
Setting the record straight - ibsathish
https://blog.whatsapp.com/index.php/2014/03/setting-the-record-straight/
======
rdl
To support your public commitment to privacy: OTR or better for WhatsApp,
and/or a third party client so we could do this, please.

I'll excuse the metadata issues for a while if you build the app in such a way
that confidentiality is protected independent of your infrastructure, and if
pushing a "bad" app to clients is detectable. It's still a pain if targeted
malware is pushed to individual clients, as those clients are unlikely to
detect it. There are some emerging ways to address that, but first things
first.

You have literally billions of dollars; it would take at most millions to
implement this. Making an app with 450 million uses around the world somewhat
more secure would be supremely meaningful, even if it's not perfect.

------
camillomiller
Facebook will use whatsapp for whatever purpose they see fit. A 19 billion
acquisition is not a partnership. When that will happen deliberately, maybe a
year from now, the founders will leave, maybe slamming the doors, and enjoy
their riches for the years to come.

~~~
droopyEyelids
Does anyone know the founders' employment history before Whatsapp? Have any of
them been a part of a buyout or merger before?

I empathize with Jan & I think he believes what he has written, but does he
think Facebook bought them for no reason at all? If he wants us to take him
seriously he should explain how Whatsapp intends to make money for Facebook.
Even implementing OTR won't totally protect users' privacy, so long as a
megacorp is capable of performing traffic analysis.

~~~
RyanZAG
No, they previously worked for Yahoo.

------
jvdh

      Respect for  your privacy is coded  into our DNA, and  we built WhatsApp
      around the  goal of knowing as  little about you as  possible: You don’t
      have to give  us your name and  we don’t ask for your  email address. We
      don’t know  your birthday.  We don’t  know your  home address.  We don’t
      know where you  work. We don’t know  your likes, what you  search for on
      the internet  or collect your GPS  location. None of that  data has ever
      been collected  and stored by WhatsApp,  and we really have  no plans to
      change that.
    
    

I don't recall them ever being accused of tracking all this information. The
problem is the metadata; They know who you are talking to and for Facebook
this is exactly the kind of information that they want. They want to enhance
their social graphs and have a better view of who interacts with who. This is
auspiciously lacking in their statement.

~~~
mirkules
Sometimes it is more important what a post like this _doesn 't_ say.

"You don’t have to give us your name and we don’t ask for your email address.
We don’t know your birthday. We don’t know your home address. We don’t know
where you work. We don’t know your likes, what you search for on the internet
or collect your GPS location. None of that data has ever been collected and
stored by WhatsApp, and we really have no plans to change that."

Great: they don't take my PII - but a person can easily be de-anonymized with
just meta-data.

In addition, nowhere does it say "we won't read your messages" or "we won't
sell your conversations". I think they are interested in much more than just
meta-data. If I were Facebook, I would be licking my chops at the prospect of
access to the mountain of saved private conversations.

~~~
mattlutze
This jumped out at me as well.

In his list, they don't-not collect A. my phone number, and B. my entire
message history. Certainly he knows that our phone number is PII enough.

It's trivial for someone with the means to tie a cell number back to a person,
and only slightly less trivial to look at timestamps and cross-reference tower
locations and messages to have a quality bit of intel.

If he was truly about this "we're not the Stasi" bit, I'd imagine we'd see
some measure of assurance they don't store messages.

But, then again I don't know that the service would have been worth 19B USD
without those.

~~~
rurounijones
and your phone number is PII that Facebook asks you to register with them!

So...yea, not exactly anonymous.

~~~
mattlutze
I don't know that Facebook requires a phone number, but yes definitely anyone
that has given it out has given them that direct link.

~~~
addandsubtract
Facebook started asking for your phone number a few years ago. It's required
for all new signups and existing users are asked to provide one (to continue)
as well, afaik. And then there's the Facebook app on mobile phones that reads
everyones phone number out of their address book.

------
Myrmornis
_If partnering with Facebook meant that we had to change our values, we
wouldn’t have done it._

With no disrespect intended towards the whatsapp team, given the terms of the
deal, it's a bit hard for them to say "If partnering with Facebook meant X we
wouldn't have done it" unless X is "life would not have been as staggeringly
beneficial to us".

