back to article If you're a WhatsApp user, you'll have to share your personal data with Facebook's empire from next month – or stop using the chat app

WhatsApp users must agree to share their personal information with Facebook and its wider empire if they want to continue using the messaging service from next month, according to its terms and conditions. “As part of the Facebook Companies, WhatsApp receives information from, and shares information with, the other Facebook …

  1. Ben Tasker

    Does this apply here?

    Does this apply to the UK and the EU though?

    IIRC they tried in the past and found it was incompatible with GDPR. Thats still in force - as the DPA in the UK, and the UK is still served by Whatsapp Ireland.

    Has anyone in the UK actually had the T&C notification?

    EDIT: sods law,of course I then got the notification. Clearly it does apply here, another useful servive rendered unusable

    1. SPARKESFRANKIE66

      Re: Does this apply here?

      In the UK, haven't received any notification that the T&C or Privacy Policy will change, but both are in essence the same document provided by either WhatsApp LLC or WhatsApp Ireland, depending whether you live in the "European Region" or not.

      Almost certain this would not be compatible with GDPR.

      Edit: Sod's law again. However, you may be able to hand WhatsApp a formal objection to data processing between it and Facebook: https://faq.whatsapp.com/general/security-and-privacy/objecting-to-the-processing-of-your-personal-data

      1. Doctor Syntax Silver badge

        Re: Does this apply here?

        I'd imagine that if they tried something so barefaced in the EU it would be the full 4% of turnover. Repeated as long as they kept it up. It would be a challenge that couldn't be ignored.

        1. Wilhelm Schickhardt

          Really ?

          The EU is a toothless tiger against the US megacorps. They write up reams of funny legalese and pronto they can continue to collect whatever they please, despite GDPR.

          As always: follow the lobby cash in Brussels.

          1. Loyal Commenter Silver badge

            Re: Really ?

            Several EU countries (notably France and Germany) have had some high profile successes in the area of data protection against global megacorps, such as the right to be forgotten and Google, so I'm calling bullshit. GDPR provides pretty strong recourse against privacy abusers.

            1. Wilhelm Schickhardt

              Re: Really ?

              Google still collects way more data than they need to. So does Facebook and quite a few more. They write a huge legalese letter in order to justify that.

              You cannot remove the Google data collectors from your smartphone.

              You cannot remove the shady keylogger/activity tracker (or whatever it is) from Windows 10.

              In my book, GDPR only applies to those who dont have a large army of lawyers.

              1. Loyal Commenter Silver badge

                Re: Really ?

                This may or may not be correct. It's not exactly relevant to the previous comment though. The astute amongst us will notice an argument being switched and see it for the sure-fire indicator of an attempt to deflect attention from a disproven claim.

        2. Charlie Clark Silver badge

          Re: Does this apply here?

          With Facebook already having moved UK users outside the EU for data processing I guess it's only a matter of time before they do the same with WhatsApp. But, given how many people already happily hand over personal data to them, I'd be surprised if many users really closed their accounts when this happens.

          1. PeeKay

            Re: Does this apply here?

            I moved over to Signal a while back (when FB bought WA originally) - interested to learn that WA uses the same technology from Signal to provide encryped protection.

            Just without the snooping Facebook.

            For those of us who would prefer not to be subject to this though...

      2. bobDowne

        Re: Does this apply here?

        I went to check WhatsApp right after reading this article and the new notice was there!

        What happens if you use a VPN? Does that mess up their tracking? And if you use an ad blocker you never see what they try to target you with.

    2. diodesign (Written by Reg staff) Silver badge

      "Does this apply to the UK and the EU though?"

      From WhatsApp's European Economic Area FAQ (which claims to include the UK still, updated Jan 4, 2021):

      "WhatsApp also works, and shares information with the other Facebook Companies who act on our behalf to help us operate, provide, improve, understand, customise, support, and market our Services.

      "This includes the provision of infrastructure, technology, and systems, e.g. for providing you with fast and reliable messaging and calls around the world; improving infrastructure and delivery systems; understanding how our Services are used; helping us provide a way for you to connect with businesses; and securing systems.

      "When we receive services from the Facebook Companies, the information we share with them is used on WhatsApp’s behalf and in accordance with our instructions. Any information WhatsApp shares on this basis cannot be used for the Facebook Companies’ own purposes"

      So, Facebook Companies can't use the info for their own purposes but can use it as Facebook-owned WhatsApp directs.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: "Does this apply to the UK and the EU though?"

        "From WhatsApp's European Economic Area FAQ (which claims to include the UK still, updated Jan 4, 2021):"

        But that link (apparently to https://www.whatsapp.com/legal/updates/privacy-policy-eea) actually takes me to https://www.whatsapp.com/legal/updates/privacy-policy-eea?_fb_noscript=1 and that page starts by saying: "If you don't live in the European Region, WhatsApp LLC provides the services to you under this Terms of Service and Privacy Policy." It doesn't provide any information about the privacy policy if I DO live in the 'European Region'.

        So how do I see the WhatsApp privacy policy that affects me without enabling Javascript? That is surely a breach of some law or other.

      2. Anonymous Coward
        Anonymous Coward

        Re: "Does this apply to the UK and the EU though?"

        I've had the pop-up appear already, and I'm in an EU country, so it looks like they want to press ahead with it, unless some EU regulator throws a spanner in the works in the next month.

        1. DrewWyatt

          Re: "Does this apply to the UK and the EU though?"

          Annoyingly enough, I had the popup when I clicked on a notification to open WhatsApp, and the popup displayed for half a second when WhatsApp opened, then vanished when the conversation opened. I can't seem to find any way of reading it from within the App, so for all I know my data will be exported to and processed on Mars.........

        2. anothercynic Silver badge

          Re: "Does this apply to the UK and the EU though?"

          Ditto.

    3. ADC

      Re: Does this apply here?

      According to the updated privacy policy, it applies in the UK (post brexit) but not in the EU.

      There is a separate privacy policy for the EU.

      1. Anonymous Coward
        Anonymous Coward

        Re: Does this apply here?

        Wrong. You're mixing up Europe with the EU.

        The UK and EU are still under the same rules.

