Not sure whether this post is relevant but I thought I’d share in case anyone finds this interesting.
For some inexplicable reason, my WhatsApp account has been blocked this morning (see attached screenshot). The only thing I changed recently (or indeed ever) was that I moved it from iOS to GrapheneOS. I’ve been using the account with this number since 2010 (i.e. pretty much since Day 1). My usage has not really changed over the last 14 years and it is fairly limited anyway, centred about school groups and family members who refuse to use Signal.
Not sure what to make of it really but thought worth sharing…
The cynical and probably true reason is that it lost the ability to harvest a lot of data points going to a hardened phone. Instead of saying so plainly, they play coy and say its because you are now a spammer account (apparently real humans dont use Graphene OS)
When clicking on the message, it says that “WhatsApp Support will review your account and device info to check for activity that does not follow our terms of service.” If messages really are E2EE, how is that even possible?
Reporting someone’s message sends the key to WhatsApp. In addition to that, they also see your device info (obviously), and metadata (who you messaged and when). None of this is a secret, it’s all outlined in the Privacy Policy.
Thanks so much. That’s exactly what I did. Will keep you posted.
It is worrying however that they can use this avenue to get the key. In theory, any employee could then report anyone, which hands over the key to Meta…
Probably they don’t want people to use whatsapp in an anonymous way, as if phone number wasn’t enough for them.
As earlier pointed out a phone with google services running gives them more information on the user. If they don’t get that info , probably they are gonna flag it.
Thanks for the headsup.
… what? The key is on the phone. If you press the report button, it sends to WhatsApp. If a Meta employee has physical access to your phone, you should have bigger concerns than them pressing the report button.
This is not a privacy issue, because whoever reports could’ve also just screenshotted it. The only extra thing the reports provide is provability towards WhatsApp.
I think I misunderstood you. I thought you said when someone reports me that this will give Meta access to my key, which I found very worrying as it would be very easy to abuse. I have not reported anyone. I woke up to a locked WhatsApp for reasons unbeknownst to me. I never said anything about anyone having physical access to my phone.
You’re confused about keys. Each conversation has a key. Reporting someone will provide the key for the conversation between you and them to Meta.
You were asking about how can they possibly check the “activity” if it’s E2EE. That’s how. If someone (accidentally or intentionally) reported you for spamming, Meta is able to read your conversation with them, and decide whether such a report was valid.
Yes, I’ve read that in the event of a report, Whatsapp has access to the last 3 or 5 messages exchanged for verification and I even believe that of their own free will they can contact the police.
No wonder when Signal is banned in some countries, Whatsapp isn’t!
Got it. I thought you were referring to the key that is generated when enabling encrypted backups. Consequently, I was assuming that when someone reports me and Meta gets access to said key, they would have access to all of my conversations. Thank you for clarifying, this makes a lot more sense.
I wouldn’t ascribe it to malicious reasons to be honest. I had my account be locked in a constant cycle once of blocking and unblocking because I was trying to log into the Windows desktop app…
More likely than not, whatever automated system they use for detecting spam is just not that good.
I’m thinking about it, but to encourage people around me to switch to Signal, maybe I should flag certain messages to force an account block and thus get them to come to Signal.