If the government knocked on WhatsApp’s digital door and asked for your message history, would they comply? Would WhatsApp ask for a warrant before handing it over? Would you even be notified? If you’re one of WhatsApp’s 800 million active users, you’d probably like to know the answers to these questions. But according to the Electronic Frontier Foundation, WhatsApp has declined to answer any of them.
Who’s got your back?
The EFF’s 2015 “Who’s Got Your Back” report rated 24 tech companies on their commitment to protecting users’ data from government intrusion. Companies like Apple, Dropbox, Yahoo received the full 5 out of 5 stars, while WhatsApp and AT&T received the lowest ratings in the bunch with only 1 star each (also interesting: Google and Microsoft only rated 3 stars out of 5). WhatsApp’s lone star was for its pro-user public policy, earned when its parent company Facebook signed a coalition letter from the Open Technology Institute on its behalf.
Here’s how WhatsApp fails its users, according to the review:
- It does not publicly require warrants before submitting to data requests.
- It does not promise advance notice before government investigation.
- It does not publish its policy on data retention and deleted content.
This is in contrast to a pro-privacy statement made by WhatsApp’s official blog that attempted to assuage users’ privacy concerns when the app was acquired by Facebook last year. Although this is the first year WhatsApp was rated, EFF claims WhatsApp was given a full year’s warning to comply with the industry’s best practices, and has yet to adopt any of them.
Not just a policy problem
It’s important to remember that these ratings only apply to an organization’s actions against hypothetical data requests from the government, not against security flaws in the software itself. But even there WhatsApp has shown itself to be vulnerable. Earlier this year, a Dutch developer revealed that WhatsApp users’ personal information could be accessed easily with a software kit, allowing potential stalkers toaccess profile photos and status messages even when set to “private”. WhatsApp users should also be aware of malicious invites to download fake versions of the desktop application that install malware onto your computer.
So what’s the alternative? There are plenty of other messaging apps with a safer track record, the most popular of which is Telegram, which is cloud-based and offers greater encryption than WhatsApp. Telegram also offers a timed self-destructing messaging mode (similar to SnapChat) and a $300,000 prize to anyone who can crack its encryption. If you (and the friends you chat with) value privacy, vote with your wallet (well, most of these chat apps are free but you know what we mean) and support software that supports your privacy.
- Encrypted Chat Apps: Give Em’ Nothing to Talk About
- Encrypted Chat Apps, Round Two: Talk is Cheap