Data Privacy: WhatsApp, Facebook, and Google

User Data is the gold of the digital world. So many big names are consuming users’ data for a very long time, and Facebook and Google top on the list. These companies are trying to build user-oriented products. To do that, they are collecting every single bit of user data. But anything done within a limit is good. There should be a line where these companies should stop collecting our data. The line we are talking about is getting blurry every day.

With WhatsApp renewing its privacy policy, this line is about to disappear. So many people are raising concerns about that. Social media is filling up with memes over how they are sharing so much private information with their parent company.

The Old Times:

From the day of its origin, Whatsapp was so committed to protect and to secure the data of its users. With end-to-end encryption and other technology, WhatsApp was used to assure us how our data is safe with them. But this single announcement has turned the table upside down.

“Respect for your privacy is coded into our DNA. Since we started WhatsApp, we’ve aspired to build our Services with a set of strong privacy principles in mind.”

This sentence was used to be in the privacy policy of WhatsApp. This sentence has now disappeared in the new privacy policy.

The Changes:

A few days back, people started receiving a pop-up saying that WhatsApp is changing its privacy policy. People were excited, but the changes in the Privacy Policy changed people’s minds. From excited states, users fell to the concerning state. The Major problem with this change was, sharing information with Facebook and user have to accept the policy to continue being a user. This forceful act is breaking the internet right now.

WhatsApp is a necessity of our daily life. Due to which some people might accept the new policy without even reading or understanding it. Then some are planning to migrate from WhatsApp.

“As part of the Facebook family of companies, WhatsApp receives information from, and shares information with, this family of companies,” the new privacy policy states.

The Incident:

Let’s go back a year. In February 2020, many people posted about seeing their group chat and information on Google search results. With a simple search on Google, anyone was able to access group content, members’ information, and contacts. This breach of data and private content was tipped to Vice by Jordan Wildon (Twitter: @jordonwildon).

And Facebook already knew about it for months.

For information, every WhatsApp group has an invite code (a URL) that is created by its admin. Turn out that Google was indexing those URLs (some). This way, anyone was able to access these links from Google search results.

Embed Code of Tweet:

<blockquote class="twitter-tweet"><p lang="en" dir="ltr">A misconfiguration by WhatsApp enabled ~470k Group Invite links to be indexed by search engines<br><br>It should’ve been `Disallow`ed with robots.txt or with the `noindex` meta tag<br><br>thanks <a href="https://twitter.com/JordanWildon?ref_src=twsrc%5Etfw">@JordanWildon</a> for the tip <a href="https://t.co/CJxjJ5qyfh">https://t.co/CJxjJ5qyfh</a> <a href="https://t.co/FrW1I9Y8vs">pic.twitter.com/FrW1I9Y8vs</a></p>&mdash; Jane Manchun Wong (@wongmjane) <a href="https://twitter.com/wongmjane/status/1230831634494083072?ref_src=twsrc%5Etfw">February 21, 2020</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

It Happened Again:

After reporting the problem, the issue was resolved in a few days. But in 2021, these groups started to pop again in the search result. This time the profile picture and phone number were also showing.

According to an article from Hindustan Times, a total of 1500 invite links were indexed on the Google search result. Rajshekhar Rajaharia, a cybersecurity researcher, stated that WhatsApp was not using the robots.txt file for its subdomain chat.whatsapp.com.

Robots.txt stops a search engine crawler from indexing particular links. After notifying such things, WhatsApp has added the NoIndex tag to their subdomains.

All these were happening when WhatsApp was not collecting our data, yet we were vulnerable.

So What Data is WhatsApp Accessing?

Almost Everything. Leaving your payment data, everything is going to be shared with Facebook. Details like your IP address, OS, Phone details, operating system, operator details, chat messages, and whatever you can name. Those days are not far when you might get ads related to your chat messages.

CAIT Want Govt. to Ban WhatsApp:

CAIT, Confederation of All India Traders, is claiming that the data WhatsApp is collecting about users can be used by WhatsApp or its parent company in any way they desire. Sensitive information like payment details and transaction details are also part of it. The trader’s body wrote to the IT Ministry to impose a ban on WhatsApp or restrict them from implementing this privacy policy.

“To further increase transparency, we updated the privacy policy to describe that going forward businesses can choose to receive secure hosting services from our parent company Facebook to help manage their communications with their customers on WhatsApp.

“Though of course, it remains up to the user whether or not they want to message with a business on WhatsApp.” WhatsApp spokesperson added.

As we were already discussing, there should be a limit on how much these big brands can access. If they can not draw the line, I think, we should. We can not wait for the government to come up with some strict privacy laws or something. Being self-aware, we can save our data from getting into some wrong hands.