WhatsApp's condition for admins to share public links only with trusted users in Group Chats leaves it open for data misuse

We spoke to Wadhwa about WhatsApp's clarifications and also asked him if a #DeleteWhatsApp movement was actually possible in India, considering the user base.

With the ongoing Facebook-Cambridge Analytica data scandal being dissected under a microscope by government agencies from around the world, the questions around data privacy have become an everyday conversation. While Facebook is dealing with the issue of data sharing and data scraping, one is forced to look at its other properties which also have a massive following. Among them, Instagram and WhatsApp stand out.

WhatsApps condition for admins to share public links only with trusted users in Group Chats leaves it open for data misuse

Representational image. Reuters.

WhatsApp, in particular, is important in the Indian context, as this is the go-to messaging app in India with a significant number of users. Over 200 million, to be precise. With WhatsApp features such as calling, group chats and more recently payments, it is slowly but surely on its way to becoming a Super App. But even though WhatsApp promises end-to-end encryption and complete protection of your data, questions have been raised.

According to Vivek Wadhwa, a Distinguished Fellow at the Carnegie Mellon University of Engineering at Silicon Valley, WhatsApp is not as secure as it claims to be.

According to report on VentureBeat, Wadhwa referred to a draft paper by a group of researchers from Switzerland clarifying that the vulnerability lies in the implementation of the WhatsApp groups. The draft paper talks about how anyone on the internet can get invite links of open WhatsApp groups and join them to check on all the new messages and phone numbers of the group members.

WhatsApp clarified its stand stating, "The privacy and security of our users are incredibly important to WhatsApp. Whenever a new member joins a group all members receive a notification that includes whether the person was added via group link or by an administrator directly. Group members can always see everyone in the group including their phone number and their name. We make it easy to leave a group or block unwanted messages with one tap."

We spoke to Wadhwa about WhatsApp's clarifications and also asked him if a #DeleteWhatsApp movement was actually possible in India, considering the user base.

WhatsApp has released a statement saying that its Group Chats feature is safe, saying that invite links are an optional feature available to group admins and must be shared with trusted sources. Your comment on this.

The WhatsApp’s spokesperson said, “invite links were an optional feature available to group administrators but it must be used only with trusted individuals”. But this is Facebook doing more of the same: blaming their users for their products’ flaws and their unscrupulous methods of marketing information. The fact that links are public is a huge security risk. I have a friend who had his family join a group which grew over time. There would be new members added all the time and they had no idea who they were. But they believed WhatsApp’s claim that chat group that messages are secured with end-to-end encryption and assumed that all was good. That was until his children started getting SMSs and calls from strangers based on messages they sent to the group.

People are not aware that they are putting their families at risk by joining groups in which they do not know every participant. Why do I say at risk? Because anyone can watch the postings on the platform and contact people directly on their mobile phones. WhatsApp also displays the status of the person so you know when someone is active on the platform. This is far worse than what Facebook and other social media sites enable.

This is a serious design flaw. Either they should not have groups or keep sensitive information such as phone numbers private.

With the 'Group Chats' feature being not so secure, how can malicious actors use that to manipulate voters in general elections next year?

Let’s say that you joined a group that was discussing local or national politics. Or that you joined a group discussing sensitive topics such as your sexual preferences or health. Anyone in this group could learn about your views and target you based on your phone number. Facebook makes it easy to take that phone number and access a person’s profile and friend lists. WhatsApp shares details of your phone and unique device information with Facebook. You see the problem?

Indians already get inundated with SMSs from marketers. Imagine if they were profiled by malicious players and threatened or encouraged to do bad deeds. This is all possible.

Indian online users are heavily invested in WhatsApp and given the lax nature of most Indians when it comes to data and user privacy, do you believe that people will actually delete WhatsApp and look at alternatives. Especially when everyone they know and care about are on this platform?

India users have not had their elections hacked yet, they have not experienced what the Rohingya refugees did, with the spread of misinformation and hatred against them. They will learn over time what dangers are posed by the compromise of their personal information and lax regulation of social media companies. Americans are waking up to the horrors only now.

Considering India is approaching general elections next year, what according to you are the key concern areas and how must Facebook go about tackling these issues?

Facebook/WhatsApp must be held liable for every news story that is clearly false that is propagated on its network. Perhaps a fine of Rs 50 lakh for every post that isn’t deleted within 2 hours. It must not be allowed to sell political ads or any other ads that create communal disharmony or hatred. It must disclose who has purchased an ad and how the information it has gathered is being used.

WhatsApp should also not be allowed to share any type of information with Facebook — or any other company. It is the backbone of Indian person to person communications now.

Facebook-owned WhatsApp is used extensively to spread fake news as has been experienced in past in India, and since it is end-to-end encrypted, it adds another layer of complexity. So what are the challenges must be addressed?

End-to-end encryption is only on the communications lines, it is an excuse for inaction. The fake news is spread in groups and shared messages. As you have seen, there is no real security in these. The company can certainly develop the tools to prevent the spread of hatred otherwise it should not exist. India can also develop its own alternative technologies — just as China did.

Will merely using artificial intelligence and increasing the security team strength help mitigate the spread of false propaganda in India?

It can surely help but human intervention is needed to supplement this.

Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.

also see