== Ravi Dwivedi's personal website ==

WhatsApp is a malware

Last Updated: Saturday 08 January 2022

Think of it: WhatsApp gives you a chatting service for free-of-cost. How are they earning money? Are they a charity? What are the hidden costs behind this free-of-cost service? You are trading away your rights like Freedom of Speech, privacy, freedom that every software user should get, and so on, just to use this free-of-cost service.

  • WhatsApp is a nonfree software. A nonfree software is usually a malware which mistreats its users. A nonfree/proprietary software controls the user and users don’t have control over it. WhatsApp does not provide you the source code of the app and therefore you cannot trust the app that it really encrpyts the messages without backdoors (Backdoor means WhatsApp or any third-party can get access to your system remotely and control it or take your data. Some examples of backdoors found in nonfree software are listed here.). Even if we assume that WhatsApp messages are end-to-end encrypted, backdoors can selectively decrypt those messages when WhatsApp wants them to. A backdoor-like feature was found in WhatsApp that can be used nullify its encryption.

    How do we know if WhatsApp doesn’t keep a copy of private key(for all or some of its users)? How do we know that they don’t turn off encryption for all or some selected users in an update? We don’t know because we don’t have the source code. This means that any trust on WhatsApp is a blind trust.

  • WhatsApp is used by political parties(mostly by the BJP) to spread their political propaganda in India.

  • WhatsApp makes extensive use of outside contractors and artificial intelligence systems to examine user messages, images and videos; and turns over to law enforcement metadata including critical account and location information. This means it doesn’t respect user privacy.

  • The government also has access to the data that WhatsApp collects.

  • It is not sustainable for the whole world to depend on WhatsApp for their communications. It has been down for hours earlier, disrupting all the world communications. If there are many service providers (as there are in XMPP or Matrix), then outage of one server does not disrupt the communications of the whole world. This is one of the many problems with centralized services.

  • WhatsApp requires a phone number to register. In many countries, it is required to link your SIM card to your identity, for example, by providing passport details or driving license. This is a privacy violation and can be used to identify users very easily.

  • WhatsApp is owned by Facebook, a data collection company whose business model relies on recording people’s lives. It also combines the data it gets from WhatsApp with Facebook. Check Social Cooling if you are curious on why you should care about your digital privacy.

  • WhatsApp collects a lot of data on each user. For example, WhatsApp gets to know - what mobile phone you use (Hardware model), what Operating System you use, your time zone, your IP address through which your precise location can be tracked (unless you use VPN or Tor, which hides your IP address), your profile picture and status, your phone number, information about all your contacts which is saved in your WhatsApp, your device’s battery percentage, network strength in your device, app version, browser information, connection information (including phone number, mobile operator or ISP), language, about and last seen. WhatsApp also collects information provided to WhatsApp by third party companies or apps. So, these are all the information which WhatsApp can collect from you and can give it to Facebook and even other third party companies. Reference here.

    Note that all this data collection is just a symptom of WhatsApp being proprietary software and users don’t control it. If the software was free, then the users could have removed these malicious features.

  • A good article on how WhatsApp domesticates users. This is called vendor lock-in, which means that once you start using the service/product it is diffcult for you to switch to another similar service without substantial costs. In WhatsApp’s case, the cost of switching is losing all the WhatsApp contacts. Any person switching from WhatsApp to another service needs to make effort to convince and get his other contacts switched to the new service.

    This predatory behaviour of WhatsApp gives you another reason to uninstall it from your device.

    If you care about freedom and switch to a freedom-respecting platform, your real friends will still be in touch via other methods. Other friends– I am sure that you can live without them.

  • WhatsApp chat backups are stored unencrypted in Google Drive and iCloud (Visit the URL and note this line “Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in iCloud.").

  • On Android, if you force stop WhatsApp, it automatically turns on within 30 minutes. This is a malware-like functionality.

  • “Deleted” WhatsApp messages are not entirely deleted. They can be recovered in various ways.

  • WhatsApp has serious insecurities which can be used to decrypt messages sent using WhatsApp.

  • WhatsApp can ban its users anytime. Over 2 million Indian accounts were banned by WhatsApp in 6 months. WhatsApp having this power is wrong. Users should be allowed to run their own server and federate with WhatsApp, and therefore be allowed to set up their own rules.

  • WhatsApp sends threat mail to people who develop independent bots for automating tasks on WhatsApp.