      2. Anonymous Coward
    4. Loyal Commenter Silver badge

      Re: Does this apply here?

      My understanding is that GDPR requires explicit opt-in consent to the collection of such data, for each specific purpose. So, whilst it might be necessary to collect some information for the service to work, it is not a necessary part of that service to serve up personalised advertising, so, as I understand it, FB should be obtaining consent to collect that information for this purpose. Under GDPR, just saying "by using this service you give consent" is not allowable.

      I wouldn't expect the ICO to have the balls to challenge it, but regulators in more privacy-minded countries such as France and Germany will almost certainly be champing at the bit at the idea of taking a big chunk of FB's global turnover as a penalty. 4% isn't it? Turnover, not revenue.

      1. Repne Scasb

        Re: Does this apply here?

        The thing I find somewhat odd is that if someone has my details on their phone, I am not consulted nor consent about my details being passed on to Whatsapp (or any of those other 'allow access to contacts' apps), which would seem incompatible with GDPR. I don't have a business relationship with them, which would seem to fail the test for them being allowed to have my data. Friends / colleagues and associates don't seem to grasp that it's not their personal data they are disclosing by blindly accepting these changes, or tell me they are very careful about not disclosing their number / email and wonder how it got out.

        1. Loyal Commenter Silver badge

          Re: Does this apply here?

          Does WhatsApp actually store that data or just use it to direct the call? I'm not familiar with the technical details of how it works, but if they are not storing it, then presumably you have already given consent for that person to have your number to call you?

          If they are collecting and storing numbers without the consent of the people those numbers relate to, then it is pretty obviously PID, and they should be gaining consent from you to use it, along with informing you of the purposes of doing so.

        2. andy 103

          Re: Does this apply here?

          "if someone has my details on their phone, I am not consulted nor consent about my details being passed on to Whatsapp (or any of those other 'allow access to contacts' apps)"

          It's called a loophole. In this case *if someone has my details on their phone* and they *allow access to contacts* it is actually they (the "someone") who is technically at fault in that scenario. That person allowing access to their contacts gives permission for Whatsapp to have the data.

    5. bikas

      Re: Does this apply here?

      Got a full page consent popup with option to say "not now". I don't know how long it'll last though

      1. Dan 55 Silver badge

        Re: Does this apply here?

        A little under a month.

      2. KBeee
        WTF?

        Re: Does this apply here?

        That full page consent pop up basically says "Opt in, or fuck off by 8th Feb."

        Wasn't making "Opt In or Else" specifically banned under GDPR?

        1. gratou

          Re: Does this apply here?

          Opt in or else is allowed. You needn't accept. It's opt in by default (ie opt out) that's disallowed.

          1. Anonymous Coward
            Anonymous Coward

            Re: Does this apply here?

            Wrong. Blackmailing people to accept or bugger off is not allowed.

            Consent has to be freely given.

            See recital 43 https://gdpr-text.com/read/recital-43/

    6. Anonymous Coward
      Anonymous Coward

      Re: Does this apply here?

      another useful service rendered unusable

      Be glad. Especially business users had NO idea they were in immediate breach of GDPR as soon as they installed this app, because the first thing it does is send a copy of the user's entire address book to Facebook (you may have noticed that, depending on platform it either doesn't work if you don't give it access, or it even refuses to install completely).

      Translated: you just furnished Facebook with all contact details of the people you have been in contact with, without those people's explicit permission, effectively giving Facebook the Shaggy defence ("it wasn't me") because it'll probably be buried a few MBs down their Terms that you declare you have the permission to do so.

      Telegram Signal et al do not do this: they only send a hash of each entry to find people in your address book you know, but doing that would deprive Zuck of all that juicy data, and most people don't realise this anyway.

      Until one of them gets taken to court.

      Use Telegram, use Signal, use anything but WhatsApp.

      1. Mark 124

        Re: Does this apply here?

        Signal *used* to send just a hash of your phone number (plus those of your contacts), which I liked the idea of. However they realised the number of possible phone numbers is too small for hashing to provide much if any defence these days, so now they do in fact upload phone numbers.

        I still use Signal though, because it's a non-profit and because I take Ed Snowden's word that it's the most private/secure. I uninstalled WhatsApp the day Facebook bought them - or at least as soon as the suspiciously-timed 24hr outage after it was announced was over.

    7. very angry man

      Re: Does this apply here?

      whats app did it to me this morning, the it's like covid.

  2. mmccul
    Mushroom

    Account deleted

    Well, that gave me the last bit of incentive I needed to delete my whatsapp account.

    1. JimboSmith Silver badge

      Re: Account deleted

      I really really wish I could......sadly my work uses it, my family uses it etc. Most annoying.

      It's on a different phone to the one I use for calls and facebook is disabled on it.

      1. Korev Silver badge
        Big Brother

        Re: Account deleted

        The same here, I have Threema and Signal but WhatsApp has over an order of magnitude of my friends and family on there and it's what they use... :(

        1. Charlie Clark Silver badge

          Re: Account deleted

          Fortunately, in my closest family I'm not the only WhatsApp refusnik, so most of the family just got on and installed Signal to be able to keep us informed. Those that didn't, either don't have anything to say or don't really want to keep in touch.

          Companies that are using WhatsApp, or really any service that they cannot audit, for internal communications are really asking for trouble. I don't know if WhatsApp has finally switched to using e2ee in groups, but they're still leaking metadata like phone numbers.

          1. SImon Hobson Bronze badge

            Re: Account deleted

            Search around here ...

            WA implemented e2e encryption so the data is safe in transit. But at the same time, they changed things so that FaceBook app and WhatsApp share the same sandbox on your phone. So the FB app has access to all the WA data - and so is free to send it to FB behind your back.

            So yes, WA can honestly claim e2e encryption - but that doesn't mean what they intend you to think it means.

          2. Jean Le PHARMACIEN

            Re: Account deleted

            I have been pilloried by my wife and all my friends for refusing WA - my reasoning "its owned by the Zuck and I'm not touching it"

            "But you are cutting yourself off from the group"

            Seems I am right, again. When FB came out, I looked and decided it was a perfect bullying tool for teenagers and gave lots of personal info to some unaccountable private company.

