I find the wordsmithery on Meta's statement the most interesting:
“We do not track your *PRECISE* location, we don’t keep logs of who everyone is messaging and we do not track the *PERSONAL* messages people are sending one another," it added. “We do not provide *BULK* information to any government.”
If you read around their points, it sounds like they track general location, log group messages, and provide specific information on request to a government.
Meta can also just lie about it. If they were secretly granting backdoor root access to some NSA spooks, like Microsoft did with PRISM or AT&T did with 641A, most likely no one would find out, so, there'd be zero actual downside to simply lying.
Usually the three letter agencies will send you a National Security Letter. If somebody sends you a NSL you're not allowed to talk about it, which makes it very difficult to even tell if the NSL is legal or not because it's very difficult to retain legal counsel with these kinds of matters, and secret courts don't have a whole lot of accountability either.
I would just assume that usually the three letter agencies have insiders and everything else is just parallel construction theater.
They usually just do a mea culpa:
Camera: https://www.bitdefender.com/en-us/blog/hotforsecurity/facebo...
Audio: https://news.ycombinator.com/item?id=41424016
Conversations: https://www.vice.com/en/article/facebook-said-it-wasnt-liste...
Mass surveillance: https://thehill.com/video/facebook-spying-on-users-new-repor...
Across the web: https://www.wired.com/story/ways-facebook-tracks-you-limit-i...
Beacon: https://www.wired.com/2007/12/facebook-ceo-apologizes-lets-u...
Apps: https://www.theguardian.com/news/2018/mar/17/cambridge-analy...
People who aren't even on facebook: https://www.vox.com/2018/4/20/17254312/facebook-shadow-profi...
Others do it too, e.g. Amazon: https://www.bloomberg.com/news/articles/2019-04-10/is-anyone...
But Facebook has always been on a whole other level
https://www.theguardian.com/technology/2018/apr/17/facebook-...
I will never understand how anyone in their right mind can use any product owned by Meta…
Because the entire rest of society has wrapped itself around Facebook, Whatsapp, and Instagram. It is easy to be a free software purist until you need to know if your child's school has a snow day. Websites and mailing lists are dead. I cannot be involved in my child's school or any of the informal social networks around the parents and teachers without using Meta's platforms. I cannot volunteer at a non-profit I care deeply about without using Meta's platforms, because that's what they have to coordinate.
Are you going to suggest to me that I should force them onto Signal and a pile of other DIY platforms? I dare you. Look a burned out parent in their bloodshot eyes first.
I live in a mostly rural part of Norway, and I have had a very similar experience with a volunteer group I cared deeply about. I created a Facebook account solely to access two groups they used to coordinate events. Initially it worked, but over time, Facebook’s algorithms stopped showing me new posts at the top. Since I was not an active user, I missed important messages and caused real frustration, both for others and for myself. Trying to explain why I was not seeing the content was more awkward than simply saying, “Sorry, I am not on Facebook.”
Eventually, I decided to step away. This was partly because I was not willing to engage more deeply just to make the platform work properly, and partly because of personal circumstances, such as having twins. After deleting my account, I noticed a significant reduction in stress.
These days, my children’s kindergarten uses a dedicated app to communicate with parents, and their sports club uses another (Spond, which seems fairly common in Norway). However, when I try to connect more informally with other parents, the conversation almost always leads back to Facebook, Messenger, or "insta". Even when people express understanding or sympathy for my choice to avoid those platforms, exchanging phone numbers or using alternatives rarely leads to real communication. It feels as if, socially, I cease to exist if I am not part of those groups.
So no, I would not suggest trying to push others onto Signal or similar platforms. I relate to your experience completely. Although we may have made different choices, the underlying challenge is the same: wanting to participate meaningfully, but finding that the tools we're expected to use often come with a cost we are not willing to pay.
No, it's because people don't care.
I have three kids. Sure it's not easy, buying used local things is basically impossible, but it's not terribly hard. You just work around it
Nobody can be forced to use these apps. If you don't want, they will find some other way, I personally only respond to email.
Then you’ll be excluded from a lot of groups and social activities without even knowing. That might be an acceptable trade off for you but it's a trade off nonetheless.
I'm not in high school to be afraid of being "excluded" from some social activities.
And that’s fine, just pointing out that if you were part of a sports club, parents group, whatever, you’re relying on someone keeping you in the loop and making your life harder if you want to be part of it. I don’t judge, I just don’t see why you think it’s immature to want to have a social life.
