I sent a letter to WhatsApp (Facebook). Today I got an answer

AlanOstaszewski

Level 16
Thread author
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
I wanted to send a letter to WhatsApp (Facebook) a few months ago to get information about my data, but I didn't do it before because there was no template for it and I didn't know which address to send it to.

Now that this website has been created, I have printed two letters. One letter for my brother to get information about his data at Google and one for me for WhatsApp.

I know that I can request a copy of the data online, but it only contains a fraction of the data that Google and WhatsApp actually collect. That's why I want to learn a little more this way.

I'll be sending these letters in a few days. I'll let you know if I get an answer in a few weeks. Thanks for this great article @BryanB !

I used this website to generate the template for my letter: https://www.mydatadoneright.eu/

Web - My Data Done Right launched - I wrote this post in this topic on 27 October 2018

------

I'll attach the scans of the letter I got today. Honestly, I am a bit disappointed. I've received ONLY a guide by post on how to view the collected data via the app, but I know that with this automated process you can only view 1% of the data that WhatsApp really knows about someone. You can't get the actual facts and analysis about your behavior, your person, and your messages that WhatsApp knows about you by a request via the app. And that's why I tried it with a letter... but with this letter I didn't get these facts!

I'm disappointed with WhatsApp (Facebook). My data is mine and then I think it's wrong for WhatsApp to tell me half the truth.

I will continue to use WhatsApp because I have to. But if you don't have to, I recommend uninstalling WhatsApp (and Facebook) on your phone.

I don't want to criticize the security of WhatsApp. However, I find the transparency lacking.
 

Attachments

  • 1.png
    1.png
    1.6 MB · Views: 317
  • 2.png
    2.png
    2.3 MB · Views: 269
  • 3.png
    3.png
    2.1 MB · Views: 267
  • 4.png
    4.png
    2.2 MB · Views: 252
  • 5.png
    5.png
    1.7 MB · Views: 277
Last edited:

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Clearly they will not provide the analysis and they will only give you raw data. The analysis they perform is a proprietary tool of the company and giving that out would be a terrible business idea for them considering that whatsapp/fb/etc probably use a similar methodology.
Anything free one way or another has mining of information and that is the reality. It's how they make their money.
 
E

Eddie Morra

The response from WhatsApp is technically correct and this method of accessing data they have on you is also outlined in their legal privacy policy document which you would have had to agreed to when you registered (or you automatically agreed to by continuing to use their services if you were a user before the most recent revision update).

Furthermore, the privacy policy states the following.
We will notify you before we make changes to this Privacy Policy and give you the opportunity to review the revised Privacy Policy before you choose to continue using our Services.


The last change to the WhatsApp privacy policy was on April 24th, 2018. I checked the archived version from August 25th, 2016 and it states the following.

We may amend or update our Privacy Policy. We will provide you notice of amendments to this Privacy Policy, as appropriate, and update the “Last Modified” date at the top of this Privacy Policy. Your continued use of our Services confirms your acceptance of our Privacy Policy, as amended. If you do not agree to our Privacy Policy, as amended, you must stop using our Services. Please review our Privacy Policy from time to time.

You would have had to have agreed to the above if you registered for and started using WhatsApp prior to the 24th April, 2018. Due to this, your continued use of WhatsApp after the privacy policy change which occurred on the 24th April, 2018 would have automatically represented your acceptable of the privacy policy updates performed on the 24th April, 2018.

If you joined after the 24th April, 2018 then you would have explicitly agreed to that revised policy.

You can learn more by reading WhatsApp's Terms of Service and Privacy Policy: WhatsApp Legal Info

If you do not agree with WhatsApp's privacy policy then do not use their services.

I've just read through the entire thing therefore I am sure you and a majority of other people can do it as well if you really want to find out more concrete details instead of rely on summary's which may not tell you the full story.

If you suspect that WhatsApp are withholding data on you which you are entitled to be able to access under your rights with laws that they must adhere to (such as GDPR since you're a citizen of the EU given you're situated in Germany - assuming your profile information here is not incorrect) and care enough about it, then you can start looking into taking legal action. However, legal action for getting to the bottom of these things is going to be extremely time consuming and the expenses for such are going to be sky-high, not to mention the fact that companies like Facebook will be bringing a lot of legal pressure.

Despite Facebook not being the angels from heaven on privacy, it would be foolish of them to violate your rights with GDPR, because they would be caught out by people who do have the sufficient resources to take action (sooner or later), and would suffer legal repurcussions such as large fines. I really doubt they are violating rights you are entitled to as an EU citizen with privacy law.

As long as they are providing sufficient data on you to keep in accordance with privacy laws they must adhere to with you as a customer then they have not violated the law, and their privacy policy and data export would have been reviewed by a team of people who are hired to ensure compliance with privacy laws and stay up-to-date with them.

If you disagree with the privacy policy and how they function then deactivate your account and find another service which you feel more comfortable with using.
 
E

Eddie Morra

I mean, I don't want to criticize security or privacy of WhatsApp. The answer I got and the data request tool is my point of criticism. I can't imagine that the data the data request tool displays is all WhatsApp knows about me.
They probably know more but may not have to provide the data under privacy laws.

For example, they may collect data about you which they must allow you to audit at your own discretion under privacy laws which are applicable to you under your country/EU (e.g. through the data export method they currently offer), but they may also use this collected data internally to calculate more data on you which was not explicitly recorded/collected from you. An example would be joining the dots on all the data they already have on you (legally collected) to make assumptions about you which may or may not be correct in the end.

We already know that Facebook have done numerous experiments with Artificial Intelligence/Machine Learning models... I am pretty much betting that they are leveraging such for predicting things about people based on the data they already have on you in compliance with privacy laws.

