
Looking ahead for WhatsApp - edmorley
https://blog.whatsapp.com/10000627/Looking-ahead-for-WhatsApp
======
gergles
>
> [https://www.whatsapp.com/faq/general/26000016](https://www.whatsapp.com/faq/general/26000016)

That "Option 1" optout is the darkest dark pattern I've ever seen. A secret
hidden checkbox that only shows up if you tap "yes, I'd like read 2000 words
of legal jargon", which doesn't do anything anyway, because either way
Facebook is getting your phone number. They just _might_ choose not to use it
for ad targeting if you check the box.

Gross, gross, gross.

Also, has anyone else noticed "to fight spam and abuse" is the "think of the
children" of Internet services? Any invasive technique (SMS verification,
browser fingerprinting, trying to sniff out unique hardware hashes, DRM) is
always presented as "fighting spammers". Just an interesting sidebar.

~~~
mtgx
> because either way Facebook is getting your phone number.

Correction - Facebook _already got_ your numbers (and has been doing
recommendations based on them).

I've been noticing Facebook recommendations based on Whatsapp numbers I have
for many months. So they already have the numbers. But they're probably
legally obliged to announce it in a privacy policy change that they will use
them to target ads at you.

~~~
rogy
I find this so creepy. I get recommended people on facebook such as my Phsyio,
whos number I don't even have saved. I've just spoken to him on Whatsapp.
Bizarre.

~~~
onedognight
Privacy requires both communicators to agree on the level. For example if your
Phsyio's address book has your number and that address book is shared with
Facebook, then Facebook knows the two of you communicate.

------
SimonPStevens
Funny how times change...

Some quotes from a What's App blog post from 4 years ago titled "Why we don't
sell ads"[0]

    
    
      "Remember, when advertising is involved you the user are the product."
    
      "Your data isn't even in the picture. We are simply not interested in any of it."
    
      "When people ask us why we charge for WhatsApp, we say "Have you considered the alternative?"
    

So they aren't showing ads themselves, but they are shipping your data out to
another entity that is. Seems worse to me.

[0] - [https://blog.whatsapp.com/245/Why-we-dont-sell-
ads](https://blog.whatsapp.com/245/Why-we-dont-sell-ads)?

~~~
RestlessMind
Out of curiosity - will you compromise a little bit[1] on your principles if
someone offers you 19 Billion USD? Honestly, I would. And I think almost all
the people in the world would. So I don't see anything funny / surprising
here.

[1] - going from "won't show ads" to "ship data to someone else who will show
ads" is not a big step. Just for perspective, some people are literally
willing to kill others for far less.

~~~
Balgair
Then you don't have principles, you have exorbitant prices for your labor.
Principles can change, yes, but if they do so only because there is a reward
involved, then you are no different than my cat near dinner time. In fact, my
cat may have more principles as he wont stop puking on the rug no matter the
bribe I give him.

~~~
CalRobert
Oh come on. Look, I don't like it either but we're talking about an awful lot
of money. This is a pretty tired argument but the fact remains that if your
scruples bother you you could take those billions and feed the hungry/house
refugees/fund your own private messaging startup for the few people out there
who care about privacy. The last part is sad, but really, most people just
can't be arsed.

~~~
Balgair
Have you no honor or sense of duty then? What the hell is money anyways? Will
your wife or husband really care if you make a dollar more or a million more?
Will your true friends give a damn if you treat them to dinner every night and
not be allowed to return the favor? What does your daughter mind if the book
you read her before bed is engraved with gold? Does the extravagance of your
son's wedding make any difference in his love for you? What a shallow life you
must live if all you can think of is money. I'll grant, giving those dollars
to the poor is a noble deed, but where did they come from, at what cost? Raise
the taxes, encourage your representatives and senators to give much more to
the poor and none of us have to pay for it with our souls.

~~~
RestlessMind
19B is a HUGE number, which literally changes lives. If my spouse and kids
find out that I earned that much by switching my stance from "allowing no ads"
to "allowing ads", then they would totally support me.