There are parts of the world that run on WhatsApp. In Brazil it is impossible to live a normal life without it, as absolutely everything from shopping to parking to healthcare is managed through WhatsApp specifically.
I have same situation and:
- tell parents and teachers I can be reached at xxx-xxx-xxxx if they need anything
- absolutely never had meta-requirement to volunteer. if I did I would 100% know my time there is better spent elsewhere
I am not going to suggest you anything except to tell you that you can live a beautiful live outside of the meta-world. it is super easy
"I am not going to suggest you anything except to tell you that you can live a beautiful live outside of the meta-world. it is super easy"
Great it is super easy for you, but why do you think your individual experience is valid for other people (who might be thousands of km away in a very different setting)?
it may not be but I’ve also heard this excuse a million times before. and whatever the situation is meta products can be avoided. we just have a tendency to give into “hey, we have WhateverSupApp group, why don’t you just install garbage on your phone to be a member of this cool group… thanks, but no thanks :)
Not Meta, but I bump into IRL things that require a Google account all the time, and they won't even negotiate. Get a Google account or get out.
“thanks, I am out” is the way to reply to that situation
Because super vast majority of the population doesn't care. You can just look at the leaks from the last decade and its outcomes. Every company that deals with socials also know that people only care about their privacy within their own small circle. As in, they only care about privacy within their own small bubbles.
Imagine a small local non-profit with 5000 likes on their page. They might be trying their darnedest to improve their newsletter numbers, but they still need to be on Facebook.
Imagine that times a billion.
meta has made everyone believe that only through their platform can you grow your non-profits and whatnots. and they are obviously great at this, everyone bought that shit. you can organically grow (especially small) non-profits without fucking meta apps.
Easily.
The alternatives are also probably up to the same sketchy shit, so your choices are to be a hermit, or accept that your services will spy on you.
If you want to participate in society, you have to either trust a very large list of untrustworthy people... Or acknowledge that they are untrustworthy, and mitigate accordingly. Part of that mitigation is accepting the possibility that if the Mossad want to murder you by blowing up your toaster, nobody's going to stop them.
> Part of that mitigation is accepting the possibility that if the Mossad want to murder you by blowing up your toaster, nobody's going to stop them.
People are not accepting that possibility, they are assuming it will not happen to them and that they are not a target of interest.
Change that assumption and attitudes toward privacy also change.
don’t use any alternatives. I have been off social media for years now and my life and health and relationships and career and … have improved so much I cannot put it in words. even if one says “well that’s crazy, I must get my dopamine through an “app” on my phone meta is on another level of insanity to even consider infesting your life and especially your loved one’s life
Checking out of society or any number of other activities you don't feel a huge need for may work for you. You are not everyone and what works for you may not be appropriate for any other individual or group of individuals.
> I have been off social media for years now and my life and health and relationships and career and … have improved so much I cannot put it in words.
It sounds like you personally had a problem. Congratulations I suppose on solving it. However, I have no such issues. My life, health and relationships are all already where I want them to be, and are not impacted by occasional interaction with others through technology as luckily, I have had no such struggles with self control or moderation.
My relationships would be impacted on the other hand if I was to throw a big toddler tantrum about using whatsapp for two weeks whilst i'm overseas with my employer and twenty other people. So i'm probably not going to do that.
Sure, I can also avoid putting chemicals on my body by washing my hair with apple cider vinegar and baking soda, and I can also churn my own butter by hand, and if mom wants to hear from me, she can cross an international border and drive for five hours, with her travels being logged by countless security and traffic cameras, gas station payment processors, and no less than two governments, so that she can converse with me in person in my RF-shielded, copper-lined[1] Faraday-cage basement.
There's social media use and there's social media use. Hacker News, Reddit, Facebook, Instagram, Whatsapp, EMail, and my phone's SMS systems all serve dramatically different purposes, and all of them are a varied mix of pros and cons and risks.
---
[1] Any Arcanist worth his salt knows that copper has no name, and thus cannot be turned against you.
Hyperbole much? The only social network I use is HN. As a matter of fact last week I was chaperoning a middle school parade. The other chaperones wanted to make a WhatsApp chat group t0 keep in touch during the parade - which I rejected as a matter of principle; so we did a phone chat group. I do not wash my hair with vinegar or do any of the other nonsense you mentioned.
this is too funny how you mind believes social media is “advancement in society” of any kind… don’t blame you though, you are with the majority (and you know what they say when you are… :) )
I believe nothing of the sort about social (or mass) media.
