Monday, October 17, 2022

WhatsApp More Private Than iMessage

Sami Fathi:

In a post sharing a Meta billboard in New York City promoting WhatsApp over SMS or iMessage, Zuckerberg said WhatsApp is far better for privacy-concerned users thanks to its end-to-end encryption, ability to set messages to disappear after a set period of time, and its availability across multiple platforms.

He’s not wrong, as iMessage downgrades to SMS if there are any Android users in the conversation, and WhatsApp’s backups are encrypted so that Apple can’t read them. WhatsApp also gives you more access to your own data, with the ability to export conversations. Unfortunately, the people I text with use iMessage.

Previously:

Update (2022-10-18): Balakumar K and James Peckham (in 2021, via Simone Manganelli):

“The information we share with the other Facebook Companies includes your account registration information (such as your phone number), transaction data, service-related information, information on how you interact with others (including businesses) when using our Services, mobile device information, your IP address, and may include other information identified in the Privacy Policy section entitled ‘Information We Collect’ or obtained upon notice to you or based on your consent,” it adds.

[…]

If you don’t want to allow Facebook to do this, your only alternative is to switch to another messaging service such as Telegram or Signal.

WhatsApp:

We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports.

iMessage also collects some metadata.

The actual WhatsApp message data is not shared with Meta. However, it is stored in iCloud backups:

If you have iCloud Backups turned on for your entire iPhone, an unencrypted version of your chat history is also backed up to iCloud. To ensure your WhatsApp chats and media are only backed up with end-to-end encryption, turn iCloud Backup off on your device.

For information on how we collect and process your data, including your end-to-end encrypted backup, please see the WhatsApp Privacy Policy.

Matthew Green:

Hmm, took a look at the Apple developer docs and I see why Apple may have made this harder than it should be. Doesn’t excuse WhatsApp for failing to engineer a solution.

Apple:

The isExcludedFromBackup resource value exists only to provide guidance to the system about which files and directories it can exclude; it’s not a mechanism to guarantee those items never appear in a backup or on a restored device.

However, it seems like they could get around this problem by encrypting the database or by storing it in a folder such as Caches that is excluded from backup.

8 Comments RSS · Twitter

Zuck: Use WhatsApp because Meta cares more about your privacy! Also, Apple is evil because they won't let Meta's ads track you!

It’s true that iCloud backups are not end-to-end encrypted and those include iMessages. This is the big hole in iMessage’s privacy/security story.

What Zuckerberg is not saying is that while the message contents are encrypted end to end, Facebook does have access to all the metadata about the messages: who you talk to, when, from where, how often, probably size of the messages. And they can learn a lot form this metadata especially when combined with other things they know about you which is plenty.

At least this is my understanding of the situation, please set me straight if I’m wrong.

Oh, and use Signal :)

"Zuck: Use WhatsApp because Meta cares more about your privacy"

That's not what he said. What he actually said id this:

"WhatsApp is far more private and secure than iMessage, with end-to-end encryption that works across both iPhones and Android, including group chats"

What he's saying here is factually correct. It's true. Lying about and pretending that Apple is already doing a good job here is not going to incentivize Apple to do better.

Hideously ironic, of course, but true, yes.

I've heard the ads on a podcast or two here in the UK that I listen to. Quite swell, really, pointing out the two-factor authentication and the end-to-end encryption, so not even WhatsApp can read your most private messages, etc.

Naturally, I do not condone WhatsApp or any other centralised messaging system, including Signal.

Sorry, Plume. I was paraphrasing to sharpen the irony. Didn't mean to strike a nerve. :-)

I wasn't trying to defend Apple -- of course they could do better with iMessage and privacy. But Zuck/Meta shouldn't be allowed to use that word when most of their business model is tracking people at the individual/device level. Unless, of course, it's something like this:

Zuck: We don't care about your privacy. You are not the customer, you are the product.

Mark isn't talking about this because he cares about private messages.

Mark just wants to create a central service for all of facebooks products, so that they won't be split up in separate companies.

"Oh but faceWhatsGram are just slightly different frontends to the same backend, you can't split them Ms Khan."

WhatsApp also uploads all my contacts' information to its servers if I allow it access to my iPhone address book. To prevent sharing this data, I have to disable access via the iOS privacy settings, and WhatsApp limits the functionality available in the app by not allowing me to create new group chats.

Old Unix Geek

I was amused to read that President Macron of France talks to President Zelensky of Ukraine over Whatsapp. If the FSB / Mossad / MI5 or MI6 / BND / CIA / NSA / etc wanted to tap such devices, it should be a cakewalk for them. It rather makes one wonder why a European government does not have its own highly protected devices for such uses.

Leave a Comment