I'd also expect that Facebook use collected data to make a larger profile on you based on other data they can find on you elsewhere off their services, but I do not know about how this is handled for privacy protection compliance, nor whether they have to provide such data if they did not explicitly collect it themselves.
 
L

Local Host

I don't see why some people believe WhatsAPP (Facebook) respect the law, both Facebook and Google pay fines every year to the EU. The problem is the fines are not large enough to make a dent in their pockets so they keep breaking the law.

USA companies are used to bend the laws to their will in their Home Country, as for EU they pay a small fine to do whatever they want. EU should act more like China and start banning companies like Facebook and Google that break the law every year (either that or start charging values that actually affect those companies pockets).

Cause obviously the current fines are not working.
 
E

Eddie Morra

At the end of the day, whether Facebook, Google, Microsoft, Apple, your moms car vendor or the smurf's are following the law or not... don't use their services if you disagree with how they work.

The law may set things up in your favour but enforcing them is an entirely another matter.

With Facebook's record history of violating X or misleading with X and the huge wide public exposure about their past... people should know to avoid them if they do not want to be victims to such practices.

If you're still using Facebook services in 2018, especially after being aware of the recent things that have gone on and their general past, then I think you are also to blame if your privacy gets violated.

The law isn't a replacement for common sense.
 

AlanOstaszewski

Level 16
Thread author
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
I was trying to achieve something else with my post.

I think everyone knows this type of person: I have to use x for my y (for example work) although I don't like it. The perfect example is Windows.

Instead of WhatsApp being criticized for it, it is being protected. I'm looking forward to the next update where advertising will be introduced (not a joke, WhatsApp found a place to show you ads). I know that a free app has to finance itself, but not in that way.

I think everyone should be allowed to express criticism freely without someone saying: you don't like it, then do it better/do not use it.
 
  • Like
Reactions: vtqhtr413
D

Deleted member 178

@askalan I understood your point, don't get me wrong. BTW, what use of it make it mandatory to you?

I just despise this incessant whinning while keep using a product everyone knows is shady.
I use Facebook, I don't particularly like it, do you see me whinning? No, instead I try to reduce my footprint and avoid exposing sensitive details about me in it.

Working is different, your company impose stuff you must use so you have to follow.

However reporting something shady about something that is not supposed to be, is perfectly normal.
 

AlanOstaszewski

Level 16
Thread author
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
@Umbra
I'm probably using WhatsApp for the same thing you're using Facebook for. That is, teachers send us teaching materials to our class group, groups when you're in an club, contact with family members etc...

Just like you use Facebook, I reduce WhatsApp usage to the minimum and limit access. This means I check my messages once a day and immediately stop WhatsApp and the background processes (so it doesn't run in the background) when I'm done. I don't use WhatsApp to be reachable 24/7, but rather to inform me.
 
E

Eddie Morra

I think everyone knows this type of person: I have to use x for my y (for example work) although I don't like it.
In these scenarios I would recommend:
  1. Request a company work phone to be used for the service where no data other than work-related will be present. If such data is stolen by a service you are being forced to use on the device by your work-place, then that is on them and not you.
  2. If #1 cannot be done but you happen to have a spare smart-phone which is compatible with the service you're being forced to use, then use that for those enforced services you disagree with instead of your main personal devices.
  3. If the situation is really bad and you really cannot stand it and you cannot think of anythingn else to improve the situation,and the company doesn't want to switch to a service you and others are more comfortable with using, then I'd look for another job or just put up with it.
In the cases of #1 and/or #2 you could even use VPN as well if you cared enough and if it is allowed when using the service as part of work reasons.

In any event where you are forced by a workplace to use service X, Y and Z you dislike, I'd suggest limiting the data you provide to the service on your personal self to a minimum requirement that is satisfactory enough for the service and your workplace to be okay with, and if applicable, use privacy settings to the best of their potential to at-least protect any shared data from people you do not want to be able to see that data.

Albeit, it's going into the Tin Foil Hate Movement side of things (but I do know where you are coming from)... rofl.
 
E

Eddie Morra

I doubt Discord is bad on privacy either but I do not know - the UI is pretty easy to use and it supports server group chats. Slack is really convenient and it has worked well for me whenever I've used it, no problems.

Edit:
The Discord message removal feature definitely works or at-least Discord make it appear this way. I've never found any deleted messages on the data take-out logs and I've waited at-least a month for a data take-out just to test this in the past.
 
E

Eddie Morra

I know how you feel bro.

I currently use Slack, Discord and Microsoft Teams... but I also have use Skype which is extremely low-quality compared to the other platforms mentioned. We're talking extreme levels in quality reduction when put under comparison.

With Slack, Discord and Microsoft Teams... I can expect a pretty convenient session without running into unexpected or 1+ year old bugs (even those that have been reported numerous times on a regular basis) which end up causing problems (ranging from not getting notifications from people to messages being queued before being sending for excessively long times which makes the receipient think you may be ignoring them or are busy, etc.).

I think the most laughable one was with the Skype UWP version which would just refuse to open properly by instantly closing and this lasted for at-least half a year.

I've tried to convince people on Skype to switch to Slack, Discord or Microsoft Teams, but sometimes it is an impossible task.
 

jogs

Level 22
Verified
Top Poster
Well-known
Nov 19, 2012
1,112
Most of the members here have the same problem regarding FB and WA, we know there are some problems with them and we don't want to use them but it becomes really difficult to make others understand this, so we use them.
There have been many times when I wanted to send some important document in some secure way but person on the other side insisted on WA. Some times they would say " If you don't know how to send a file using WA I can show you". :unsure:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top