I do, however, believe that you aren't engaging with what I'm saying, or recognizing some very obvious logical holes in your arguments. Your argument seems to be one of dogma, not one of reason.
huh? let me quote one of the commenters here and see if you recognize the words
Sure, I can also avoid putting chemicals on my body by washing my hair with apple cider vinegar and baking soda, and I can also churn my own butter by hand…
Could you read the rest of the words in that post?
There are a lot more of them, and they are kind of integral to its meaning.
c’mon mate, the first sentence is the most important sentence to reel me in :)
jokes aside, I did read your entire post and I don’t disagree with a single word you wrote. I still don’t understand why anyone in their right mind would install a Meta-owned application on their PHONE. Lots of people overall and number on this thread go with “hey, the GOVERNMENT is already spying on you so why don’t I also let one of the most evil corporations in the history of mankind access to all my everything too… I don’t expect privacy in general, it is 2025 after all and we are talking on HN but these silly “plate reader excuses” are really too much… like saying “well the government can obviously break into my home whenever they want (in 2025 without a warrant as well) so why don’t I leave the door wide open, if government can enter why would I care if someone else does :)
Can confim: baking soda and vinagur work great for hair washing.
Signal lagged so far in polish and features that getting friends and family to use it was doa. So I can choose to communicate with friends and family on the apps they use, or I make it very difficult for them to communicate with me.
That ends with them mostly not communicating with me, not with them switching apps.
don’t your friends and family have phone numbers? I have right now 12 active groups on my text messages. why on earth do you need “app”??! I am lost …
Group messaging via sms is terrible. So is photo sharing.
all these are easy excuses… you are here on HN, probably some dope SWE doing amazing shit, I am sure you are more than capable of solving any “picture sharing” problem that is an issue with SMS.
I am not capable of solving shitty downscaled image sharing; flakiness with mms message receipt (esp photos) both on tmobile and verizon; and even worse downscaled video sharing. Because those cannot be addressed by anyone but the telcos.
Nor the inability to add people to groups. sms doesn't have groups; it has pools of numbers. And it works terribly when, eg, one of you is traveling or living outside the US.
You send the photo via mms. When there's that one great shot you really want to save, ask them to email it to you. This isn't nearly as hard as you make it out to be.
really? what are you missing, emojis by Kim Kardashian for $19.99 per month?
> I have right now 12 active groups on my text messages.
You're definitely in a minority. Most people send and receive zero non-MFA related SMS.
You're using a telephone to call and message people?
If you think that your phone provider isn't spying on you, I would like to cut you into an incredible, once-in-a-lifetime investment opportunity in some Louisiana waterfront property.
All I need is your phone number, mother's maiden name, ...
sure, NSA might be :) but not Meta…
And China. And likely lots of other nations.
https://www.nbcnews.com/tech/security/chinese-hackers-stole-...
got no problems with China, their entire existence is not predicated on selling shit to people and fucking with our youth.
Signal can’t be trusted
I agree, I think you should just go with tried&true trusted apps made by guy who could not get laid in high school and is trying to compensate for that by fucking with you and all your loved ones that install his shitware on their phones :)
I was around for a lot of these. In none of these cases did Meta lie. They are all either fake or honest mistakes that Meta never lied about.
For the second one in particular, Meta never listened to anyone's mic. I would know, I worked on this stuff there at that time.
Interesting, you say Facebook didn’t listen to anyone’s audio, yet they themselves admit their contractors routinely did: https://www.theguardian.com/technology/2019/aug/13/facebook-...
They even paid them to do transcribe chats: https://www.bloomberg.com/news/articles/2019-08-13/facebook-...
And this is just the publicly known stuff. So perhaps you weren’t privy to everything?
So Facebook (not Meta at the time) just “forgot” to turn off the camera after they were done with it? Sounds reasonable… except wait, they were actively re-activating it while you were scrolling, and until iOS 14 users were none-the-wiser. If it was an honest mistake, do you think FB testers would have not caught it during the MONTHS between iOS 14 developer preview and release? And yet, for this one I do think it was probably a bug about when to activate the camera.
https://medium.com/macoclock/apples-ios-14-catches-facebook-...
