Tale of WhatsApp: New privacy policy or Pandora’s Box for Digital India?

Hyderabad: This is a love story, which truly turned sour!

We all fell for WhatsApp, in a time when text messages did not come free and when data packs were not as cheap as they are now.

Message boxes were flooded more with text advertisements than personal messages.

A free of a cost messenger app that claimed, ‘respect for your privacy is coded into our DNA.

Since we started WhatsApp we aspire to build our services with a set of strong privacy principles in mind,’ seemed perfect to switch over from the text messenger service to WhatsApp.

Comparison between WhatsApp, Signal and Telegram with inputs from Cyber Expert Prashant Mali

Unfortunately, a decade later this clause is no more in WhatsApp’s new policy update, which has raised serious concerns over Data Privacy of users.

Topping it up, WhatsApp now tells its users “you’ll need to accept these updates to continue using WhatsApp”, which effectively means if users choose to stay, they will lose their data privacy to ‘Facebook Companies’, else their accounts will be deleted by February 8, 2021. Prima facie, it seems that it is the user who is going to be the loser either way.

Why should we get concerned with the new policy update of WhatsApp?

N. S. Nappinai, Supreme Court advocate and founder of Cyber Saathi rightly points out, “not only WhatsApp but actions of any platform, be it a social network or a messenger app, changing its policy statement to the detriment of the users after they have already signed up for the service, can be contested on the anvil of unconscionable and impermissible alteration".

Back in 2014, the acquisition of WhatsApp by Facebook Inc had come with a price tag of $19 billion.

This tech acquisition is considered to be the most valuable one in history. The amount of money spent on the deal even when WhatsApp did not generate revenue except having a user base of about 450 million, had raised many brows.

Experts then took it as Facebook’s working towards achieving Data Monopoly.

The recent developments in WhatsApp’s policy are now billed as an arm twisting of Facebook, which presently owns the four most downloaded apps of the decade – Facebook, Facebook Messenger, Instagram and WhatsApp.

Data is the new oil

In this 21st century and in an era of digital transformation, data has indeed replaced oil to become the most valuable commodity. And with that, data now comes with a popular tag line, Data is the new oil.

It is evident from the fact that some of the most valuable companies in the world like Google, Facebook and Amazon are vying to acquire more and more user data.

Unlike traditional monopoly, Data Monopoly till now has not resulted in any rise in prices for customers.

It is happening because digital services to a large extent are offered for free.

As a result, users are never bothered or ponder over to look into the practices of digital service providers. And this results in undermining of user’s data privacy and data security.

The battle for Data Monopoly is all fought at the expense of users and their personal data.

Data Privacy

Data privacy determines when, how, and to what extent a user can share or communicate his/her personal information to others on the Internet. This personal information can be anything ranging from one's name, location, contact information, or online or real-world behaviour.

WhatsApp Policy Update and Data Privacy

Internet security expert and co-founder of Innefu Labs, Tarun Wig says whenever an account is created on the WhatsApp, it collects information about phone model, operating software, battery status, signal strength, time zone, IP address, WhatsApp usage, if any payment is done using WhatsApp payment feature, then payment and transactions details, status updates, group details, profile pictures, and last updated about info.

Along with all these, the media files exchanged on WhatsApp are also stored in its servers.

Even though WhatsApp chats are end-to-end encrypted and it does not keep any logs of the calls made, the company did not mention anything on end-to-end encryption (a system of communication where only the communicating users can read the messages) of media files.

These days almost everyone has a WhatsApp, Facebook and Instagram account. All these media files along with the data collected by WhatsApp, when shared on Facebook, its Artificial Intelligence will process and analyse the raw information collected from all three platforms and convert them into more meaningful and usable data like details of users' health information, professional and employment-related information, browsing behaviour, financial and location-related information.

This will be then shared with the third party and the user will be oblivious of it. And this is how sharing of users data among WhatsApp, Facebook and Instagram or other Facebook Companies will release a deluge of personal information in the public domain which can be very revealing and hence risky.

Recently, more than a thousand WhatsApp groups links resurfaced on Google through a simple web search, according to a research report.

With access to these links, anyone can join a private WhatsApp chat. Internet security researcher Rajshekhar Rajharia shared the information through a tweet.

