Experts cast doubt on privacy features of FB-owned WhatsApp

WhatsApp, which has one billion users globally, is one of the most popular mediums of instant messaging in India.

Update: 2018-04-06 11:27 GMT
The global panic Facebook created with its advice to 1.5 billion users to upgrade their WhatsApp to plug a security hole is a reminder that anything online can be breached.

Facebook-owned WhatsApp, the popular instant messaging service with over 200-million active users in India, might not be as secure as being claimed, with experts raising questions about certain provisions of the user agreement wherein most of its wrongdoings would go un-remedied and unchallenged.

WhatsApp, which has one billion users globally, is one of the most popular mediums of instant messaging in India. It was acquired by Facebook in 2014.

"One-to-one communication between users is encrypted and may be as secure as WhatsApp claims. But the metadata, information about the calls, is likely being mined by the company," Vivek Wadhwa, a top American technology entrepreneur and academic, told PTI.

"WhatsApp has admitted that it is sharing information about identity and device information with Facebook, allowing it to do the dirty work in snooping on users.

"What I found most worrisome is that WhatsApp's group chat feature allows any group member to mine data like Cambridge Analytica, and what is worse, they reveal mobile numbers. So people can be harassed off the platform," he said.

Wadhwa said that the group chat feature of WhatsApp puts users at greater threat than their postings on Facebook because of the availability of mobile phone numbers.

"WhatsApp users take the company at its word that 'Privacy and Security are in our DNA.' It clearly isn't. There are major design flaws in its chat features," he alleged.

People can be added to groups via public links or directly by an administrator. Even though the group gives a notification of a new member, they may only have a phone number or name and not know who they are. Any member can record conversations from the time they enter the group. They have the phone numbers of people making comments, Wadhwa said.

"A friend told me that he and his family had joined a group which became much larger over time and he worried that his children were being contacted by strangers because of what was discussed in that group," Wadhwa said.

On the question of saving information, he said WhatsApp is being two-faced. To Facebook, it provides sensitive device information. To the authorities, it claims that it can't decrypt conversations, he said.

Noting that almost one-quarter or more of the world's population is using WhatsApp for free - services that cost the company money for paying for its employees, plants and IPRs production, eminent New York-based attorney Ravi Batra said that it makes money by harvesting user data and using it in conjunction with others including Facebook.

"There is an old saying: There is no free lunch. Yet, there is a new brave digital world - that is free to use, and the costs and profit of providing the free services must come from 'mining' the habits and data connected to each User.

"Each human being is only born with a unique fingerprint or other genetic material. But how a human being lives, works and plays - each step and act - is as unique as that fingerprint. That is why it's so profitable to mine user data, so those who wish to sell anything to a user know what the user will want, when s/he will want it - maybe even before the user does!" Batra said.

Referring to the user agreement, Batra said the users of WhatsApp agree to waive a court of law, with a judge and jury, and instead, accept a decision by an arbitrator - who is not bound to follow the law.

"Moreover, the user agrees to dis-associate with any class action or group-based actions - which means that since most users will suffer a small monetary damage, the cost of seeking damages or vindication far exceeds the benefit of getting damages or vindication. The net result to the user: it isn't worth fighting WhatsApp," Batra told PTI.

Batra said WhatsApp is quite upfront that what belongs to the user - while still owned by the user - can be freely and fully used by it without paying any fee.

Further, the user gives WhatsApp free use of user's property and information, in exchange for using its messaging service. According to him, by practically making the retention of lawyers economically impossible, most wrongs would go unchallenged and un-remedied.

"If a user, not a resident of the US or Canada, is lucky not be subject to arbitration, then user agrees to travel to San Mateo County in California and sue in the federal or state court in the said county. Make sure to get a visa from the US Embassy and book a hotel for two-three years," he said, thus indicating that for all practical purposes an user in India cannot drag WhatsApp to court.

According to the terms of the agreement, an user in India agrees that they will resolve any claim they have with WhatsApp "relating to, arising out of, or in any way in connection with our Terms, us, or our Services (each, a 'Dispute', and together, 'Disputes') exclusively in the United States District Court for the Northern District of California or a state court located in San Mateo county in California, and you agree to submit to the personal jurisdiction of such courts for the purpose of litigating all such Disputes".

"In order to operate and provide our services, you grant WhatsApp a worldwide, non-exclusive, royalty-free, sublicensable and transferable license to use, reproduce, distribute, create derivative works of, display, and perform the information that you upload, submit, store, send, or receive on or through our services," the user agreement says.

Facebook, which owns WhatsApp, did not immediately respond to an email from PTI on the questions raised by these experts.

Tags:    

Similar News