Encrypt all the things!

People seem to be pushing back on my OH about WhatsApp for some reason and I'm in that annoying place of trying to explain something I only understand in general terms to someone else for it to be relayed again.

Would someone be able to proof my response, and add in layman's terms anything I've missed? A lot is editing of velocio's posts. But this is my understanding. Cheers.

In a nutshell what's the issue?

WhatsApp are linking WhatsApp accounts with Facebook profiles. This means that information contained in your private messages, and via the permissions your phone gives to the app will used to provide additional data to Facebook to build your profile. It is unlikely that over time Facebook will pause or reverse the trend of trying to capture more data.

So what?

You're banking on a sketchy private company with a solid dubious track record not misusing your data now and in the future. And also that none of this information is externally compromised.

But end-to-end encryption means they can't do this.

End-to-end protects the journey of a message.

Messages are stored on WhatsApp/Facebook's servers. It is encrypted, however they hold the keys and could use the messages(?) for advertising / profile building even though they've said they won't. Messages are also stored on your phone and the app can use that information. If for eg you have a product link or picture link in your messages, cookies contained in those can identify you and add to your profile. From the app on your phone a number of things can be identified to build your profile:

• Mobile app ping your identity and/or IP address (correlate on IP address and device fingerprint - maybe associated to an actual email)

• Email addresses being used the same across multiple apps (correlate on email)

• Phone numbers

• Your contact list (i.e. in WhatsApp... the map of connections is a form of identity)