How risky is Data Breach

In a country like India where WhatsApp has been an essential element of daily life, this new policy update of WhatsApp has created paranoia among the users.

Hyderabad: This is a love story, which truly turned sour!

We all fell for WhatsApp, in a time when text messages did not come free and when data packs were not as cheap as they are now.

Message boxes were flooded more with text advertisements than personal messages.

A free of a cost messenger app that claimed, ‘respect for your privacy is coded into our DNA.

Since we started WhatsApp we aspire to build our services with a set of strong privacy principles in mind,’ seemed perfect to switch over from the text messenger service to WhatsApp.

Comparison between WhatsApp, Signal and Telegram with inputs from Cyber Expert Prashant Mali

Unfortunately, a decade later this clause is no more in WhatsApp’s new policy update, which has raised serious concerns over Data Privacy of users.

Topping it up, WhatsApp now tells its users “you’ll need to accept these updates to continue using WhatsApp”, which effectively means if users choose to stay, they will lose their data privacy to ‘Facebook Companies’, else their accounts will be deleted by February 8, 2021. Prima facie, it seems that it is the user who is going to be the loser either way.

Why should we get concerned with the new policy update of WhatsApp?

N. S. Nappinai, Supreme Court advocate and founder of Cyber Saathi rightly points out, “not only WhatsApp but actions of any platform, be it a social network or a messenger app, changing its policy statement to the detriment of the users after they have already signed up for the service, can be contested on the anvil of unconscionable and impermissible alteration".

Back in 2014, the acquisition of WhatsApp by Facebook Inc had come with a price tag of $19 billion.

This tech acquisition is considered to be the most valuable one in history. The amount of money spent on the deal even when WhatsApp did not generate revenue except having a user base of about 450 million, had raised many brows.

Experts then took it as Facebook’s working towards achieving Data Monopoly.

The recent developments in WhatsApp’s policy are now billed as an arm twisting of Facebook, which presently owns the four most downloaded apps of the decade – Facebook, Facebook Messenger, Instagram and WhatsApp.

Data is the new oil

In this 21st century and in an era of digital transformation, data has indeed replaced oil to become the most valuable commodity. And with that, data now comes with a popular tag line, Data is the new oil.

It is evident from the fact that some of the most valuable companies in the world like Google, Facebook and Amazon are vying to acquire more and more user data.

Unlike traditional monopoly, Data Monopoly till now has not resulted in any rise in prices for customers.

It is happening because digital services to a large extent are offered for free.

As a result, users are never bothered or ponder over to look into the practices of digital service providers. And this results in undermining of user’s data privacy and data security.

The battle for Data Monopoly is all fought at the expense of users and their personal data.

Data Privacy

Data privacy determines when, how, and to what extent a user can share or communicate his/her personal information to others on the Internet. This personal information can be anything ranging from one's name, location, contact information, or online or real-world behaviour.

WhatsApp Policy Update and Data Privacy

Internet security expert and co-founder of Innefu Labs, Tarun Wig says whenever an account is created on the WhatsApp, it collects information about phone model, operating software, battery status, signal strength, time zone, IP address, WhatsApp usage, if any payment is done using WhatsApp payment feature, then payment and transactions details, status updates, group details, profile pictures, and last updated about info.

Along with all these, the media files exchanged on WhatsApp are also stored in its servers.

Even though WhatsApp chats are end-to-end encrypted and it does not keep any logs of the calls made, the company did not mention anything on end-to-end encryption (a system of communication where only the communicating users can read the messages) of media files.

These days almost everyone has a WhatsApp, Facebook and Instagram account. All these media files along with the data collected by WhatsApp, when shared on Facebook, its Artificial Intelligence will process and analyse the raw information collected from all three platforms and convert them into more meaningful and usable data like details of users' health information, professional and employment-related information, browsing behaviour, financial and location-related information.

This will be then shared with the third party and the user will be oblivious of it. And this is how sharing of users data among WhatsApp, Facebook and Instagram or other Facebook Companies will release a deluge of personal information in the public domain which can be very revealing and hence risky.

Recently, more than a thousand WhatsApp groups links resurfaced on Google through a simple web search, according to a research report.

With access to these links, anyone can join a private WhatsApp chat. Internet security researcher Rajshekhar Rajharia shared the information through a tweet.

