That big privacy policy update everyone was complaining about was--again--only about providing hosted e2e clients in the cloud for Facebook Business customers, and had nothing to do with end user to end user chats: the goal was to solve the experience problem of a company wanting to provide a chatbot and realizing "omg, I have to host all of the chat client parts myself and build some way for random people in my organization to get access to it?!". The updates were all clearly narrowly targeted towards that--including to the security document, which merely moved the statement that data was encrypted (as opposed to removing it, which some people claimed)--and Facebook representatives immediately provided explicit clarification of all of this, but no one cared and everyone caused this massive denigration of WhatsApp... one that is apparently continuing, as this doesn't seem to be anything new they changed?
Here is a comment with some defense of all of this, for those who were only reading the big headlines:
And for what: so that the only mass-market end-to-end encrypted messaging tool could be discredited? And we could prove to large companies "we don't care if you are end-to-end encrypted: in fact, we will punish you harder if you are end-to-end encrypted than if you are just a normal service!"?!? Where is all the continued outrage over Snapchat, the service we actually should be trying to replace with an e2e encrypted alternative (but for which Signal is an insufficient replacement as a big reason people like Snapchat is that you don't have to give your real phone number to the random people you talk to online)? While some people remind us that Telegram sucks, where are the weekly threads and news articles about how horrible Telegram is? Why are groups like Signal targeting advertising at WhatsApp instead of at Telegram? Hell: why is everyone so upset over WhatsApp, but no one ever mentions Facebook Messenger in any of these articles or rants?
And let us not forget the cherry on top of this whole thing: that right after everyone decided to do this massive mobilization to cause the great exodus from WhatsApp--only some of those people of course ending up on Signal, with some reasonable number likely moving to Snapchat or Telegram or even Facebook Messenger--Signal decided they had a great moment to launch MobileCoin... a cryptocurrency whose claim to fame is being built on broken-by-design DRM technology (Intel SGX / ARM TrustZone) and which--whether you think cryptocurrency is a good idea (which I do) or not--has managed to undermine confidence not only in the only big open source end-to-end encrypted messenger (by both clouding its motives and tying it to cryptocurrencies, which many end users consider to be a scam) but which has now soured everyone's opinion (maybe correctly) of the privacy community (due to the recent push to use it). This is all just so infuriating as someone who wants people to universally have end-to-end encryption :/.
(FWIW, if there is something new here--something that Facebook is now suddenly doing that is actually bad, unlike before--I'm very curious, but am going to note that all of the above is now the reason why I'm even past the point of caring enough than to skim a few paragraphs to verify "this is part of the same FUD from a couple months ago": you can only cry wolf so many times before even the super technical people like me are no long going to care. But this just seems to now be "great, government is now going to step in and also punish WhatsApp for having the gall to have bothered to build an end-to-end encrypted messaging app and then be carefully transparent about the process by which they add a new feature that just shouldn't be considered a big problem". When this same politician decides to sanction Snapchat or Telegram for the way they handle privacy--or goes after Facebook Messenger or Instagram--I'll be excited, but this is going to harm the efforts for end-to-end encryption, not help them!)
People are mad about whatsapp because it used to be a good platform that they now feel compelled to abandon. I don't think people have any particular allegiance to fb messenger—it exists and is something to be tolerated.
the whole "but the privacy policy changes weren't that bad!!!" to which I say: it was simply the straw that broke the camel's back. People didn't want their metadata harvestsed by FB, and this was a convenient time to jump.
FB apologists will be quick to note that FB had access to WA metadata for years unless if you dug through some menus for an opt-out button (now removed). I have no clue how they think this is a compelling argument.
Just because the dam hasn't broken yet doesn't mean that you can't keep chizzling away at it. eventually it'll break. I'd argue that WA would have never been in this mess if they stayed as an arms-length corporation and were left to their own devices. But no: FB has an immediate desire to gather the biggest heap of user data possible. As they should: it's how they make their money. But that doesn't mean people aren't allowed protest.
