WhatsUp with our privacy?
The very recent scandal around WhatsApp privacy update reminded us of our personal data’s worth. Billions of people use digital tools owned by companies that collect and sell their data daily, often without consent, but very few think about it until a controversy comes up. Personal data collection and what happens with it afterward is one of the main issues of our interaction with online technology, especially now amid pandemic when it seems as if we’re online all the time. New apps, such as those for video calls, pose new risks to the safety of our private information. The first step in regaining control over it is learning where the threats reside.
Name, home and IP addresses, location history, health and financial records, browsing histories, shopping preferences, social media activities, phone and app usage – these are just some pieces of information revealed through online activity and all of them are vulnerable to misuse. Data privacy (also known as information privacy) is concerned with their proper handling – how they are collected, stored, and shared, and whether this complies with restrictions such as the General Data Protection Regulation (GDPR). According to GDPR, data privacy means empowering users to make their own decisions about who can process their data and for what purpose, while data protection means keeping data safe from unauthorized access.
Outside of the digital realm where things can get clouded pretty quickly, privacy concerns are much easier to grasp. They have always been very important – we keep certain things and information hidden to protect them from falling into the wrong hands. We are reluctant to give away sensitive information in face-to-face situations, but as we get confronted with long, bureaucratic “Terms and Conditions” for features we want to use online, the concept of privacy becomes much more elusive.
It is not just about wanting things, though, but also about needing them. Many people are well aware of the proven risks and still agree to all terms and conditions for the convenience of using tools that became imperative in our daily private and professional lives. Meanwhile, others may not be informed enough about how their data is used online and may insist that they don’t care about privacy issues because they have “nothing to hide” anyway. As author and professor Colin J. Bennett explains, most people "go through their daily lives believing that surveillance processes are not directed at them, but at the miscreants and wrongdoers" despite "evidence that the monitoring of individual behavior has become routine and everyday". And while the concern about the invasiveness of government surveillance for our supposed safety is well-founded, it is mainly the private sector – big tech companies such as Amazon, Facebook, and Google – that misuse personal data for profit gains in particularly insidious ways.
Ad
Not only are we individually compromised by having our data sold to unknown third parties for dubious purposes, but we also unwittingly contribute to goals that might be unacceptable to us. One of such infamous examples was the scandal around the political consulting firm Cambridge Analytica in 2018. The company influenced the livelihood of entire nations by using personal data secretly harvested from millions of people's Facebook accounts and selling it to competing political campaigns. It became known, for example, that Donald Trump won the US elections in 2016 by hiring Cambridge Analytica to profile voters and target them with personalized political ads.
Quitting Facebook may seem like an easy way to overcome this issue, but its privacy dangers lurk elsewhere as well. WhatsApp, the Facebook-owned messenger with about two billion users, recently became the center of controversy with their new privacy policy ultimatum: its users could either agree to share more of their data with its parent network or, if they refuse to do so by February 8th, lose their accounts. WhatsApp has been using end-to-end encryption for years, ensuring that Facebook doesn’t have access to the content of user’s messages – a feature that will remain under new terms and conditions. But even all these things aside, its service hasn’t really been as private as it could be. Apple's new mandatory privacy labels showed just how much less safe it is compared to some other apps.
Cybersecurity expert Zak Doffman notes: "WhatsApp does collect too much data, much more than the likes of Signal, Telegram, and iMessage. But when compared to apps like Facebook, Messenger, Google, Instagram, Snapchat, and TikTok, it collects very little. So, unless you avoid those others, WhatsApp isn’t your biggest problem." The data privacy issue needs to be looked at with these different apps in mind, many of which work in an orchestrated way to extract as much data as possible.
For example, WhatsApp already collects a lot of information that can be combined with other data given through Facebook and Facebook-owned companies, such as information about how you interact with others on its services (the time, frequency, and duration of interactions with others), the time you spend online, your location (if allowed), and any statuses, profile images, and features you set. It can also collect information about your phone, such as battery level, mobile operator, and signal strength. And if you opt for data backup, it will not be encrypted, which means that the content of your messages becomes exposed and the purpose of end-to-end encryption futile.
There are different ways to lower risks – for starters, avoiding businesses and their affiliates with a track record of data misuse and using the safest available alternatives instead. Following WhatsApp’s new privacy policy, many did just that and moved to rival encrypted messaging services such as Signal and Telegram, which got a download boost of 4200% and 91% respectively. However better, neither of these apps are perfectly safe as they both have access to a person’s phone number and contact list, and can derive identities based on that. According to the “Internet Privacy Guy” Rob Braxman, the surge in popularity of Signal is nevertheless a good thing. The app is relatively safe to use as long as the communication happens with known people. For truly secure communication, services such as XMPP or Briar can be an answer in certain situations, particularly with strangers to whom we don’t want to disclose our number or email.
Even our most uninteresting data can be used in impactful ways that go way beyond tailoring innocuous shopping ads for us to see while browsing online. The internet is still a vast gray area where some laws and regulations are yet to be applied and until then, the tech giants will keep using loopholes to leverage their success. Regardless of their overbearing power, each of us can make informed choices. Switching to a messenger app that is "the lesser of two evils" is just the tip of an iceberg of cybersecurity measures we can take to better protect our information and identities.