important too. I installed Threema on my FP2 because I think it is the most trustworthy of the messenger options, but only two of my friends use it. Everyone else uses WhatsApp. That’s why I gave in and installed WhatsApp too.
4 Likes
Another question I have is: how does WP make money now? Are metadata enough?
If someone has FB and has used non-encrypted WP until now, I guess they already have enough data to go on even with the new encrypted WP.
But if I start using WP now and have no FB, how much will they ever know about me? How will they be able yo make money just with my metadata?
You stay in their infrastructure. The goal of Facebook is that you do not leave it. Some people think the Internet is Facebook.
But they also know that you want to keep talking one to one to your friends in private. Else you use Snapchat or worse. Your mother, colleges, and boss are on Facebook too, right? But they need your info for their timeline. This is what they sell. As long as you do something with your friends or alone and post about it later, they don’t loose much.
Loosing you to another service is worse (from their perspective).
If you want to learn more, read about Facebook’s upcoming F8 conference or check what’s going on AI-wise.
2 Likes
@Bergziege: did you test this recently? As per my knowledge, Whatsapp will not start if you reject address book access using CM’s privacy features. The only way to prohibit WA to access the whole address book is to use xposed framework with xprivacy.
However, this information is approx. one year old, so I’d be interested if this has changed in the meantime.
1 Like
I test installed it on my FP 2. I’m using app ops and just denied everything… It starts, but says none of my contacts uses wa. Which is not true, but shows that wa has no access to my contacts. So, either cm permissions work differently or they changed something
1 Like
As there is no CM for FP2, I can’t test this.
But as I recall it was working on my OnePlus 1. (But again, I don’t know if this was a clean install or if I restored from a WA-Backup).