WhatsApp to share user data with Facebook for ad targeting — here’s how to opt out


Facebook-owned messaging giant WhatsApp has announced a big change to its privacy policy which, once a user accepts its new T&Cs, will see it start to share some user data with its parent company — including for ad-targeting purposes on the latter service.

“[B]y coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp,” WhatsApp writes in a blog on the change today.

“Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you’ve never heard of.”

WhatsApp will also be sharing the data with the “Facebook family of companies” — so presumably its user data could also be fed to VR firm Oculus Rift, another Fb acquisition, and photo-sharing network Instagram.

WhatsApp data that will be shared under the new T&Cs includes the phone number a user used to verify their account, and the last time they used the service.

Two pieces of data which — on a creepiness scale of ‘personal intel you’d rather not hand over to a data-mining tech giant’ — are both right up there.

You can read the full WhatsApp privacy policy here.

There is an option to opt out of some of the data sharing (specifically for ad and product purposes)  — see lower down this post for more details — although most users will just tap ‘I agree’ to WhatsApp’s new T&Cs without reading them and realizing what they are agreeing to.

This is why, as we’ve said before, T&Cs suck. And why user consent to a massive privacy shift like this should certainly not default opt people in.

Privacy vs data

This is undoubtedly a huge step-change for a service that has typically prided itself on championing user privacy, including completing a rollout of end-to-end encryption across its entire service earlier this year, and continuing to fight requests from authorities to hand over user data.

But once WhatsApp agreed to be acquired by data-mining social network giant Facebook, back in February 2014, the writing was arguably on the wall for any pro-privacy stance.

Facebook is in the business of monetizing usage via interest-based advertising fed by harvesting the personal data of its users. WhatsApp’s original business model, of charging users a small yearly subscription fee for an ad-free messaging service, was discontinued after Facebook took over ownership of the service.

The annual $1 fee was ditched in January this year, but WhatsApp still does not have a replacement business model — given its anti-ads stance, although it is laying the groundwork to open up business accounts. And the intel it will be sharing with Facebook under its new T&Cs will likely be used to further its plans there.

At the time of the acquisition Facebook said it would be keeping the messaging giant independent, despite some obvious overlap with its own Facebook Messenger app.

While WhatsApp founder Jan Koum claimed there would be no changes. “Here’s what will change for you, our users: nothing. WhatsApp will remain autonomous and operate independently,” he wrote at the time, adding: “There would have been no partnership between our two companies if we had to compromise on the core principles that will always define our company, our vision and our product.”

Fast forward a couple of years and one core principle — privacy — is now being, if not entirely compromised, at least loosened — given that Facebook will now be able to link users of its own social services with WhatsApp users. It will also be able to track relative usage of its services vs activity on the messaging app, as WhatsApp feeds it engagement intel via the ‘last used’ signal.

It’s not clear from the WhatsApp blog post if other user data will be shared with Facebook. The wording suggests this is entirely possible, although if a user has updated to the latest version of the app, which end-to-end encrypts all content, then their messaging content at least cannot be shared, so long as the person they are messaging has also updated.

WhatsApp also makes this point in its blog post, noting: “When your messages are end-to-end encrypted, only the people you are messaging with can read them — not WhatsApp, Facebook, or anyone else.”

But that’s kind of missing the point about letting Facebook triangulate users across two massive services, with over a billion active users apiece. It remains to be seen whether that collapsing of boundaries between two distinct services will catch the attention of data protection regulators in Europe, which has more stringent privacy rules, and where Facebook has already faced multiple data protection related investigations and legal actions — and continues to do so.

We’ve asked WhatsApp for a comprehensive list of everything it intends to share with Facebook, and for a comprehensive list of everything Facebook intends to do with the data it will be receiving on WhatsApp users and their usage of the service — and will update this post with any response.

As well as phone number and last seen data, TechCrunch understands Facebook will also be fed intel on a WhatApp user’s operating system, mobile country code, mobile carrier code, screen resolution and device identifier. All of which open up plentiful tracking/ad-targeting possibilities.

But this looks very much like Facebook trying to ‘fill in’ missing mobile phone number data via the more comprehensive WhatsApp address book — given that the latter requires users to supply a number to verify an account, whereas it is possible to use Facebook without supplying your mobile number (albeit, Facebook might well have grabbed your digits via your friends uploading their contacts’ books to the service anyway… And the service periodically nags those who haven’t to add a mobile number…).

Comments (0)

Leave a comment