---------- Forwarded message ---------
From: Peter Kaminski
Date: Mon, Jan 11, 2021 at 5:03 PM
Thanks for sharing, Mila!
This came out on a UK newspaper yesterday:
The article does a good job with two pieces of information, and a terrible job with the third.
Message content has been, and will continue to be, encrypted.
If you live in the “European Region”,  you have a different set of terms. 
The article says, “The really significant recent update is that WhatsApp has added new features to allow people to communicate with businesses – and those businesses could be hosted by Facebook.”
I would judge this to be dangerously uniformed and irresponsible reporting. The new terms do discuss this communication with businesses, but that’s not the really significant part of the update.
The significant concern with Facebook and WhatsApp has always been what Facebook does with the metadata around conversations. Who your contacts are, which of them you chat with and when (down to the millisecond), what everybody’s IP address is, where your phone says you’re located (down to which store, and potentially which aisle), etc., etc.
The article misses that most significant point.
(I could also quibble about Facebook/WhatsApp’s obfuscatory description of its privacy practices and what they really do, but that would be asking a leopard to deny its spots.)
It turns out that WhatsApp has been sharing that sort of information with Facebook for a couple of years now, anyway, unless you were lucky enough to opt out during the first part of the acquisition.
Separately, Facebook has been working on encryption for its own Messenger service. Messenger content wasn’t originally encrypted, and Facebook could scan the content itself. When encrypted messaging became popular, it was embarrassing that Messenger’s messaging was not, and they decided to start encrypting it.
The watershed moment, for me, is that Facebook has decided it’s time to close the WhatsApp opt-out loophole, which means to me that they have improved their metadata analysis for Messenger, and want to consolidate more metadata into their galaxy of surveillance, and have chosen to do that at the expense of user agency over privacy (for those lucky enough to have retained it thus far).
This might – and conversely, probably should not – be a watershed moment for many other people.
As I said in a previous message, if you’re a regular Facebook user, you should probably just continue using WhatsApp; the new terms don’t change your relationship with Facebook much.
But, on the other hand, perhaps it’s a good time to learn more about Facebook and metadata?
Some more background articles I think are good:
“WhatsApp Has Shared Your Data With Facebook for Years, Actually” (Wired, 2021-01-08)
“WhatsApp Users Suddenly Get This Surprise New Boost From Facebook” (Forbes, 2020-05-23)
“Forget About Backdoors, This Is The Data WhatsApp Actually Hands To Cops” (Forbes, 2017-01-22)
 Andorra, Austria, Azores, Belgium, Bulgaria, Canary Islands, Channel Islands, Croatia, Czech Republic, Denmark, Estonia, Finland, France, French Guiana, Germany, Greece, Guadeloupe, Hungary, Iceland, Ireland, Isle of Man, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Madeira, Malta, Martinique, Mayotte, Monaco, Netherlands, Norway, Poland, Portugal, Republic of Cyprus, Réunion, Romania, San Marino, Saint-Martin, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United Kingdom sovereign bases in Cyprus (Akrotiri and Dhekelia), and Vatican City. See https://faq.whatsapp.com/general/security-and-privacy/who-is-providing-your-whatsapp-services