WhatsApp as harm mitigation for Facebook Messenger

My threat model involves minimising the amount of data available to large tech companies - I find their tracking creepy. Messaging apps are, of course, a key part of this. I note I am more concerned about the content of messages, than the metadata, as I don’t see e.g. my government as a threat actor.

I am based in a country that primarily uses Facebook Messenger and secondarily WhatsApp to communicate. When I was younger and less informed about privacy, I joined Messenger and have used it since. I never needed to set up a WhatsApp account (most people are on Messenger already).

I have managed to convert my family and close friends to Signal, but have had a harder time converting my less close Messenger contacts. I don’t want to cold turkey quit Meta’s messaging platforms, as I want to stay in touch with these people. However, I am keen to minimise my exposure where possible.

I am considering joining WhatsApp as an easier sell than Signal for at least some of these contacts (many will already be on WhatsApp). The driver being that WhatsApp guarantees the E2EE of message content, where Messenger applies this only to certain 1:1 chats. That is, using WhatsApp as harm mitigation for Messenger.

Does this seem sensible? I feel a bit trapped by the network effect on Messenger and (though it seems like this is a good idea), I’m hesitant to risk another network trap in WhatsApp.

Isn’t meta intending to bring E2EE to all messenger chats?

Apparently, yes. However, there’s no timeline (that I know of) for group chats.

Anecdotally, too, the majority of my 1:1 chats still aren’t E2EE either, even after having the PIN thing enabled (I’ve tested this by requesting a download of my data).

Edit: plus the iOS app seems to have completely removed the option to start an E2EE group chat.

I think your logic makes sense.

Are you really trusting meta to do E2EE properly that may have an adverse effect on their advertising business model?

2 Likes

I trust them to do it to the same level as whatsapp of getting all the metadata withoht the exact contents of the message because they have no reason not to with whatsapp clearly being profitable for them even with encryption on.

Telegram is so questionable in terms of privacy. Whatsapp and Messenger are both way better than Telegram

Yes, Telegram isn’t widely used in my country so regardless of your thoughts on its encryption it wouldn’t work for this use case

I wonder how the Interoperability gone over here:

Is progressing, because then you could just use one service and message cross platform with others.

1 Like

My problem with whatsapp is the metadata collection and correlation.

Totally agree that the metadata collection is problematic, no argument there.

My question is more focused on harm reduction, I think.

That is: if I can’t convert someone to Signal (or other privacy-oriented messaging services), is WhatsApp going to be better than Facebook Messenger?

My problem with Telegram is they use misleading marketing so people think its encrypted when its not, which means they don’t just have metadata, they have all the data. And then their encryption protocol for the secret chats is super funky.

The question is between whatsapp and messenger which will eventually be almost the same product from the same company. Realistically switching between them won’t negatively effect them anymore than what they’re already doing and the contacts won’t switch, so an encrypted forum is better than unencrypted one.

1 Like

For now specifically probably, but with time they’re probably gonna equalize. You may even be able to use something like element or signal in the future and communicate cross platform due to the DMA.

Wouldn’t recommend Telegram E2EE it’s not enabled by default and multiple encryption flaws was found in the MTProto protocol.

I’m honestly a little dubious on this - it sounded like WhatsApp had third party chats disabled by default and I imagine that will be the same for Messenger

That’s untested I suppose - the EU might go after them for it sometime in the future, but I haven’t seen them raise any concerns so far, which doesn’t give me much confidence

Plus I’m not in the EU and they might geo fence it forever :disappointed:

I’d say separating your messenger from social media is a good idea in general, even just from one Meta platform to another Meta platform, even remain on one platform but with different accounts, because you can “potentially” unlink / have a different socialgraph, if you do it properly.

Just I personally decided not to make the compromise and therefore I only talk to the people who have more private messenger i.e. Signal.