Skip to main content

A Guide to Privacy on Social Media [apps]


The recent announcement by WhatsApp to update its privacy terms - and 'accept or leave the app' stance - led to an exodus of users from Whastapp to competing, privacy-conscious apps such as Telegram or Signal. A week after the exodus began, Whatsapp clarified its stance - and WhatsApp's CEO went about providing a long Twitter clarification. And then, many returned, many who considered moving stayed put on Whatsapp. This post is meant for those who are still sitting on the fence - it clarifies questions like: What is this all about? What do I do? Is Whatsapp safe? I've heard Telegram is Russian - so how is it safer than Whatsapp? I can't move because my business contacts are on Whastapp - how do I secure myself?

PS: I've modeled this post based on several conversations I've had with friends and family on this subject, dealing with the chain of questions they ask, then objections they raise, then clarifications they seek - and finally the change resistance they exhibit. You may want to skip over to the relevant section directly.
The Controversy  

As WhatsApp rolled out its new Privacy Policy, a cursory reading of it gave out signals that Whatsapp will now start sharing its data with Facebook its parent. Many people, me included, had this perception after glossing over the changes proposed by Whatsapp. Turns out I was wrong - as per the clarification - Whatsapp continues to remain private for most parts of your 'personal communications' with your direct contacts.

However, there is a section of conversations which will get shared with Facebook - that is your conversations with Business Accounts. Mostly these are established brands like your Bank or Insurer. In most cases, this will not include your local businesses like shops, laundryman or Milkman - because even though these are businesses who interact with you over Whatsapp, Whatsapp has no way of knowing that these are businesses because they usually do not use 'WhatsApp for Business' app and you are usually chatting with the personal account of the shopkeeper or handyman. This will, however, include players like your Bank, Insurer, Food delivery app or your Telco who have a registered Whatsapp Business account.

Having said that, while the current change in Privacy policy is restricted to business account interactions, directionally the change is against Privacy and nothing stops WhatsApp / Facebook from extending it over time to personal and groups chats also. 

Why does Facebook need to track me? 

Facebook is not evil (not brazenly evil at least) - it doesn't want to peep into your bedroom and livecast your personal moments to the web; no that's NOT the reason why Facebook wants your data. Facebook collects data about which brands you interact with to build a database of likes, dislikes, preferences. This database is both specific to you i.e. personalized and also used to generate aggregated statistics. 

The aggregated statistics may be sold to other (big?) businesses who pay for such data - to use in marketing and product innovation

  • to create products people like or are likely to buy and;
  • to better target advertisements and other content to you - in short, sell you in a more personalised way or target you based on what you would react favourably to.

Is that bad?

Is this really bad - not necessarily - as a fellow entrepreneur pointed out to me, that he has come across some very innovative and useful products through personalized ads, which he would have never searched himself as he didn’t know something like that existed! As an entrepreneur myself, I'd love to target my product to audiences who will use it and there is no other way than having data about their likes / dislikes (and other data like their Salary, Bank balances, travel styles, shopping preferences etc), to be able to target them well.

But as I have argued in past personalisation, the kind being promoted by BigTech, is not good because excessive personalization of say our Facebook feeds or news coming in via WhatsApp groups, makes us as blind to other perspectives.

Beyond news feeds, privacy may be desirable to you in other respects of life - you may not want your Facebook friends (which may include your family) to know about the WhatsApp groups you're a part of or even brands which you interact with on WhatsApp. Imagine you receive an update about your recent lingerie purchase from your retailer on WhatsApp, which pops an advert on your mother's Facebook timeline stating - 'Your friend just received an update about Victoria's Secrets on WhatsApp, you may like it too, click here to receive updates on your WhatsApp number'

Maybe you may not mind this at all or maybe you would. Maybe you'd be more concerned about your mother knowing that you are a part of some Atheists WhatsApp group than about your lingerie buying habits. Privacy is different for different people - some want to protect their political opinion, some their family life, some their sports/adventure preferences and some their religious beliefs.

In essence, while the current changes in WhatsApp privacy policy may not immediately lead to such effects, over a period of time, tracking by various apps across services can lead to unexpected outcomes which may be to your liking or may not. So this is not about a one-time decision to move or stay with WhatsApp but about learning to operate any and every app which tracks you.   