            Still not on FB.

            Steer VERY clear of anything to do with FB, (and the Murdoch's for that matter)

        2. HelpfulJohn

          Re: Account deleted

          The simplest solution to all FarceBoke corporatism issues is the one I use: don't have any friends or family.

          No friends, no family no need for any "social medium".

          Uhn, does *this* count?

          1. SImon Hobson Bronze badge
            Joke

            Re: Account deleted

            A bit extreme. For most of us, it would need quite a bit of work digging large holes ...

            Yes, that's a joke - I really love my family.

      2. Anonymous Coward
        Anonymous Coward

        Re: Account deleted

        Can we delete our facebook account. Thn also thy can read our data.

        Or we can uninstall whatsapp n install again

  3. Wilhelm Schickhardt

    Next: Fingerprints

    They already have the phone number and it only runs with a SIM card. You can only get SIM Cards by presenting an ID card here.

    I assume next they will require Fingerprints.

    Terrorizm&Childporn will be the "cause".

    After all, how can we control the 99% of law abiding citizens ?

    1. Alumoi Silver badge

      Re: Next: Fingerprints

      Next? You mean you don't have a fingerprint sensor on your phone?

      1. Anonymous Coward
        Anonymous Coward

        Re: Next: Fingerprints

        That's not what he said.

      2. HelpfulJohn

        Re: Next: Fingerprints

        "You mean you don't have a fingerprint sensor on your phone?"

        My phone makes voice calls {anyone else remember those?] and can just about manage texts if I really, really push its limits. It cost £30 a couple of years ago, works fine for the few calls I make and doesn't get software "updates" that break functionality.

        I like it. It's peaceful.

  4. tip pc Silver badge

    Successful because it had principles and wasn't facebook

    Whats App owes its continued popularity to the fact its not facebook or messenger despite being owned by facebook.

    This will end up like Skype did, hardly anyone will use it and we will all go back to texting or something.

    1. Wilhelm Schickhardt

      FOSS

      XMPP Server

      Xabber client

      No police identification needed.

      1. Anonymous Coward
        Anonymous Coward

        Re: FOSS

        If Xabber did voice calls and group calls I might be interested. Sadly it doesn't.

        1. Charlie Clark Silver badge

          Re: FOSS

          There are an increasing number of alternatives: Signal now does small group video calls and Telegram now supports audio calls for very large groups. But there's also Wire and Threema. Unless you're really keen on reducing metadata the technology isn't that difficult. But scaling things up, especially for video, can take a lot of resources. And who wants to have the responsibiity for managing the servers?

      2. Captain Hogwash

        Re: FOSS

        A better option would be to run your own XMPP Server.

        Xabber client connects to their servers on every start regardless of where your account is so Conversations client (or various forks) is a better option on Android. It also does voice & video calling. Finding suitable clients for other operating systems is left as an exercise for the reader.

      3. AJ MacLeod

        Re: FOSS

        Better, use Matrix - you can run your own entirely standalone server if you want and choose from a range of clients. Encryption, voice and video chats supported too.

        1. Captain Hogwash

          Re: FOSS

          I run both Matrix & XMPP servers. Matrix is a massive resource hog and most users are concentrated on the matrix.org server which makes comms run like a dog with three legs. I recommend XMPP.

      4. Anonymous Coward
        Anonymous Coward

        Re: FOSS

        Eminently do-able.

        Your own server - Prosody is really easy to install and admin, but if you prefer a more difficult route, ejabberd. Add the carbons plugin to sync conversations on multiple devices. A Pi Zero will run prosody quite easily.

        On mobile clients, Conversation for phones, which includes Omemo end-to-end encryption, including one-to-many e2e encryption.

        On desktops, laptops, the cross-platform pidgin with the lurch Omemo plugin.

        Both clients support voice calls.

  5. Anonymous Coward
    Mushroom

    The final straw

    Thanks, my WhatsApp is now trashed. Or to put it another way, it's reunited with Facebook and Instagram - in ex-account hell.

  6. Henry Wertz 1 Gold badge

    Yep

    Well, given that Facebook bought them in 2014, and by 2016 had already been fined by UK and Germany (possibly among others) for slurping people's data*, not surprised at all. They really are just clarifying what they were already doing without properly disclosing it.

    *Per the articles from 2016, they had a very well hidden, time-limited, one-time-use-only, opt-out, fined because of how hard it was to find and because in countries that care about privacy, slurping data from people that signed up for a service that didn't do it to begin with requires an opt-in not an opt-out.

    1. hoola Silver badge

      Re: Yep

      They have probably already combined the data, I just do not believe that Facebook can have sat on the WhatsApp treasure trove and not inhaled it.

      This is just some T&Cs to make it official. At the end of the day how do you actually prove they have or have not done something?

      Unless you have an identity that is not used for anything else it will be pretty difficult to unpick what is providing the targeted data,

  7. ckm5

    Good thing I deleted WhatsApp years ago....

    Still have people asking to use it .... I'm sure the founders are rolling over on their piles of money....

    1. JimboSmith Silver badge

      Re: Good thing I deleted WhatsApp years ago....

      If somebody offered me $22m for my company let alone $22bn, I'd find it hard to say no. Actually the founders seem to be nice and despite everything have morals. One of them giving up $850m to quit facebook. #deletefacebook

      https://www.forbes.com/sites/parmyolson/2018/09/26/exclusive-whatsapp-cofounder-brian-acton-gives-the-inside-story-on-deletefacebook-and-why-he-left-850-million-behind/?sh=405e3cc33f20

      https://www.theguardian.com/technology/2018/apr/30/jan-koum-whatsapp-co-founder-quits-facebook

      1. Pascal Monett Silver badge
        Flame

        Re: Actually the founders seem to be nice and despite everything have morals

        Morals ?

        I'm sorry, they sold their company to FaceBook. The company that is widely known for pilfering personal data under every possible circumstance, then come meekly promising change when caught out, only to change into something worse.

        If they'd had morals, they would have sold to someone else.

        But hey, $2bn, I get it. That buys you a lot of morals, apparently.

