Just a few days ago, WhatsApp trumpeted the roll out of end-to-end encryption for its messaging service. The world rejoiced.
With events such as the battle between Apple and the FBI turning attention to encryption, the announcement was well-timed to ride the crest of the wave. But it seems that for all of the bluster and bravado, the news about extra protection may not be quite as good as it seems.
Analysis of WhatsApp's privacy documentation reveals that the Facebook-owned company retains a huge amount of data about messages that are sent. If this all sounds familiar, it's because the retention of metadata is precisely what the NSA was (is?) up to, trawling web communications and upsetting Edward Snowden and privacy advocates around the world. WhatsApp's encryption and policies mean that those who are concerned about their privacy should not rest on their laurels.
The end-to-end encryption now employed by WhatsApp may mean that it - and third parties - do not have access to the contents of messages that are sent, but it does still know a great deal of potentially privacy-invading information about communication. Included in the data that WhatsApp 'may retain' (which, it's fair to assume, can be read as 'does retain') is information about who has communicated with whom, when this communication took place and the intriguingly worded 'any other information which WhatsApp is legally compelled to collect'.
The privacy section of WhatsApp's Terms of Service says:
End-to-end encryption is a step in the right direction, but it is far from being the end of the story when it comes to privacy.
Image source: Shutterstock/Twin Design