~~~
sgloutnikov
Given the terms of the deal, I think Mr. Zuckerberg "Made an offer he [they]
can't refuse".

------
tiquorsj
Wow. Not the response I expected. I'm not sure if the naivety is authentic or
we should feel punked. They didn't partner with anyone. They were bought. Not
changing will be allowed as long as it benefits the buyer.

------
eapen

        ...said every acquisition ever

------
0x006A
> You don’t have to give us your name

Ok, is that another way of saying they know it already since it was in another
users contacts that got synced to there server?

------
rjzzleep
provided you have whatsapp and facebook on your phone the following happens
though.

1\. they both know your mobile phone book.

2\. they both know your imei

3\. they both know your phone number(this doesn't have to be the same by the
time you sign up for the other)

just no.1 is already enough to get an accurate estimate on who the person is.
notice how they never said that they didn't log that information?

it's also very unlikely that they don't have access logs to their service,
which usually includes ip's i.e. location, but for all we know they could be
encoding carrier information in a couple of bytes during the transmission of
the contact list.

edit: while the mobile ip's don't give you exact information, they still give
you enough heuristics to overlap them with other services

~~~
mschuster91
> it's also very unlikely that they don't have access logs to their service,
> which usually includes ip's i.e. location.

In mobile data world, the norm is MASSIVE NAT. Thousands of users per IP (you
can IIRC make 65535 distinct connections over a single NATd IP). Also, the
connections are usually terminated in one (or fairly few) data centres, so the
IP only tells you the country and the provider, nothing more.

------
ck768
This may sound naive, but I genuinely believe that Whatsapp cares about user
privacy and that they won't silently mine our data and send it to Facebook.
That would amount to sheer hypocrisy, and could also come under legal
scrutiny. I also think that Zuckerberg, at some level, really does want to
connect the world and all that, and Whatsapp is a much better bet than
Facebook is, for developing countries. That being said, Whatsapp does need to
improve their security, and irrespective of the facts, this is proving to be a
bit of PR disaster for them, with a mass exodus of users to Telegram. (They'd
do well to nick some features from Telegram).

------
anonymoushn
Right, whatsapp doesn't collect private information. You just can't use it
unless you hand over all of your contacts!

~~~
mattlutze
I forgot about this... they have one of the best network graphs of the world.

In fact, doesn't Whatsapp have more users than Facebook? That might be worth
more than the message archives.

------
dasil003
Discussion from half a day ago:

[https://news.ycombinator.com/item?id=7416717](https://news.ycombinator.com/item?id=7416717)

------
DavideNL

        "Respect for your privacy is coded into our DNA"
    

This post is complete nonsense, and has no value at all because their words
don't match their actions. A company that respects privacy wouldn't partner up
with another company best known for infringement of privacy.

Suit the word to the action.

------
seanieb
He who pays the piper calls the tune. It really doesn't matter what Jan wants,
Zuckerberg is the decider.

------
hippoman
"None of that data has ever been collected and stored by WhatsApp, and we
really have no plans to change that." ... but I'm not promising we won't!

------
abcd_f
So there _is_ an exodus. Interesting.

------
perfunctory
Why partner with Facebook then? They act as if they did not expect this kind
of reaction from the public.

~~~
jgreen10
Facebook felt that remaining the apex predator in the social space was worth
$19b. The Whatsapp founders, like anyone else, couldn't say no to $19b.

------
rurounijones
I have been meaning to ask this.

What encryption does Whatsapp use? Their FAQ doesn't say.

It also doesn't say if it is end-to-end (client-to-client) encryption or if
the data is stored in plain on their servers? (I understand it is not stored
permanently.)

------
billynomates1
If what he's saying here is true, then Facebook would have had no reason to
spend all that money acquiring Whatsapp.

------
unicornporn
OK, so if all this is true, what did the worlds premier data broker actually
pay $19 billion for?

------
shittyanalogy
Open letters mean nothing. TOS or it didn't happen.

------
Allower
How dare you spout such obvious tripe?! You have no say anymore, STFU and stop
misleading people!

~~~
mschuster91
IIRC he ended up on the Facebook board, so he _has_ a certain say on Whatsapp
stuff.

