Connect with us
McAfeemcafee banner ad


Your WhatsApp messages aren’t actually private – moderators can read them

WhatsApp’s moderators can apparently read your messages

Umm, remember back in 2018 when Mark Zuckerberg swore to Congress that “we don’t see any of the content in WhatsApp, it’s fully encrypted”? Well, it seems that was a big ol sunscreen-smeared-face lie, as a new report from ProPublica details that WhatsApp has been able to read your messages all along.

See, WhatsApp likes to talk a big game about user privacy, with even the message dialog saying “No one outside of this chat, not even WhatsApp, can read or listen to them.” before you send something. Maybe that’s technically correct, but a WhatsApp contractor called Accenture has over 1,000 dedicated moderators that review user-reported content that’s been flagged by the AI moderation tools inside WhatsApp.

Those AI routines are checking for spam, disinformation, hate speech, potential terrorist activity, child sexual abuse content (CSAM), blackmail, and sex workers aka “sexually oriented businesses.” Once flagged by the AI, which apparently consists of a large percentage of harmless false positives, the human moderators can see the last five messages in any thread.

READ MORE: WhatsApp Communities lets you build your own social network

Yes, that’s noted in the Terms of Service that you agree to when you open a WhatsApp account, stating if your account is reported it “receives the most recent messages” from either your group or direct chat.

According to ProPublica, it doesn’t say anything about all of your metadata being viewable by those moderators, like your phone number, IP address, linked Facebook and Instagram accounts, etc. Sounds suspiciously like a “fingerprint of every single message,” a thing WhatsApp argued against when the Indian government wanted access to scan through users’ messages.

The real question here is when something is reported on WhatsApp, and the last five messages are sent, how does it actually work? Does the act of reporting copy the five messages from the decrypted version on the reporting user’s device, and send those to WhatsApp or is something else breaking the supposed end-to-end encryption? Would those five messages still get sent if they were sent as disappearing messages? What about if the user deletes their history before reporting one message?

READ MORE: WhatsApp now supports 512 person group chats

That explains how WhatsApp was able to report over 400,000 CSAM images to NCMEC last year, as stated by Will Cathcart, the head of WhatsApp. It also flies in the face of the “Trust Us” messaging out of the service over the years, especially since the purchase by Facebook. Don’t trust them, they can see your supposedly private messages.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience at KnowTechie, SlashGear and XDA Developers. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere, with particular focus in gadgetry and handheld gaming. Shoot him an email at joe@knowtechie.com.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Facebook