How risky is Data Breach

In a country like India where WhatsApp has been an essential element of daily life, this new policy update of WhatsApp has created paranoia among the users.

“Let us all accept the fact that in this digital era, Data privacy is a misnomer. Many websites come and apps have to collect and store our data to provide us services. However, sometimes these apps collect data more than it is necessary and sometimes they are not efficiently designed enough to secure the data privacy. All these results in a compromise of personal data,” says Internet security researcher Rajshekhar Rajharia.

In India, even school coordination happens via WhatsApp groups as does resident welfare association interactions.

With this new policy, Facebook will know the personal details about the minors as well like location, schools, pictures etc and this data when shared with any third party and can pose a great threat to them.

One of the largest data breaches in India is said to happen during the digitisation of Aadhar as reported by The World Economic Forum (WEF) in their Global Risks Report 2019.

How Personal Data can be misused

Personal data can be misused in a number of ways. Criminals can use personal data to defraud or harass users. Cases like online blackmailing and sextortion are rampant these days. Many of which had happened over Facebook.

For example, the ‘Bois Locker Room’ group on Instagram had shown us how personal details can go for a toss on social media.

For the unversed, Bois Locker Room was an Instagram scandal allegedly involving a chat room of teenage boys from Delhi that rocked the nation during the lockdown last year.

It came to light on May 3, 2020, when a member leaked chats from the group, including obscene images of around 15 girls, who were mostly teens.

Entities may sell personal data to advertisers or other outside parties without users consent, which can result in users receiving unwanted marketing or advertising, cluttering the users’ online space.

When a person's activities are tracked and monitored, this may restrict the person’s ability to express freely.

How WhatsApp Business accounts can be threat to Data Privacy

In 2018 WhatsApp Business was launched. It also entered the payments market in its two biggest markets – India and Brazil.

These business accounts mean your data might be available to several people already linked to these accounts and then again the data these business accounts collect from you is being shared with any third party services, which eventually means your privacy goes for a toss as the number of people it is shared with multiplies.

Data Protection Laws

The European Union had adopted the General Data Protection Regulation (GDPR) ensuring EU citizens their rights to data privacy. Any violation to this can invite fines of up to 4 per cent of a company’s earnings.

In India, there is no such stand-alone data protection law to protect personal data and information shared or received in a verbal or written or electronic form.

But, with the inclusion of Section 43A and Section 72A under the Information and Technology Act (2000), it has now established the right to compensation for improper disclosure of personal information.

Best Alternative to WhatsApp

There are lots of messaging apps like Line, Telegram, Viber, Twitter direct message, but the Signal private messenger is the one that ticks all WhatsApp features, yet beats it and other apps in terms of private data security.

The Signal private messenger app has emerged as the most reliable alternative to WhatsApp.

With a maximum number of downloads in the first two weeks of January 2021, Signal has emerged as a clear winner with 3.3 million downloads in comparison to WhatsApp 1.7 million, Facebook 2.1 million and Instagram saw 2.3 million downloads in the same period.

Based on an Open source code and end-to-end encryption, Signal ensures the privacy of our chats and contents shared on the platform. Managed by Signal Foundation, a Non-Profit organisation, this app protects free expression and enables secure global communication explains cyber expert Dr Prashant Mali.

Telegram, which operates with a profit motive, has serious security lapses and is banned in many countries. Even in India, many ISPs are blocking it.

What’s ahead

Unless India gets a strong user-oriented Data Protection Act, we should keep in mind the following:

While installing any app, one needs to be careful about what permissions are given to the app.

Many times when we give apps permission to automatically read the OTP (One Time Password) and then we forget to cancel the permission. One should be cautious about this.

One should visit the settings of the phone on regular intervals and remove those apps, which are no more in use and also change the permission settings to only contact and storage for such apps.

This is very important for those apps which have a camera and microphone permission and are not being used for a long time.

It will be also to not get solely dependent on any one app for a long time.

To be or not to be on WhatsApp after February 8 is your choice, but try to avoid sharing financial login details, passwords and sensitive information over WhatsApp if you choose to remain on that platform, experts say.

Also Read: Amid privacy concerns, cyber experts stress need for a strong data protection bill