The problem is that the protests are not framed this way. Not "WA was going downhill for years, and now my patience ran out", but "Ouch, this particular change in ToS is a game-changer, all is lost, I'm quitting!!"
This undermines trust to the argument. It looks more like it aims for a knee-jerk reaction, all emotion, zero thought. If you don a large enough tinfoil hat, you can even imagine for a second that somebody is trying to scare away more users from the largest e2ee platform out there, so that they would land on less secure platforms — but of course I'm no RMS to suggest such outlandish things.
People's protest was other fb data harvesting. Even if they didn't understand the specific changes in the tos, they had legitimate grievances.
Which is to say, "you're only allowed to me mad about a change when it's rolled out" is not a theory I buy into.
The reason the exodus happened was not "because" of the privacy change, in the same way the dam didn't break because a squirrel running across knocked the "last piece" loose.
I have said this before. The contract you sign with facebook allows them to send all your stuff from whatsapp to facebook. Any of it.
Who cares what they say their intent is?
It was so clearly, so obviously written to deceive, I wonder whether the defenders have ever actually read the new privacy agreements they are supposed to sign.
It says that in the future (e.g. as soon as the EU allows it), Facebook will merge all Whatsapp and Facebook data. And it will share whatever it can do now.
They do NOT say they will not share the data with Facebook. They use the same sentence, carefully worded, saying that they don't share the data right now, but might later.
Why the funk do you think they write it that way?
Some people also believe sentences like this:
"We at company X deeply care about your privacy".
Here is a comment with some defense of all of this, for those who were only reading the big headlines:
https://news.ycombinator.com/item?id=25875802
And for what: so that the only mass-market end-to-end encrypted messaging tool could be discredited? And we could prove to large companies "we don't care if you are end-to-end encrypted: in fact, we will punish you harder if you are end-to-end encrypted than if you are just a normal service!"?!? Where is all the continued outrage over Snapchat, the service we actually should be trying to replace with an e2e encrypted alternative (but for which Signal is an insufficient replacement as a big reason people like Snapchat is that you don't have to give your real phone number to the random people you talk to online)? While some people remind us that Telegram sucks, where are the weekly threads and news articles about how horrible Telegram is? Why are groups like Signal targeting advertising at WhatsApp instead of at Telegram? Hell: why is everyone so upset over WhatsApp, but no one ever mentions Facebook Messenger in any of these articles or rants?
And let us not forget the cherry on top of this whole thing: that right after everyone decided to do this massive mobilization to cause the great exodus from WhatsApp--only some of those people of course ending up on Signal, with some reasonable number likely moving to Snapchat or Telegram or even Facebook Messenger--Signal decided they had a great moment to launch MobileCoin... a cryptocurrency whose claim to fame is being built on broken-by-design DRM technology (Intel SGX / ARM TrustZone) and which--whether you think cryptocurrency is a good idea (which I do) or not--has managed to undermine confidence not only in the only big open source end-to-end encrypted messenger (by both clouding its motives and tying it to cryptocurrencies, which many end users consider to be a scam) but which has now soured everyone's opinion (maybe correctly) of the privacy community (due to the recent push to use it). This is all just so infuriating as someone who wants people to universally have end-to-end encryption :/.
(FWIW, if there is something new here--something that Facebook is now suddenly doing that is actually bad, unlike before--I'm very curious, but am going to note that all of the above is now the reason why I'm even past the point of caring enough than to skim a few paragraphs to verify "this is part of the same FUD from a couple months ago": you can only cry wolf so many times before even the super technical people like me are no long going to care. But this just seems to now be "great, government is now going to step in and also punish WhatsApp for having the gall to have bothered to build an end-to-end encrypted messaging app and then be carefully transparent about the process by which they add a new feature that just shouldn't be considered a big problem". When this same politician decides to sanction Snapchat or Telegram for the way they handle privacy--or goes after Facebook Messenger or Instagram--I'll be excited, but this is going to harm the efforts for end-to-end encryption, not help them!)