Not just them, every single person I know (friends, family, coworkers..) would
support my decision. And I have a fairly large social circle. So in that
sense, changing one's stance is completely "normal"; whereas refusing 19B just
so that "you won't have to serve ads" seems "abnormal".

------
onewaystreet
The post says the exact opposite of the title:

> Even as we coordinate more with Facebook in the months ahead, your encrypted
> messages stay private and no one else can read them. Not WhatsApp, not
> Facebook, nor anyone else. We won’t post or share your WhatsApp number with
> others, including on Facebook, and we still won't sell, share, or give your
> phone number to advertisers.

Edit: That paragraph relates to your WhatsApp number. It is true that they do
plan to share your phone number that you signed up with. You can opt-out
though:
[https://www.whatsapp.com/faq/general/26000016](https://www.whatsapp.com/faq/general/26000016)

~~~
denzil_correa
> You can opt-out though:
> [https://www.whatsapp.com/faq/general/26000016](https://www.whatsapp.com/faq/general/26000016)

This is a dark pattern. In fact, once you say "Agree" you only have 30 days to
opt-out.

> After you agree to our updated Terms of Service and Privacy Policy, you will
> have an additional 30 days to make this choice by going to Settings >
> Account > Share my account info in the app.

I can't see such an option.

~~~
shade23
from the page >The Facebook family of companies will still receive and use
this information for other purposes such as improving infrastructure and
delivery systems, understanding how our services or theirs are used, securing
systems, and fighting spam, abuse, or infringement activities.

So even if you do opt out,it really does not make a difference.

[Edit] : More excerpts from the TOS([https://www.whatsapp.com/legal/#privacy-
policy-information-y...](https://www.whatsapp.com/legal/#privacy-policy-
information-you-and-we-share))

>Account Information. Your phone number, profile name and photo, online status
and status message, last seen status, and receipts may be available to anyone
who uses our Services, although you can configure your Services settings to
manage certain information available to other users.

> Facebook and the other companies in the Facebook family also may use
> information from us to improve your experiences within their services such
> as making product suggestions (for example, of friends or connections, or of
> interesting content) and showing relevant offers and ads. However, your
> WhatsApp messages will not be shared onto Facebook for others to see. In
> fact, Facebook will not use your WhatsApp messages for any purpose other
> than to assist us in operating and providing our Services.

The only guarantee that seems to be given is the the messages will not be
_shared onto Facebook_ ( It can still be used by them) and the [...]assist us
in operating and providing our Services,I would like to see what Whatsapp
describes as 'providing our Services',if they one day define 'providing
contextual ads and product suggestions' as their Service we really have no
option here.

Also >New ways to use WhatsApp. We will explore ways for you and businesses to
communicate with each other using WhatsApp, such as through order,
transaction, and appointment information, delivery and shipping notifications,
product and service updates, and marketing

This shows that once businesses onboard on Whatsapp (looking at it as wannabe
WeChat),then this becomes a part of its services thereby allowing our
information to flow out too.

~~~
dx034
Yes it does, they won't connect your profiles and target ads based on your
info. The paragraph you quoted reads like a standard provision to allow using
Facebook's CDN/Datacentres and to integrate some of their teams (abuse/spam).
Of course there's no guarantee that they won't violate the terms and still use
it for ad targeting. But that's no different than before..

------
juandazapata
The irony in their homepage is so good:

\---------------- > Why we don't sell ads Advertising has us chasing cars and
clothes, working jobs we hate so we can buy shit we dont need. - Tyler Durden,
Fight Club

~~~
longsangstan
Basically the whole blog post is talking about what Facebook is doing lol

------
pidg
> [We'll] show you more relevant ads if you have an account with them. For
> example, you might see an ad from a company you already work with, rather
> than one from someone you've never heard of.