Ok ok! But for now just tell me if I should move?

Short Answer - Yes. Long Answer - move but you don't quit Whatsapp entirely.

Different apps offer different features for security and privacy - for example WhatsApp and Signal both provide 'end-to-end encryption' to your chats, but this feature has to be enabled in Telegram separately. Similarly, both Telegram and Whatsapp provide easy "Web access" through the browser, Signal does not have a browser version [it does have a Desktop app]. 

So, feature wise, WhatsApp does have most features, but its ownership by Facebook is what puts it at a uneven pedestal - it can turn bully anytime and you won't have a choice. And even though Whatsapp may have a feature or two which Telegram or Signal don't, adopting alternative apps does enhance your security in the following ways:

  1. Your data - contacts, groups, relationships, chats - are now distributed across different services and hacking just one of them doesn't lock you out of your online existence. You can always use the other modes to communicate with the world and get your access back.
  2. In terms of the market, competition is always good for the end customers. If Telegram and Signal gain as much acceptance and popularity as WhatsApp (which today has almost a monopoly), all apps will try to outwin each other by providing newer features and enhanced security to users. 

So you may want to remain on most of the apps where your friends, family, colleagues, peers are present.

Telegram or Signal? 

As I explained above - as an individual, adopt both or the one where your contacts are present. But if the question is with respect to moving 'Groups', here's a the lowdown: 

  • For official groups I recommend Telegram mainly because of it has a better Browser based access, and your colleagues may want to be connected to the app on their computers during working hours than manage the phone and computer both. Telegram, being a private organization is also likely to have better support for corporate usage in the longer term.
  • For personal / family / friends groups I recommend Signal. The reason is that I find Signal to be much less prone to gubernatorial intervention. Signal is a non-profit with the development managed by volunteers spread across the globe and no particular jurisdiction can exert an undue influence on them. It operates very similar to Mozilla - the organization behind the Firefox browser.

    Telegram is a private company, though, to its credit, the founder moved from his home country (Russia) and across multiple countries trying to find a place from where he can operate the messaging service free of gubernatorial influence. Having said that, legally Telegram is registered in the USA and UK both. Also, Telegram will introduce monetization in 2021 to pay for the infrastructure and developer salaries, so your personal groups are better off staying on Signal if you don't want to pay to operate them. 
I do not want to make a recommendation for Personal chats because it will depend on which app the other person whom you want to chat with, uses.  However, I recommend you familiarise yourself with features such as Disappearing messages, Secret Chats & Self Destruct timer, and using a 'username' instead of your number. Once you know these features you will yourself start conjuring situations where you'd prefer using them.

How to securely use Whatsapp / Facebook? 

So, as I said - you don't need to quit WhatsApp and for those who use Facebook as well (that app asks for as much or more access!) please go to your app permissions and disable all the permissions except the critical ones.

For example, here are my WhatsApp and Facebook App settings on my phone: 


As you will notice, the Facebook app has no permissions - I must confess that this does make it inconvenient at times, say if I have to post a photograph or download a photo. When I come across such a situation, the app/phone prompts me to enable the Storage permission, I grant that permission, do what I wanted to, and then immediately go back and remove that permission from the app. For WhatsApp, I had to live with giving it permanent access to my contacts, otherwise using WhatsApp would be have been a nightmare for me. 

What else can I do? 

Just like WhatsApp and Facebook, there are other apps who track you - for example Amazon or Flipkart or your Banking app or your food ordering app. It is a good habit to keep reviewing permissions given to these apps and disable unnecessary permissions occasionally.

Another trick I use, which I must confess, is even more cumbersome is not to download the app at all. I use Amazon only through my mobile or laptop browsers - I don't have the app on my phone. This is because Amazon is the most common user of pugmark ads, ads which pop-up in unexpected places based on your personalised browsing etc history. So using it via the browser makes tracking your device impossible for Amazon.

If you want to go one more notch up, you can give up using Google Chrome, on which you have to be logged on all the time using your GMail username. Instead switch to the Firefox browser or even better use the Brave browser. I won't go into details but Brave is better than FireFox because it automatically blocks most third-party trackers on websites which create those nasty pugmark adverts appear in unexpected places. Finally, when using NetBanking or other sensitive websites you should use the Incognito or Private Browsing mode of your browser. And last, I recommend ditching the Google Search engine and switching to DuckDuckGo - a search engine that doesn't track you or even personalise search results based on your location.