        1. Anonymous Coward
          Anonymous Coward

          Re: But hey, $2bn, I get it. That buys you a lot of morals, apparently.

          it's easy to mock, when your (or my) chance to consider such money is not even theoretical. In a way I'm happy not to ever having to consider such an offer.

          Also, their choice was probably: accept 2bn from facebook, or sell out fo 1.6 bn to ethical microsoft, 1.1bn to ethical amazon or 1.3bn for ethical google.

          1. Wilhelm Schickhardt

            Re: But hey, $2bn, I get it. That buys you a lot of morals, apparently.

            Too much money leads most people down the cocaine path. So, maybe it is a blessing you did not get that much money.

          2. Rol

            Re: But hey, $2bn, I get it. That buys you a lot of morals, apparently.

            "Also, their choice was probably: accept 2bn from facebook, or sell out fo 1.6 bn to ethical microsoft, 1.1bn to ethical amazon or 1.3bn for ethical google."

            And chances are, the buyer would pass it on at great profit to Facebook within months.

            What they should have done, is use that money to start up another whatsapp type app, or invest in someone else's app, that would challenge FB's dominance.

            Why is it, that in order to meet God you have to die, but to meet the devil you just need to pick up your phone?

            1. Terry 6 Silver badge

              Re: But hey, $2bn, I get it. That buys you a lot of morals, apparently.

              use that money to start up another whatsapp type app,

              Even if they had the will to, you can bet your last penny that there will be a legally binding contract that makes bloody sure they do nothing of the sort.

          3. SImon Hobson Bronze badge

            Re: But hey, $2bn, I get it. That buys you a lot of morals, apparently.

            Also, their choice was probably

            You missed off the other option ... sell to us or watch as we kill you off. That's the other tactic used by these big players - if you make a successful product/service then hope that one of the big players does offer to buy your out vs just grinding you down through various illegal moves.

        2. JimboSmith Silver badge

          Re: Actually the founders seem to be nice and despite everything have morals

          It was $22bn not $2bn.

  8. OffBeatMammal

    Telegram

    Time to switch to something less crap.

    For the paranoid there is Signal, and for the cautious but still like convenience there is Telegram

    WickerMe is also nice, but very focused on, um, weed related uses ;)

    1. Aoyagi Aichou

      Re: Telegram

      I think it should be noted that Telegram has recently been slapped with some outrage because of their "find nearby" opt-in feature allows pinpointing users (with some degree of effort). Nothing major really, but it seems a bit sloppy from them.

      1. Charlie Clark Silver badge

        Re: Telegram

        Considering it's opt-in, both in the app and via permissions, it's hardly sloppy. Questionable, maybe but seeing as how many people seem to have activated it, they must think there's value. More importantly, however, you cannot get people's phone numbers from a Telegram group.

    2. Andy Non Silver badge

      Re: Telegram

      I've now switched to Signal and deleted WhatsApp. Seems to work fine for video calls.

    3. Anonymous Coward
      Anonymous Coward

      Re: Telegram

      WickerMe is also nice, but very focused on, um, weed related uses ;)

      There's social media for gardners now? Wow, they think of everything...

    4. Anonymous Coward
      Anonymous Coward

      Re: Telegram

      Telegram's home brewed crypto system doesn't seem to get an awful lot of respect from people who know about these things (from various messenging system reviews by knowledgeable researchers and organisers on the interwebs). Crypto is hard, and hard to get right, and if you really do need crypto, the consequences of it having been done wrongly can be very serious.

      Signal genuinely seems to be the most respected of them all, followed by Threema (although users get given a random user id, which, while appealing to the l33t (or radio hams, perhaps), isn't particularly user-friendly). Element/Matrix and Delta Chat are also worth keeping an eye on.

    5. Adair Silver badge

      Re: Telegram

      For text and pics have a look at DeltaChat. It is simply an encrypted layer piggybacking on top of the email system - so is not dependent on any 'central server' model, and basically just works, including for non-Deltachat SMS/MMS users (but then you lose the encryption).

      For video, as has already been mentioned, Signal is fine.

    6. stuartnz

      Re: Telegram

      "For the paranoid there is Signal, and for the cautious but still like convenience there is Telegram"

      A fair summary, I think. I installed Signal before Telegram, but the almost no-existent uptake among people I need to communicate with made Telegram a more viable option. It may not be as good as Signal, but it's definitely a better choice than anything owned by FB.

  9. Ashto5

    Not Fair

    Once a product becomes this ubiquitous it should fall under the control of the country’s regulatory system like BT

    There should no take it or leave it option as leave it is no longer an option

    I only used WhatsApp because colleagues are using it and the data was secure and not sent to FB

    What option do I now have

    I will point it out to the data security team at the company I work for and maybe they will ban it from work devices

    It is a pity as this was very useful

    1. iron Silver badge

      Re: Not Fair

      > leave it is no longer an option

      Bull. I have never used WhatsApp and I have never needed to do so. Perfectly avoidable.

      1. DavCrav

        Re: Not Fair

        "Bull. I have never used WhatsApp and I have never needed to do so. Perfectly avoidable."

        I know someone who lives on a boat. Does that make buildings perfectly avoidable?

        1. Anonymous Coward
          Anonymous Coward

          Re: Not Fair

          while I share the sentiment of "perfectly avoidable", I do represent an extremely narrow niche within a niche within a niche. As for my wife... well, she doesd use whatsapp, not for business though, for convenience, staying in touch with relatives. But then, if they decided to chose it as comms platform for business in pandemic, what choice does she have, quit her job? :(

          1. SImon Hobson Bronze badge

            Re: Not Fair

            But then, if they decided to chose it as comms platform for business

            She could point out to the bosses that it's infliction on her is illegal - yes illegal and they are setting themselves up for some very expensive trouble.

            Unless that is, they furnish her with a "dirty" device that can be used for absolutely nothing else but WA, and they do the same for everyone else, and they absolutely 110% ban all users from using WA on anything but these dirty devices, and rigidly enforce that ban. In other words, they run a parallel infrastructure of mobile devices just for WA that's "clean" of any PI information at all.