I'm not sure WhatsApp understand why people advertise.

~~~
jasongill
I'm not sure you understand the modern advertising landscape... Reminding
customers of your brand and products through retargeting is very big business

~~~
dx034
That works for regular purchases, but not for every company. I recently bought
a car and did extensive research prior to the purchase. Basically from the day
I bought the car (and stopped searching) they started showing me ads. It's 2
months ago and I still see barely anything else. Doesn't seem very effective..

~~~
iamben
That's an attribution problem rather than a retargeting one. A long period of
research prior to car purchasing is well documented[1] - the problem you have
here is the conversion hasn't been connected to the retargeting. If they had
an efficient way of saying "Excellent - after 10 weeks of research dx034 has
actually bought the Audi" they could switch you off. Until that's noted, or
you drop out of the 'this is the longest period people are likely to shop for'
bucket, you're going to see the ads.

[1] [https://www.thinkwithgoogle.com/research-studies/zmot-
auto-s...](https://www.thinkwithgoogle.com/research-studies/zmot-auto-
study.html)

------
JOnAgain
I don't get this part: "We won’t post or share your WhatsApp number with
others, including on Facebook" and then "And by connecting your phone number
with Facebook's systems, Facebook can offer better friend suggestions and show
you more relevant ads if you have an account with them"

How are they matching up accounts without sharing my phone number with
Facebook?

~~~
jamiesonbecker
It's just hashed. I.e., pick a unique number that matches your phone number
and just always use that one instead, because the value in your phone number
is not the functionality of calling you, but matching you up with all of your
other metadata, content, "Likes", etc.

So the goal isn't to sell YOU. You are boring and prosaic. No advertiser cares
about you personally.

We'll make money by selling your likes and who you're connected to in this
fuzzy, aggregate format. Advertisers want to sell to a group of people who
look just like you.

~~~
lorenzhs
> _It 's just hashed_

but the key space is way too small for a hash to be a meaningful anonymization
mechanism. It's too easy to build a rainbow table for possible phone numbers.

~~~
xapata
How do you know what hashing algorithm is being used? And what salt?

~~~
JshWright
The algorithm and salt are irrelevant. There are only so many phone numbers...
You could brute force the hash of a phone number in seconds on any modern
computer.

~~~
xapata
Unless you know the original algorithm, any collisions you find are useless.

I'll give you an example. Here's a hashcode from a real phone number:
1786883671916465751. What's the phone number I used to generate it?

~~~
lorenzhs
Pretty sure Facebook can find out which hash function WhatsApp is using.

~~~
xapata
Or they can just get the original data... So why complain that hashing is
insecure?

------
hengheng
I used to be able to pay for WhatsApp. Those were the days.

------
jamiesonbecker
Hashing your phone number and linking it with other phone numbers (also
hashed) meets all of their promises and yet still allows them to build an
object graph of who's connected to whom, who communicates when, how often, and
with whom, and match all that data with what's in facebook already with the
data that's in your address book on your phone, even if you never install the
FB app...

metadata, all the way down.

------
wigginus
As far as I read correctly, you can opt out of this:
[https://www.whatsapp.com/faq/general/26000016](https://www.whatsapp.com/faq/general/26000016)

~~~
uitgewis
There is no such option in the iPhone app (2.16.9 / 15 Aug 2016).

~~~
denzil_correa
Once you say "Agree" you only have 30 days to opt-out.

> After you agree to our updated Terms of Service and Privacy Policy, you will
> have an additional 30 days to make this choice by going to Settings >
> Account > Share my account info in the app.

I can't see the option either.

~~~
sdoering
This will probably be pushed with the next update, when you have to re-agree
with the terms of service.

~~~
denzil_correa
I do not remember receiving any agreement to ToS on a new update.

------
Renaud
> we want to explore ways for you to communicate with businesses that matter
> to you too

Empty marketing speak, that sentence has zero information content. It just
leaves me vaguely worried that they don't seem to be up-front with whatever
they are about to do.

I'm just glad that FB doesn't have my number and doesn't have access to my
contact list.

~~~
aembleton
If any of your Facebook friends have your number and have synced their contact
list, then they do have you number.