Actually not even that. What happened was we added a mechanism to preload the camera to reduce startup time. And it was not gathering any data
You're confusing the audio calls with secretly listening to microphone, which never happened
Are you doing one of those 'a lie requires intention, and we can't know their internal state of mind, so we can't know if something is a lie unless they tell us' things?
Do you consider misrepresentation a lie?
If there's a lawsuit which determines that Meta misrepresented something, do you consider that a lie, even if Meta says it was merely on honest mistake made in good faith?
If the European Commission "fines Facebook €110 million for providing misleading information about WhatsApp takeover" and that "contrary to Facebook's statements in the 2014 merger review process, the technical possibility of automatically matching Facebook and WhatsApp users' identities already existed in 2014, and that Facebook staff were aware of such a possibility" then that statement was not actually a lie, right, because no one at Facebook said they lied, correct?
Can you give an example of any company which has lied, but where the company officials have never agreed with that conclusion?
There is a long history in the US of companies having to pay a fine but never accepting responsibility. https://knowledge.wharton.upenn.edu/article/paying-a-fine-bu...
I don't think they misrepresented anything. The European Commission is wrong on the facts. Technology improved in unpredictable ways.
Large public companies do not lie very often because it's incredibly easily for lies to be discovered, and the penalties are high. There are many examples where the popular narrative is the the company lied, but when you look at details it becomes clear that no lying occurred.
For example, David Rainey probably did not actually lie about the extent of the BP oil spill even though most people still believe he did. He was acquitted by a jury who had access to far more information, and more time to think about it, than anyone else.
[dead]
> like Microsoft did with PRISM or AT&T did with 641A, most likely no one would find out
People did find out.
Only because a select few people had the balls to blow the whistle.
Imagine if Snowden decided to just do his work and move on? How much longer would it have taken for these facts to be revealed to the public?
Also people found out and nothing happened?
So literally no downside to putting a backdoor and lying about it
Even after we found out, nobody cared...
Lots of people cared.
Just like lots of people want universal healthcare, a clean environment, an arms embargo on Israel, affordable housing and education, etc.
It can hard to believe these are majority views sometimes, but that's what you get when the entire media landscape is owned by like 10 people.
- [deleted]
But we knew!
He literally did his work. He worked two jobs.
You can go decompose the binary and check (or monitor network activity). WhatsApp has been audited for implementing E2E encryption and consistently passed.
E2E encryption does not protect against any of this. Whatsapp can still decrypt messages locally and feed back information to meta.
TBF, no-one's as-yet found a Meta binary doing this.
you mean things like having a localhost server running on android service to bypass tracking restrictions and run all of your stuff illegally?
Well, yes, they have been found to bypass tracking restrictions, most recently using Local Mess (https://localmess.github.io/), but they haven't been found exfiltrating WhatsApp private keys or messages in plaintext. And people are looking for this specifically.
Meta lies about all kinds of other things. No reason not to now - they seem to have paid very little penalty so far for getting caught.
Is there any evidence Meta has ever intentionally lied about anything? Like do you have any examples?
From https://www.wired.com/story/facebook-whatsapp-merger-europea...
The European Commission has found that Facebook provided “misleading information” about its 2014 takeover of WhatsApp following an investigation into the deal.
The commission’s complaint relates specifically to the sharing of user data between Facebook and WhatsApp. In a submission to the EU made in August 2014, Facebook said it would not be possible to create a reliable automated system for matching users. In August 2016, WhatsApp announced that it would be linking WhatsApp user phone numbers with Facebook user identities.
I recommend "Careless People" by Sarah Wynn-Something
Read that book in two days. Wild stuff. Of course I don't absolve Sarah Wynn for of her responsibility that is Facebook and it's completely maliciously run company. She is also complicit I don't care how many "I was trying to do the right thing! Whaa!" she sprinkled throughout the book.
The fact that they successfully got the book removed from sale for a while speaks volumes. They not only lie they are encouraged to.
We care about your privacy
The best lies are corporate lies. And those lies are said plainly, calmly, and with a sense not of conviction but rather it it's not a serious claim because it was always a true statement ... just repeating it now.
They are also uttered on TV, in public talks and to a far lesser extent in court. Court is a formal process. Outside it's not. There's a big difference.
“Discounts upto 50%” - shopper finds out one product (that nobody wants) out of 1000 has a discount of 50%, everything else has like 5%.