    2. Charlie Clark Silver badge

      Re: Not Fair

      Once a product becomes this ubiquitous it should fall under the control of the country’s regulatory system like BT

      Why? How are you going to determine when something is "ubiquitous"? If anything should be regulated then it should probably be interoperability. But people also have a responsibility regarding their own data.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not Fair

        No need. Just make GDPR, or similar law, apply wherever a company based anywhere in the world serves customers in this country.

        Oh wait, we already have? Then we just need a regulator with the balls to enforce it.

  10. TWB

    I now want to leave

    It will be a bit difficult as I use it a quite a bit - family, friends and school, fortunately not for work, except informally so not a requirement.

    I've never had a facebook account, so no loss there.

    But I do wonder, do they have all the data they want from me and everyone else already? Is this how they can put a name next to a phone number (who is not in your contacts) with a ~ ? - Will I really be making much difference other than sticking 2 fingers up?

    Opinions welcome....

    1. Captain Hogwash

      Re: I now want to leave

      If you use WhatsApp, but not Facebook, then Facebook probably knows almost as much about you as if you used both or only Facebook. This is through the combination of all of the unique IDs associated with the account (phone number, device IDs, SIM ID,) the accounts of people you interact with, cross references of those accounts with Facebook accounts accessed from the same devices, uploaded contacts lists to WhatsApp & Facebook accounts of people you interact with, and those crappy little Facebook & WhatApp 'contact us' things you see on websites you visit.

      If you want to partially blind Facebook, don't use any of its services and block those website trackers. Even then, unless everyone you know is equally diligent, they will still know of your existence and part of your real world social graph.

    2. SImon Hobson Bronze badge

      Re: I now want to leave

      Correction, you just don't know that you have a FaecesBorg account. They WILL have a detailed profile of you, with far more information in it than you'd like. Look at the history of the Max Schrems case for details.

  11. Lee D Silver badge

    They can try, but I will just file a GDPR complaint. My personal data is opt-in in the UK provision of services no matter where THEY operate, and will remain so until/unless GDPR is repealed.

    But, like the Oculus Rift stuff, all this tells me is that everything bought up by Facebook has to give data to them for no good reason, even if it's entirely unrelated to their Facebook services.

    One of the reasons I literally struck the Oculus off my list when it was announced, which now makes VR a one-horse race as far as I'm concerned.

    Seems a stupid way to destroy a business, to be honest, but no worse than say Oracle, which as far as I'm concerned taints whatever company it takes over permanently to the point I don't want to use it.

  12. Chris 15
    FAIL

    Disappointing, but not surprising

    The old adage of IF you're not paying for it you're the product, not the customer.

    Bit of a pain as my work uses it and so does my family. Sigh.

    1. Anonymous Coward
      Anonymous Coward

      Re: Disappointing, but not surprising

      I've just told my family that I've switched to Signal. If they want to video call me from now on, its up to them to use Signal. Pity that won't work with work though.

      1. SImon Hobson Bronze badge

        Re: Disappointing, but not surprising

        And have you made an official complaint to work about this enforced abuse of your PI ? No, then do it, and make sure you have a record of having made the complaint. After that, if they do nothing then they have no defence whatsoever if/when they find themselves in trouble.

        It is ILLEGAL for an employer to insist you use a privacy invading thing like WA.

    2. Wilhelm Schickhardt

      Wrong

      There are plenty of *truly* GDPR compliant FOSS systems out there. Like LibreOffice - they dont want to force your data on American servers like MSFT, Google and AAPL do.

    3. Lee D Silver badge

      Re: Disappointing, but not surprising

      Ironically... I paid for a lifetime subscription to the thing.

      So as far as I'm concerned, I want my money back.

  13. Robigus

    Being a refusnik is not difficult.

    I don't have WhatsApp. I do have Signal.

    Most of my family now have Signal. Those that don't can text me. Or ring.

    Signal works fine on an e foundation phone. Firefox/Signal/Mail Client. That's all I need.

    From the conversations I've had about privacy with friends - the general impression I get is that we like to talk about privacy and it's importance, but we are, in fact, prepared to do nothing about it. They'll keep their Facebook stuff (we can all find a reason why we "need" to). This won't change anything, but they're OK with that.

    1. Grunchy Silver badge

      Re: Being a refusnik is not difficult.

      I remember when the big deal was BBM standing for, “black berry messenger.”

      1. This post has been deleted by its author

  14. ratfox

    That's a bold strategy

    Interesting move when you are being under scrutiny by the US government.

    1. hoola Silver badge

      Re: That's a bold strategy

      Most simply don't care. Convenience is of greater importance than T&Cs or data disclosure. For the few of us that do care we are in a very, very tiny minority and mostly have no choice but to continue to use these services.

      I have never used Facebook or Instagram but have to use WhatsApp because of the people I know that will not consider anything else. The fact they all use Facebook as well makes it a complete irrelevance. This is Social Media and nobody gives a stuff. If you talk about data harvesting, tracking etc people look at you as if you are an alien being. What it does mean is that Facebook already have a nice fat package of data metrics on me that I can do nothing about.

      To all intents we are all impotent because these wretched companies are so devious they will do anything to grab data and once they have it, how to you get it removed? Everything about trying to control them is reactive and by its very nature, that means they will have already grabbed the data. At that point other than fines which need to be multiple times the value of the data that have been illicitly harvested there is little else to be done. The only way I would trust Facebook to delete anything is if every piece of IT they have was put in a hole with a nuclear test. Even then some tosser will still have a bits somewhere. If you dropped Zuck into the hole as well that would be a service to mankind.

      1. Wilhelm Schickhardt

        TinyProxy

        1.) get an RPI

        2.) block all devices except the RPI at your DSL router

        3.) install tinyproxy on the RPI

        4.) blacklist all the tracker domains at tinyproxy (requires log reading in order to build a good list)

        5.) configure all your devices to use SOCKS via tinyproxy

        6.) Try to use non-google and non-FB services as much as possible. There are great search engines such as qwant (out of Paris) around.

        1. Wilhelm Schickhardt

          Re: TinyProxy

          When your RPI is running, you can use it also to store+share files (ssh-scp does this very securely), serve web pages, run an XMPP chat server and many more things.

          The internet was meant to be a large set of servers and NOT another mainframe under the control of a few greedy corporations with political agendas.