~~~
Renaud
But Facebook will not know it's me because FB doesn't have my number. At
worst, all FB know is that some people have my Whatsapp number. That doesn't
help FB serve targeted ads to my FB account.

~~~
eric_the_read
FB is constantly popping up a message to me saying, "Is (xxx) xxx-xxxx your
phone number? Confirm it now to secure your account" despite the fact that I
have never given them my phone #, nor ever used Whatsapp. I'm sure they know
perfectly well it's you, they just aren't (for whatever reason) doing anything
about it yet.

------
Kenji
I uninstalled WhatsApp the moment it was bought by facebook. It's so obvious
that facebook corrupts this fantastic company/chat application.

~~~
luastoned
How did Facebook corrupt WhatsApp? Pre-Facebook there was no end-to-end
encryption, etc..

~~~
ffggvv
Did you see the source code of WhatsApp? Do you know somebody that saw it?

They can tell all they want, but I won't trust them until I (or someone I
trust, e.g. Debian, FSF, etc.) see the code.

Also being end to end encrypted does not block whatsapp from censoring you or
your friends/family! See how they "disabled" links to telegram
[https://orat.io/blog/as-of-today-whatsapp-is-blocking-
telegr...](https://orat.io/blog/as-of-today-whatsapp-is-blocking-telegram-
links/) and removed the telegram page from facebook.

~~~
fiatjaf
It seems the end-to-end encryption was done by OpenWhisperSystems.

~~~
ffggvv
And so?

1\. They still censorship telegram which means they can read messages locally.
With new updates whatsapp could have new rules to censor or modify "dangerous"
(to them) messages.

2\. E2E encryption is implemented now, what about the future?

~~~
fiatjaf
Ok, I'm not defending them. I will uninstall this damn app.

------
rcarmo
The writing's been on the wall for quite some time, so this isn't really news
-- more of a clarification, really, written with reassurance for the average
user in mind.

I see a lot of negative pushback here on HN, but here in Europe WhatsApp is
pretty much universally used -- not to ludicrous extents, but simply because
it's always been a usable, reliable service. Stuff like Viber caught on in
some places, Telegram seems to be used only by techies, and Facebook Messenger
seems to be rather hit and miss.

Despite a lot of reservations, I started using WhatsApp because the peer
pressure was unsustainable -- family, friends, colleagues (at three
companies), etc., everyone uses it, and to me it has the saving grace of
(unlike FB messenger) not being updated every month with frilly, useless
features (although they never seem to get around to adding quick replies on
Apple Watch, and the lock screen replies on iOS still fail).

I'd probably be happy with SMS and iMessage, but the truth is that I _never_
get any messages through either (except for banks and the odd URL sent from an
iPad)...

------
thewhitetulip
I can not prove it, but I feel github/google and fb has something of a deal.

I communicated with a guy on github and gmail for a project, I got his
recommendation as a friend on facebook. He lives million miles away from me,
have never met him, have 0 mutual friends, yet there he pops up, since then I
have never used facebook on my personal laptop.

~~~
msh
He probably shared his email contacts with fb.

~~~
thewhitetulip
Well, I am sure I wouldn't be in his email contacts, but maybe he shares his
email stuff with fb. Spooky, I stopped using facebook since then :-D

Rarely do I use it these days. had to login to check the deepmask demo :P

------
tdkl
Seems that the endgame now when end to end encryption is well known, desirable
and serves as a product advertisement, that they'll just go after metadata and
focus on that instead.

------
kbart
I deleted my WhatsApp account and uninstalled it from my phone the same day
Facebook bought it. It was a only a matter of time when WhatsApp becomes
another data collection and ad delivery platform.

