This article was originally published on VICE Germany.
With 2 billion monthly users, the app is the world's most popular messenger service. Since it implemented end-to-end encryption in 2016, people mostly trust that the content of their WhatsApp messages is secure – which seems to be true. But that shouldn’t be our only consideration when it comes to choosing a messenger platform.
End-to-end encryption ensures that no one except for the sender and recipient has access to the content of conversations – not even WhatsApp. Using any messenger without this level of encryption is like going for a hike in flip-flops: really stupid.
But WhatsApp also has its flaws. On closer inspection, user privacy and data protection are no longer its priority, and plans to merge it with other Facebook-owned services like Facebook Messenger and Instagram DMs are concerning.
Here are several reasons to cull the app from your phone and replace it with a more more trustworthy alternative.
WHATSAPP WANTS TO ACCESS ALL YOUR CONTACT DETAILS
WhatsApp really, really wants to access all of your contacts, and not just those who use the platform. According to their terms of service, users “provide the phone numbers of WhatsApp users and your other contacts in your mobile phone address book on a regular basis. You confirm you are authorised to provide us such numbers to allow us to provide our services.”
Technically, you can refuse access, but WhatsApp will reprimand you by not showing any of the names of your message threads – pretty annoying for a messenger platform – and will prevent you from making calls or starting group messages or broadcasts.
If you do allow it access, WhatsApp will be able to read the information of everyone from your gynaecologist to your dealer. There’s ongoing debate as to whether or not this is even legal under The EU’s General Data Protection Regulation, which forbids the sharing of personal data without consent. Say you know someone who doesn’t use WhatsApp, but is saved as a contact in your phone. Their phone number is shared with WhatsApp, without their consent.
For comparison, messenger app Signal doesn’t need access to your contacts list. Instead, the app converts the phone numbers of your contacts into unique character values, so-called “hashes”. Signal only knows the hashes, not the real numbers, and immediately deletes the information from its servers.
WHATSAPP KEEPS TRACK OF WHAT YOU DO
Depending on whether you change the default security settings, WhatsApp can see your profile picture, nickname, status and "last online time”.
Information like this is often downplayed as "metadata", but as Edward Snowden wrote in his autobiography: “The unfortunate truth … is that the content of our communications is rarely as revealing as its other elements – the unwritten, unspoken information that can expose the broader context and patterns of behaviour.”
WHATSAPP COULD SHARE YOUR INFORMATION WITH POLICE
WhatsApp isn’t a police surveillance tool, and tech companies risk PR disasters if they work too closely with authorities. Nevertheless, under certain circumstances it is possible that investigators will request data about you from WhatsApp.
"We are prepared to carefully review, validate and respond to law enforcement requests based on applicable law and policy,” the service outlines on a page set up specifically for law enforcement authorities. Of course, this isn’t always a bad thing, considering that access could potentially help to solve serious crimes.
But the power and motivations of the police change depending on where you live – and no one can guarantee that things won’t go awry in the future, or that WhatsApp's data treasure trove won’t be hacked by an employee.
The only data that’s truly safe is data that has never been collected. Messenger services like Signal and Threema, which collect minimal metadata and contact information, are your best options.
CO-FOUNDER BRIAN ACTON HAS LEFT THE COMPANY
It’s difficult to trust the direction of WhatsApp under Mark Zuckerberg, when co-founder Brian Acton clearly doesn’t either. After selling to Facebook for a ridiculous $22 billion (£16.9 billion) in 2014, Acton abruptly split with Zuckerberg’s behemoth in late 2017 over privacy and monetisation concerns. “I sold my users’ privacy to a larger benefit,” Acton told Forbes in 2018. “I made a choice and a compromise.”
In March of 2018, he tweeted a simple message: “It is time. #deletefacebook.”
WHATSAPP SOMETIMES ASKS YOU TO BREAK YOUR END-TO-END ENCRYPTION
You’ve probably noticed WhatsApp serve you the occasional pop-up message, asking whether you want to save a back-up of your chat history on Google Drive or iCloud. What comes across as a nice service offering is also a trap: these back-ups stockpile your chat history on Apple and Google servers without end-to-end encryption.
"Media files and messages are not protected by WhatsApp end-to-end encryption when they are stored on Google Drive," according to the WhatsApp FAQ page. The same goes for iCloud.
Messages with a self-destruct timer offer the best protection against this, as they’re automatically deleted after a specific amount of time. WhatsApp does not currently offer this function. Wickr, Signal and Wire all do.
THE WHATSAPP CODE IS NOT PUBLIC
WhatsApp doesn't want to reveal how exactly it was programmed. This might sound like a security measure, but it’s actually quite the opposite. Software is safest when its code is made public – or “open source” – so that independent experts can examine it carefully for defects and potential weaknesses.
WhatsApp competitors Signal, Wire and Wickr are open source, and Threema is following suit.
There’s one major argument for using WhatsApp, which is: everybody else is doing it. And that’s fair enough – but change has to start somewhere.
Some better alternatives to WhatsApp are Signal, Threema, Wickr and Wire. Not Telegram, by the way. And if you’re into nerdy details, you can read here why even Signal isn’t perfect – because when it comes to tech, there’s no such thing as complete security.