          Google docs will simply delete your files if their political correctness/porn checker deems them offensive. No illegal content required whatsoever. Ergo: run your own server and help your friends to do so, too.

          1. Grunchy Silver badge

            Re: TinyProxy

            “Google docs,” ha ha, that’s hilarious.

            I still use VI for all my text editing needs!

            (We are the true “sixers” not those fake boys.)

            1. Wilhelm Schickhardt

              Re: TinyProxy

              vim will run very nicely on the RPI, even over narrowband wireless links.

      2. Terry 6 Silver badge

        Re: That's a bold strategy

        I do use my idle moments ( I have far too many of these nowadays) to muddy the data waters. I Google search for random items, for example.

        I know it doesn't really change matters in the great scheme of things, but it pleases me.

  15. Anonymous Coward
    Anonymous Coward

    Yes, said information includes your personal information.

    I thought they got a gentle kick in the balls in Europe for that, a few years back, no? Around... I dunno, 2017? If so, why the fact are they allowed to try it again? I appeal for the EU to apply a very, very, very, very, very large fine. Preferably by the end of this century.

    1. jdiebdhidbsusbvwbsidnsoskebid Silver badge

      Re: Yes, said information includes your personal information.

      My guess is that they've spent the last few years working out the legal tactics to make it stick this time. Or at least, make it sufficiently murky so that any legal challenge can be counter-challenged for long enough for them to not care.

  16. Terry 6 Silver badge

    Problem is.....

    Since SMS messaging requires lots of money to send anything beyond basic texts, Whattsapp is the only commonly used alternative if you want to send or receive a simple message with a picture. (Or email I guess - but that's a bit of a palava when you're just using a phone to send a text.).

    Common uses are things like checking shopping items ("Is this the right coffee?" [Picture]) Or meeting places ("I'll meet you by the tall oak tree [picture]"). Or sharing an image of a message [screenshot].

    To do any of that with SMS requires substantial cost over and above the phone contract allocation.

    And if there are alternatives to Whatsapp no one else is using them, so they might as well not exist. Ubiquity is important.

    1. Anonymous Coward
      Anonymous Coward

      Re: Problem is.....

      You can send images with Signal. There is currently a cascade effect happening with my friends and family as many are now switching from WhatsApp to Signal. Ubiquity may not be that important.

      1. jdiebdhidbsusbvwbsidnsoskebid Silver badge

        Re: Problem is.....

        What if one day, signal becomes so popular that it gets bought up by, say, Facebook. Where do we go then?

        1. Mihai

          Re: Problem is.....

          At least we gain some time to train the carrier pigeons.

        2. Anonymous Coward
          Anonymous Coward

          Re: Problem is.....

          Signal cannot be bought by facebook.

          It is a charity public foundation that can, legally, not be bought or sold off. That's the amazing thing about Signal messenger!

      2. Terry 6 Silver badge

        Re: Problem is.....

        Ubiquity is pretty much a deal breaker. Two reasons; the great majority of ordinary users only use what everyone else they know is using ( so many buy IPhones because so many buy IPhones and so on) and a messaging programme needs to be able to communicate with the other person, so a niche system is of limited or no value in general use.

      3. This post has been deleted by its author

    2. Wilhelm Schickhardt

      Alternatives

      https://www.qwant.com/?q=list%20of%20open%20source%20messaging%20apps&t=web

      https://www.gnu.org/software/messenger/

      https://jami.net/ (very much feature complete, but no police ID required, unlike many others)

    3. Anonymous Coward
      Anonymous Coward

      Re: Problem is.....

      "Since SMS messaging requires lots of money to send anything beyond basic texts, "

      Really? Unlimited sms/mms here. Otherwise it's LINE for family. And friends in-the-know.

      1. Terry 6 Silver badge

        Re: Problem is.....

        Interesting. As far as I'm aware all UK ISPs charge extra for rich SMS messages. There have even been issues with emojis getting converted to images by the software and so incurring charges.

  17. DubyaG

    Easy-Peasy

    Uninstalled it as soon as I saw the headline.

  18. Anonymous Coward
    Anonymous Coward

    Adverts..

    Ads are paid for on a click count basis. I would encourage everyone to click a few ads in any spare moment to crank up the cost of this worthless crap so companies give up on it.

  19. Roger Kynaston

    example of what removal entails

    There is a very good support group on the street I live on. They have two Whatsapp groups. I tried to start a discussion with this very article. One person who works in human rights work said they use Signal for confidential stuff. The rest, just a deafening silence.

    Ergo, I will probably be a sucker and continue to help enrich the Zuck. I did delete my FaceFail a few years ago.

  20. Grunchy Silver badge

    I made an app but put conditions on how you can use it

    If you don’t like the conditions don’t use the app.

    I tried to sign up to Facebook with my genuine name, “Akmar Oblong,” and they said I’m a fake and I’m not allowed!

    So I demanded a refund and they ignored me!

    Now I’m an internet bellower!

    Thanks a LOT, Elon Musk, or whatever your ‘real’ name is.

    1. Wilhelm Schickhardt

      Re: I made an app but put conditions on how you can use it

      Try Jami, they dont want your Polis ID.

  21. Anonymous Coward
    Big Brother

    Contacts

    If I have in the past (and until just now in fact) allowed WhatsApp access to my contacts (on iOS), but have now denied it such access, does it still have a stash of them that it can share with facebook? Especially if I deny it access *before* accepting the new terms & conditions?

    My guess is that it shouldn't, but it will.

    (It's also at best marginally useful without allowing contacts access, unless you like memorising lots of phone numbers, of course, which I'm sure is intentional.)

    And I guess there's the other question: if I deny it access to everything, what can they still glean about me (as a non-Facebook user, but I do use it to talk to people who obviously are)? Obviously too much, but perhaps that's an acceptable amount of damage, given that I definitely will fail to persuade other people to use Signal or Threema or what have you.

    1. SImon Hobson Bronze badge

      Re: Contacts

      You broke the law in allowing that access.

      And FB will have harvested that and merged in into their data warehouse a long time ago.

      When WA went e2e encryption, FB quietly changed things behind the scenes so that FB and WA shared the same sandbox on your device - giving FB access to all the WA data unencrypted on your device. Basically, as they could no longer slurp it in transit, they made it so they could slurp it from either end.