------
laurent123456
All these new features is basically them trying to become the new WeChat,
where we'll have one central place to manage all our digital needs (buying
tickets, paying bills, getting notifications from the bank, etc.) [0]

[0] [http://www.economist.com/news/business/21703428-chinas-
wecha...](http://www.economist.com/news/business/21703428-chinas-wechat-shows-
way-social-medias-future-wechats-world)

------
celticninja
What if I don't have a Facebook account? Are they still tracking my phone
number?

~~~
tommeader
It doesn't really clarify it at all but there is a question like this in their
FAQs
[https://www.whatsapp.com/faq/general/28030012](https://www.whatsapp.com/faq/general/28030012)
about half way down or so.

------
fiatjaf
They could sell access to a business API: just a way for business to
communicate with users from corporate numbers accessed through an API, instead
of forcing companies to respond to customers by hiring an employee to type
text on a phone.

This could also power things like
[https://getmagicnow.com/](https://getmagicnow.com/) on Whatsapp.

------
wst_
The problem with switching into better IM is that all your friends and family
should switch as well. Considering that most of people does not understand a
privacy issues today and do not care about security, it is an extremely though
task. You may be using state of art encrypted connection, but it would not
help much if you have no one to talk to.

~~~
tgsovlerkhgsel
It also doesn't help that all the privacy-aware tools suck.

I was using Signal, but it was sufficiently unreliable that I was now forced
to sign up for WhatsApp because Signal was practically unusable. And
usability-wise, WhatsApp is sadly miles better than anything else I've seen,
especially Signal. Great call quality, automatically reconnects (with an
audible hint that the connection is down) instead of silently dropping your
call, at least appears to work more reliably than Signal where recently about
half of my call attempts failed and message delivery is pretty much random.
Also supports read receipts.

I won't even get started about XMPP where clients act out in ways that would
make any non-geeky person immediately stop using it. Even for the more
privacy-aware people, there is a limit to the brokenness that a person can
tolerate.

It's great that other messengers provide more privacy, but all that's pretty
useless if they fail at fulfilling their main task. And that's _before_ the
network effect you mentioned.

------
gshakir
I and some of my friends foresaw this day and used Google voice numbers.
Still, time to look for an alternative.

~~~
miend
[https://whispersystems.org](https://whispersystems.org)

Open Whisper Systems' _Signal_ is an open-source, end-to-end encrypted
messaging client which can handle your regular SMS/MMS traffic, as well as
(better) encrypted text communication between any number of Signal users, and
encrypted voice calls. It not only encrypts content in transit, but stores it
encrypted on your device as well. It has clients for iOS and Android. It also
has a beta desktop app in the form of a Chrome app which can sync with your
phone.

[https://theintercept.com/2016/06/22/battle-of-the-secure-
mes...](https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-
apps-how-signal-beats-whatsapp/)

------
carmat
This title is very misleading to the point that it's the exact opposite of
what the post says:

"We won’t post or share your WhatsApp number with others, including on
Facebook, and we still won't sell, share, or give your phone number to
advertisers."

~~~
RodericDay
> including __on __Facebook

not __with __

~~~
rilut
>> including on Facebook

> not with

Wow that is cleverly evil

------
bprasanna
Finally Facebook is making use of WhatsApp! How much ever carefully worded
blog it could be, my brain considers it as "we will customize your facebook
ads based on your whatsapp posts"!

~~~
blockross
I doubt they will use our messages because you know, e2e encryption. This
(very carefully worded) blog post only mentions using our phone numbers.
Facebook has them, as well as a surprising number of advertisers and they'll
be able to use it to determine more precisely your interests/needs/buys
(because advertisers get your number from various sources like restaurants,
shops, garages, etc.) and tailor their ads using that.

~~~
CalRobert
At what point do phone numbers become obsolete? Considering that I basically
never call anyone, or receive calls (I do use voice communication but it's all
voip), and that nobody where I live now uses SMS, what's even the point of
that number?

~~~
tdkl
I hope that never.

Getting a prepaid SIM card with a number I have power over to disclose to only
whomever I want is still great in my book.

~~~
Propen
Except that there's a huge security whole (SS7) in the phone networks and it's
been there for years.
[https://www.youtube.com/watch?v=dDCYlGX22Q0](https://www.youtube.com/watch?v=dDCYlGX22Q0)

------
philliphaydon
Good thing Asia uses Line more than What's App.