And finally, like messaging apps, use different browsers at the same time - at this moment I have Brave, Chrome, Firefox and MS Edge all open on my laptop. The logic is the same as I described for messaging apps. By using different services/ software you enhance your privacy because your data is now distributed across different platforms and hacking just one of them doesn't lock you out of your online existence.

What's the big deal with Privacy anyway?

Privacy is like air - you only realise its absence. And as I have mentioned above, it means different things for different people and hence your choice of technology tools should be driven by your own perception of what you think is private. It doesn't really matter who in specific is tracking you, and what do they specifically do with the data. The risk rises when tracking data is shared with parties other than the primary collector of data because:

  • Your data across different sources can be correlated to the extent that you start getting discriminated. For example, your car insurer can change their premium based on your travel habits or your hospital can charge you differently based on your official travel schedule or your designation and your salary.
  • It can become a nuisance - you must have often observed the ads that pop-up when you browse news website based on your past Amazon shopping searches.
  • Privileged users (site or database administrators) can create a detailed profile about you from this data and if such privileged access gets hacked, all your correlated data, at once, may get leaked leading to malicious hackers misusing it to blackmail you.
  • You can be the target of a Social Engineering attack which can have a severe impact on your personal and professional life.

If you're still not sure that it's a big deal, watch this (and start using Mine!):


I still think you're just paranoid!

You may be right - I am a little paranoid to draw severe conclusions like ones quoted above, some even hypothetical. I am also paranoid about catching the Covid-19 flu even by touching the elevator button or door handles in the lobby of my building; I do concede I am little risk-averse when it comes to risks which are very unlikely to transpire but, can have wide-ranging ramifications. This probably comes from my overly analytical bent of mind - rather than 'perceive' a risk, I tend to calculate it by the mathematical formula:

Risk = Threat x Impact

So a High Impact lends to higher Risks, even if the Threat value is moderate. Given that the impacts of catching the Covid-19 virus or losing your online identity, both can be catastrophic to your life, Risk is of a very high order of magnitude for them.

Nevertheless, I wouldn't force you to follow my lead in following prudent privacy practices, you need not do all the things I have mentioned in this blog post. Your own barometer for Privacy may be very different and that's just right! But your Privacy is surely a matter to ponder over and decide for yourself than take the word of a Social Media company.  

Photo Credit: Dimitri Karastelev on Unsplash

Comments

Popular posts from this blog

How will travel industry transform post-Covid

Unlike philosophers, journalists and teenagers, the world of entrepreneurship does not permit the luxury of gazing into a crystal ball to predict the future. An entrepreneur’s world is instead made of MVPs (Minimum Viable Product), A/B Tests, launching products, features or services and gauging / measuring their reception in the market to arrive at verifiable truths which can drive the business forward. Which is why I have never written about my musings or hypothesis about travel industry – we usually either seek customer feedback or launch an MVPised version and gather market feedback. However, with Covid-19 travel bans across the globe, the industry is currently stuck – while a lot of industry reports and journalistic conjectures are out, there’s no definitive answer to the way forward. Besides there is no way to test your hypothesis since even the traveller does not know what they will do when skies open. So, I decided to don my blogger hat and take the luxury of crystal gazing

Learning from 11 years in KPMG

It is only when we give up what we have is when we can embrace the new! I quit my job at KPMG one year ago - 22 January 2016 was my last day with the firm. As I reflect back on that day, it felt more like a graduation day! The eerie mix of nostalgia, excitement, anxiety and blues of missing your friends. KPMG was not just my first job but also a place where I learnt everything that I represent professionally. KPMG is one of the institutions I deeply respect and love – and relationships I have built here will stay with me for my lifetime. In my entrepreneurial career as well, I am often reminded more of all the great things I have learnt over my 11 years in KPMG. An year gone by, I realize these learnings have stayed with me and apply equally to the world outside KPMG. Almost all would apply to those working in role of (internal or external) consultants but several are generic and can be applied across professions. I have tried to change the text so that the learnings sound