      1. Anonymous Coward
        Big Brother

        Re: Contacts

        When WA went e2e encryption, FB quietly changed things behind the scenes so that FB and WA shared the same sandbox on your device

        I don't think I broke the lawsince it was very clear at the time that the contacts did not leave the device. But where did I say I had a Facebook account, still less the app? Because, obviously, I don't have either. The question is what it sounded like: if I have WhatsApp (only), can it, if I deny it access to my contacts today (before accepting the new T&Cs) still send them to facebook whenever the change takes effect, or can't it? And my guess remains: legally it can't but it probably will find a way around that.

        1. SImon Hobson Bronze badge

          Re: Contacts

          You said that you'd allowed WhatsApp access to your contacts.

          WhatsApp is owned by FaecesBorg and had steadily changed it's T&Cs to the detriment of anyone but FaecesBorg. It's proven that you cannot trust any statement by FB regarding privacy - after all, it's most senior person has no problem lying to the US government about what it does !

          So by allowing WA access to your contacts, you have broken the law - simply because you cannot have any confidence in that information remaining confidential. That's the case even if not a single piece of information did end up with FB - which I would doubt anyway.

          Unless, for every single contact, you got their informed consent to allow their details to be given to WA.

          EDIT: Oh yes, whether or not you think you have a FB account is largely irrelevant. Max Shrems demonstrated that you have an account with them whether you like it or not - that was in a large part the substance of his original complaint, that they were building shadow profiles of people without the consent of the data subjects.

          1. Anonymous Coward
            Anonymous Coward

            Re: Contacts

            OK, well, I was after information rather than deranged ranting. But ... thanks, I think.

            1. SImon Hobson Bronze badge
              Thumb Down

              Re: Contacts

              Oh sorry if you think facts are deranged ranting.

              1. Anonymous Coward
                Alien

                Re: Contacts

                OK, so if they're facts would you like to provide good evidence that WhatsApp were previously uploading and storing contact information?

        2. Anonymous Coward
          Anonymous Coward

          Re: Contacts

          "it was very clear at the time that the contacts did not leave the device"

          You actually believe that? Oh dear sweet child...

          1. Anonymous Coward
            Alien

            Re: Contacts

            So, if they were uploading and storing contact information previously, just why are they asking people to agree with new terms and conditions which allow this? I mean: I realise that idiot conspiracy theories are a bit fashionable right now, but ... seriously.

      2. Mihai

        Re: Contacts

        “ When WA went e2e encryption, FB quietly changed things behind the scenes so that FB and WA shared the same sandbox on your device”. Does IOS allows this?

        1. Anonymous Coward
          Big Brother

          Re: Contacts

          I don't think so: if it does someone should be vigorously complaining to Apple. In fact, if it does this on Android someone should be vigorously complaining to Google. My assumption is that it can't in fact do this at all outside the paranoid fantasy world of the person who claimed it can, although I might be wrong.

    2. Mihai

      Re: Contacts

      Will all the people which have your number in the contacts also deny access?

      1. Anonymous Coward
        Alien

        Re: Contacts

        Will all the people which have your number in the contacts also deny access?

        Almost certainly they will not. But there's essentially nothing I can do about that, in just the way there is essentially nothing I can do about Facebook building a shadow profile for me, or about Facebook existing at all.

        I can, in fact, only control things I have control over, which is why I asked about those things, not some other things.

  22. Bitsminer Silver badge

    disclose my contact list? Without the contact's permission?

    My contact list is names plus phone numbers. And a few addresses.

    Am I at risk of lawsuit by those people for disclosing their Personal Protected Information to Facebook? Without getting their permission in advance?

    1. Anonymous Coward
      Big Brother

      Re: disclose my contact list? Without the contact's permission?

      I think that's interesting. I'm imagining a scenario like this: some years ago person a got added to person b's contact list, via whatever mechanism but assume it was mediated by WhatsApp. Person a was fine with this, because they were happy for person b to have their contact information as they knew WhatsApp would not disclose it. Now, person b accepts the new terms and conditions and ... oops, now Facebook have the contact list. Person a might legitimately be unhappy about this as they did not give permission for that. Whether person a should then go after person b or Facebook I don't know (but: go after Facebook: they have more money to pay in a fine).

      1. jdiebdhidbsusbvwbsidnsoskebid Silver badge

        Re: disclose my contact list? Without the contact's permission?

        It's person b's fault as they did the sharing without permission. The argument about informed consent could go on for a while though.

        1. Bitsminer Silver badge

          Re: disclose my contact list? Without the contact's permission?

          The new terms include these two sentences:

          You provide us the phone numbers in your mobile address book on a regular basis, including those of both the users of our Services and your other contacts. You confirm you are authorized to provide us such numbers.

          This contradicts the quotes in the Update to the article. So, FB, which is it?

          1. Anonymous Coward
            Anonymous Coward

            Re: disclose my contact list? Without the contact's permission?

            What if we all add a contact “Drug dealer” with the number of the Facebook client service ?

        2. Mihai

          Re: disclose my contact list? Without the contact's permission?

          Can person b request WhatsApp to delete any information given by third parties and related to person b?

  23. DS999 Silver badge

    Does this really matter?

    If you use a different email address / phone number for Facebook and WhatsApp they are separate accounts as far as Facebook is concerned.

    Though obviously, deleting one or the other, or both, remains the best option. I've never used WhatsApp, never will. Only use Facebook because so many friends that I wouldn't otherwise keep in touch with do, but at least I joined long before they started requiring a phone number or other identity info, so all my targeted ads are targeted at a man born on Jan 1 1904 :)

    1. SImon Hobson Bronze badge

      Re: Does this really matter?

      But behind the scenes, be sure that FaecesBorg has all the information linked.

  24. Emir Al Weeq

    Signal isn't an easy option

    I am in the UK and received the new Tc & Cs to accept from WhatsApp today (07/01).

    I have children whose age means that their social lives are totally organised by their parents. This is done almost exclusively through WhatsApp and is the reason that I reluctantly started using the app. Classmates’ parents have a group, the school’s Parent-Teacher Association members, of which I am one, use it as a primary means of communicating with each other, my children’s dance classes use nothing but. I am in two more groups related to my children too.