~~~
srinathrajaram
India is one of the largest markets for Whatsapp.

~~~
philliphaydon
Never been to India. But Thailand, Cambodia, Singapore, Japan, Taiwan, all use
LINE. (and whatsapp) but I have 2 conversations on WhatsApp and dozens on
LINE.

Granted I don't know anyone in Australia/New Zealand using LINE. (I live in
Singapore)

~~~
robjan
Asia is much bigger than Thailand, Cambodia, Singapore, Japan and Taiwan; so
the statement "Good thing Asia uses Line more than What's App." is incorrect.
Also, WhatsApp is still more popular in SG than Line amongst the local
population.

------
reacharavindh
I really really really wish there was a IM messenger as
ubiquitous,simple,sensible as WhatsApp that I can pay a reasonable dollar for
and expect sensible privacy.

I'm using fast mail instead of Gmail, I'm using self-developed sync scripts
instead of Dropbox, What can I use instead of WhatsApp?

~~~
Propen
Dropbox alternative: [https://tresorit.com/](https://tresorit.com/) WhatsApp
alternative: [https://whispersystems.org/](https://whispersystems.org/)

~~~
reacharavindh
Thanks for the link to tresorit. Will check it out. I checked out
WhisperSystems. Signal (their iOS app) needs access to Contacts to work. Why?!
(1) Why should I trust them with my contacts that I'm NOT reaching through
their App, (2) Smells the same like WhatsApp where it is only a matter of
time, where they sell out and start selling my contacts for "correlation"
value at least.

Cross posting this rant as a ask HN post.

------
kartickv
As a counterpoint to the rest of the comments, I'm probably better off with
WhatsApp than plain SMS, which the Indian government has access to. I'll pick
Facebook spying over government spying.

Other networks are not an option, since WhatsApp is the universal choice.

------
uitgewis
Is there any way to keep WhatsApp and Facebook separate? It seems that either
a) I use WhatsApp and have Facebook collect my data, or b) don't use WhatsApp.

There seems to be a complete lack of choice with what they do with my data.

~~~
lunula
You can use other messaging services. But the one you use may get bought up.
They are fickle.

Why isn't there a popular p2p solution to messaging (other than email)?

~~~
ffggvv
Email is not p2p. And building an encrypted p2p is technically hard. Building
a p2p even without encryption has UX problems. The other problem is how to
make money from it? What's the incentive (for a private) to build it?

------
MrBra
So, do they have my number if I agreed to the new terms but I didn't set my
telephone number inside FB?

------
shklnrj
So I get the following from the post-

* we wont advertise, but we would expose the data to Facebook and they would, see we are still awesome!

Anyways, can someone help me in understanding how businesses would contact a
person via Whatsapp?

------
nbevans
I expected this blog post to be launching their API - which is now, what,
about 3 or 4 years overdue? But alas no - just some privacy encroachment
changes to their T&Cs...

------
daemin
So basically they're going in the direction of WeChat. People won't see
advertising, but businesses will pay to let you interact with them on the
WhatsApp platform.

------
michaeloblak
WhatsApp, if you want to make your platform for business, just open your API.

------
ap46
FUCK THIS!

[https://blog.whatsapp.com/245/Why-we-dont-sell-
ads](https://blog.whatsapp.com/245/Why-we-dont-sell-ads)?

The only reason I hang onto it is that someone with my contact number might
send me something & I still need my cell number to access it otherwise.

~~~
danielsamuels
How much were you paying for Whatsapp then, how much are you paying now?

~~~
chukye
I do not mind to pay, as long as they dont share my phone number and dont show
me ads.

~~~
dx034
From what I read in the article they don't want to show ads in Whatsapp, they
only want to use your meta data to target FB ads. If your whatsapp number is
not on Facebook that shouldn't be an issue..

------
kirkdouglas
Time to use something else...

------
noahmbarr
Even the blog title has the stench of BS - "Looking ahead for WhatsApp"

