Connect with us

News

Your WhatsApp messages aren’t actually private – moderators can read them

WhatsApp’s moderators can apparently read your messages

whatsapp encryption
Image: KnowTechie

Umm, remember back in 2018 when Mark Zuckerberg swore to Congress that “we don’t see any of the content in WhatsApp, it’s fully encrypted”? Well, it seems that was a big ol sunscreen-smeared-face lie, as a new report from ProPublica details that WhatsApp has been able to read your messages all along.

See, WhatsApp likes to talk a big game about user privacy, with even the message dialog saying “No one outside of this chat, not even WhatsApp, can read or listen to them.” before you send something. Maybe that’s technically correct, but a WhatsApp contractor called Accenture has over 1,000 dedicated moderators that review user-reported content that’s been flagged by the AI moderation tools inside WhatsApp.

Those AI routines are checking for spam, disinformation, hate speech, potential terrorist activity, child sexual abuse content (CSAM), blackmail, and sex workers aka “sexually oriented businesses.” Once flagged by the AI, which apparently consists of a large percentage of harmless false positives, the human moderators can see the last five messages in any thread.

Yes, that’s noted in the Terms of Service that you agree to when you open a WhatsApp account, stating if your account is reported it “receives the most recent messages” from either your group or direct chat.

According to ProPublica, it doesn’t say anything about all of your metadata being viewable by those moderators, like your phone number, IP address, linked Facebook and Instagram accounts, etc. Sounds suspiciously like a “fingerprint of every single message,” a thing WhatsApp argued against when the Indian government wanted access to scan through users’ messages.

The real question here is when something is reported on WhatsApp, and the last five messages are sent, how does it actually work? Does the act of reporting copy the five messages from the decrypted version on the reporting user’s device, and send those to WhatsApp or is something else breaking the supposed end-to-end encryption? Would those five messages still get sent if they were sent as disappearing messages? What about if the user deletes their history before reporting one message?

That explains how WhatsApp was able to report over 400,000 CSAM images to NCMEC last year, as stated by Will Cathcart, the head of WhatsApp. It also flies in the face of the “Trust Us” messaging out of the service over the years, especially since the purchase by Facebook. Don’t trust them, they can see your supposedly private messages.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments
Advertisement

More in News