    In short, I cannot leave without massively compromising so many activities unless I can convince all other group members (some of whom I hardly know) to switch to Signal or similar and, having seen what some people share, privacy is of no concern to them.

    The cynic in me finds it interesting that Facebook/WhatsApp have chosen to do this at a time when so many people are more dependent on on-line communications than ever before.

    I’ve already accepted the Ts & Cs so I’ll bet the backtracking as per the 1900UTC update won’t apply to me.

    1. SImon Hobson Bronze badge

      Re: Signal isn't an easy option

      Point out that nearly all of these groups are almost certainly acting ILLEGALLY by using WA. It is ILLEGAL to require consenting to something not necessary in order to use a service - so if the dance class effectively doesn't allow you to use the service effectively without using WA then they are breaking the law. The PTA may or may not be acting legally - but if any one of them, even just once, passes any personal information then the law has been broken.

      Perhaps rather than just saying "you're breaking the law", act for their privacy policy. If they don't have one - fail. If they have one, but it doesn't mention the issues with WA - fail.

      1. Emir Al Weeq

        Re: Signal isn't an easy option

        Hi Simon,

        You may have a point for some groups (eg Dance class) but in most cases being part of the WhatsApp group is not a requirement. I do not need to be part of the parents’ group to be a parent at the school. Not being on WhatsApp just means that my children are likely to miss out on informal activities arranged through it. I could rely on someone to phone or email “that awkward sod who was worried about some geeky technicality in the app that we were all using to help get us through the difficulties of home schooling whilst trying to keep a job, work from home, deal with bereavements* etc, etc”. But, in reality I'll just end up alienating myself and, by proxy, my children. Social groups are not corporations and do not have privacy policies.

        *Not hypothetical, these are all real examples.

        The PTA does not make it a requirement but for some discussions outside of formal meetings WhatsApp does get used. I could stick to email but again would need to rely on someone to keep The Awkward Sod in the loop. For formal meetings they currently use Zoom, no sign-up needed.

        With a lot of effort and bad blood I may be able win people over, but I think you've helped make the point I was getting at in the title of my post: Signal is not a easy option.

        1. SImon Hobson Bronze badge

          Re: Signal isn't an easy option

          Not being on WhatsApp just means that my children are likely to miss out on informal activities arranged through it.

          So in practice you are being required to use WA in order for your children to take part. That's illegal.

          The PTA does not make it a requirement but for some discussions outside of formal meetings WhatsApp does get used.

          Ditto. That's illegal. Actually, depending on what is being discussed on WA, the actual use may well be illegal regardless of the "use it or miss out" issue.

          1. Emir Al Weeq

            Re: Signal isn't an easy option

            So you are saying if, lockdown aside, I send out a WhatsApp saying "I am taking my children to the park at noon, anyone want to meet us there?" I am breaking the law? Sorry but I find that very hard to believe.

  25. Da Weezil

    Early adopter back when networks often charged for ordinary texts. Dumped it a while ago over a previous change in T&C. Moved to Telegram, seems to work ok, and voice calls actually work on there with some friends for whom what’s app calls would connect without audio.

    I’m curious to know if they are schlurping the whole address book of a phone that it’s installed on... because I haven’t provided my number to friends for wa/fb to process, so if my number isn’t in a contact list but is taken from the phones general contact list surely that would breach gdpa and they are using pii for a purpose other than that which it was provided for?

    It’s past the time for these marketing parasites to be slapped down hard and reminded it’s OUR data not theirs by right, I’m so sick of hearing the whining about the poor advertising”industry“. You can do general ads, but my interests and contacts are MY business and it’s long overdue for the regulators to police this bunch far more closely and strictly.

  26. Mihai

    I sniff a rodent.

    Quote from the article “ If users engage with businesses via the app, details such as shipping addresses and the amount of money spent on orders may be passed to Facebook, too.”

    Either I don’t understand the meaning of end to end encryption or the author doesn’t (or WhatsApp redefines it).

    How can whatsapp know which address I sent to a merchant if the message was end to end encrypted?

    Can someone explain which data WhatsApp will share and how they’ll get that data?

    And btw try to understand that lawyerish “Facebook won’t receive WhatsApp data” may just translate to “we send the advertising data to WhatsApp and they’ll do the targeting since we’re the same company after all. But the server targeting the ads will be in a room across the corridor marked WhatsApp, so we will never, never get WhatsApp data to match it with Facebook data on our servers.”

    1. Dan 55 Silver badge

      Re: I sniff a rodent.

      If you complete a transaction with WA Business it uses FB's shopping platform so it's not going to be E2E encrypred.

      WA will soon also allow multi-device usage, history sharing, and the web interface to work with the mobile off, so I'm guessing E2E will soon dead and buried or have so many exceptions so as to be useless.

  27. Dedobot

    My humble opinion is whatever encryption you use it is already compromised when using third party , cloud based, virtual keylog....ops ,keyboards.

  28. Anonymous Coward
    Anonymous Coward

    Is this legal?

    GDPR states that you are able to opt-out or opt-in as you see fit. Facebook are providing NO method to opt-out of data sharing between whatsapp and facebook, even if you opted in before but wish to opt out now.

    From my reading of the GDPRegulations this is illegal. Isn't it about time The Register and other persons and companies stood up to this through the correct legal avenues? Expecting 'normal' people to understand the implications of these changes is a bit of a hurdle. The new T&Cs suggest that your content uploaded, such as pictures, videos, messages, are able to be sent for use by facebook and are licensed to facebook. The message itself may be encrypt 'end to end' but the core content can be extracted by the whatsapp app on the phone and sent to facebook servers.

    Facebook, whatsapp and instagram share the same sandbox area on mobile phones, so the data transfer and extraction of desired data can be coordinated between those apps on the mobile phone and then uploaded to facebook servers at will by the apps. It is pathetic that this has been allowed to continue, with coordination from Apple and Google. Google's job is to invade your privacy, but Apple does at least have a modicum of morality to prevent such actions.

    Fight this, please.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like