I see Whatsapp being recommended for Privacy but my general thoughts were that anything Facebook (Meta) related was the opposite of Privacy focused. While I trust the recommendations here on Privacy Guides, I’m having a tough time reconciling this. Did Facebook change their approach?
1 Like
WhatsApp is not recommended for privacy. Where did you see that? WhatsApp will track your messaging metadata even if it is E2EE. Also who knows what kind of scanning they perform on the client side where your messages are not encrypted. I wouldn’t trust it.
11 Likes
Facebook and Meta products is and have always been terrible for their users and their privacy. Please avoid WhatsApp if you at all can. Signal messenger is a significantly superior IM so use that instead.
Also what @lone-cloud said
2 Likes
I am glad I asked…. Thank you.
2 Likes
This started because I have a personal need to create an account on Instagram. (very unique need).
So, I picked up a Pixel, loaded GrapheneOS. I am trying to learn whether I can use an virtual phone number (like Hushed) or I require an eSim.
It appears that Instagram can use a Whatsapp account to sign up, so that led me down the Whatsapp trail. I obviously misread comments that Whatsapp was good for Privacy but my “bat senses” were ringing with alarm once I learned that Whatsapp was owned by Facebook (Meta) and therefore this post and my question.
1 Like
Holy Moly!
2 Likes
That’s not an entirely accurate image.
The image on the right should have Google (and left too tbf) that has: user known to use Signal, Android ID, time sent, IP address from/to, link to a profile detailing past usage patterns and maybe some guesses for a social graph that they can approximate based on timing of messages between users. Based on that info they can start to guess who the real you is as IP can be linked to an approximate location and Signal is still a relatively niche app + they’ll know all the other apps you get notifications for.
Just because you use Signal doesn’t mean that you’re safe from Google (assuming the users are on Android).
4 Likes
You’re not wrong, but I think the point of the picture is to demonstrate the difference between apps, not the actual level of overall privacy. Definitely a good point to keep reality in mind though.
2 Likes
lone-cloud, please remember that I am an Eli5 member….
Is this also true about GrapheneOS users? (the fact that Google captures this additional identification?)
You shouldn’t worry about it if you’re a beginner imo. Fully beating Google’s surveillance on your phone might be too tough from the start, but GrapheneOS is a great (best actually) choice.
To answer your question, yes it’s true for GOS users too. You’re probably using sandboxed Google Play services which is ideal for your convenience. However, they still relay your push notifications data through their proprietary Firebase Cloud Messaging service, which will collect the info that I outlined above.
Molly app + mollysocket + ntfy is better than the Signal app in terms of privacy and it still runs on the same Signal network. Ideally you should self host your own mollysocket + ntfy, but it will be too hard for a beginner.
2 Likes
What’s the source for that image?
I think @lone-cloud is referencing people using Signal on regular Android phones. Google’s super ingrained there so they’ll get a lot of extra information.
Just trying to not get into the weeds too much, GrapheneOS is the best way to use Android without Google. So if you’re using GrapheneOS without Google Play Services, then Google will not be spying on you.
But some will install Google on their GrapheneOS for various reasons and even if it’s not as deeply ingrained (term is “sandboxed”) and it’s not able to snoop like normal Android, as lone-cloud mentioned, many notifications rely on a proprietary Google service so they can potentially gather information that way.
But I’d say when starting out, just using GrapheneOS is a major boost to privacy, so don’t worry about all the extra steps making your gap with Google air-tight. Any progress is good progress.
1 Like
It came from a random privacy signal group that some user created. Sorry if you want me to credit the image better, but I’ll have to go pretty far back in my signal group text to figure out who posted it… but he posted it so he could have us share it around and asked for suggestions on how to make it better.
Update: the group purges messages older than 4 weeks so I can’t find who posted it.
Thank you for responding and providing accurate information. I’m trying not to make too big of mistakes as I set up this Pixel……. It helps to know what is and what isn’t actually possible.
2 Likes
nah, I was referring to the case of GOS + sandboxed Google play services + push notifications. Virtually all apps, including Signal, use the aforementioned FCM from Google for push notifications on Android. Maybe GOS randomizes each app’s Android ID, but Google will still collect the metadata stuff I mentioned above as they’ll need it to notify you when you get a message. I suppose a VPN could help hide your real IP from FCM though.
1 Like
I appreciate the information. I don’t have Play Services so there are some apps who do not give any notifications as they rely soley on FCM… which is very annoying, but as Signal is not affected, I assumed that it doesn’t use FCM. Guess I was wrong.
They make the best of both according to their FAQ
“Signal always uses their own push implementation in the foreground, but switches to FCM in the background when it’s available.”
Looks quite AI slope-y too 
but I guess it still kinda makes a point.
Yeh, bg image is clearly AI, and maybe the filler data was AI-assisted, but based on how crisp the rest of the details are, I think the overlay was “hand-crafted”. Could be wrong though, but I appreciated how clearly the message is portrayed so I kept a copy.
This is not proving that it is or is not AI.
Crisp details can be very much done with the right prompt. 
It’s fine I guess, not the biggest concern but let’s avoid sharing too much slope as a whole. 