But the statement itself is technically not a lie, they did say “upto”, lol. That is how corporate speak works
There is some dish detergent that advertises it cleans dishes up to 100% clean. I guess they figure showing “100%” is all that is needed and the dumb public won’t question it further. It’s still an insulting ad.
Ha. This is why the best lawyers in the world work for these people. Over drinks, when I brought up some of the blatant dark patterns in the ad market, someone who worked at one of the biggest companies in the world responded to me bluntly: "yeah, sure, but have we ever lost a case in court over click fraud? No, we have not."
Correct. The best liers like the best bullies are really good at assessing risk. They're honest in close when they sense they're butt is not on the line.
- [deleted]
- [deleted]
- [deleted]
Dark patterns aren't lies though...
And you're not even talking about Meta
I would classify their "oops we reset your privacy settings accidentally again" as a lie. Granted this was a common occurrence in the 2000's, and not so much the last 15 years.
The privacy settings also did not obviously do what their wording suggested - accidental over-sharing was their goal, and the wording was carefully crafted to deceive and confuse. Is that lying? It's a technical argument, and not really relevant - they are shady AF and always have been.
Just to be a bit more clear, this was a while ago. The answer in gp was to the question: "hey, I am not an ads guy, but my friend asked me to look at his account, and he had no geo restriction set. Why did 60% of his clicks for 'barn wedding venue east tennesse' come from Malaysia? Why would so many people from there see that, and click on in it?"
The bragging wasn't about their lawyers' ability in court, it was about their lawyers' ability to draft Terms and Conditions such that they could not be caught in a lie.
And yes, not Meta in this story, but come on.
Congrats on living under a fucking rock. How can you be so oblivion to such an obvious thing? The question should be, when have they ever not lied?
Does web-to-app tracking through localhost on Android that is illegal under GDPR count?
Did they intentionally lie about it? Parent post didn't claim Meta has never broken a law.
Lying by ommission is still lying.
It’s not secret anymore, it’s FAA702 (aka PRISM), and you can bet they are complying with FISA orders.
Meta does lie. They lie about e2e.
Except we dont live in a stasi regime. What the nsa/fbi/cia can get a subpoena for from the courts is well documented in law. So there is no question that meta does provide individual messages. You guys have got to quit living in this fantasy land of big bad g-men just because you like feeling the flutter in your stomach
Palantir, Meta and OpenAI just had executives commissioned as lieutenant colonels in the US armed forces. They are defacto extensions of the US government now.
It is rather shocking seeing how rapidly the US is shifting from all of its historic norms. Trump sees the US as a "store" where he dictates the terms, he directly has control over US Steel after the Nippon Steel "takeover" -- straight out of the communist central control dictums -- and now US major corporations are embedded in the US military.
It is insane. This is stuff people accused China of for time eternal but apparently it was taken as a good lesson to learn from.
But absolutely no one outside the US -- whether enemies or allies -- should trust anything from US corporations now. The country has fallen.
- [deleted]
It’s not lying if a corporation strictly follows the dictates of a national security letter.
“They told me to lie” does not make it any less a lie.
"'specific information request to government" == fully automated requests for literally everything all the time.
I think group messages would still be considered personal. It would only be messages you send to a business or in a group with a business that wouldn't be personal.
They're under the CLOUD Act, doesn't matter what their policies say.
Aren’t groups end-end encrypted still, with key exchange on joining groups?
Does the WhatsApp program generate and store/mange the private keys? If so, it would be possible for the program to send private keys on request, effectively backdooring the endpoint. Such an arrangement would allow Meta to put its hand on it heart and truthfully say it is end-to-end encrypted (on the network), whilst still providing a way around it.
Yes, but users can compare fingerprints (sure, most probably don't, but it's definitely a deterrence against MITMing all conversations by default), receive warnings whenever fingerprints change etc.
There's also supposedly a key transparency service deployed (similar to Certificate Transparency), but I haven't looked into that in detail.
Sharing private keys gets around all that.
That would require explicit code to do so, which would probably be extremely hard to explain away.
Are people publicly archiving, reverse engineering, and auditing every single version of Whatsapp?
Would you even know if you got a special copy of Whatsapp (still signed by Meta and valid) that has this explicit code?
> Are people publicly archiving, reverse engineering, and auditing every single version of Whatsapp?
Absolutely for archiving: https://androidapks.com/whatsapp-messenger/com-whatsapp/old/
Reverse engineering to some extent as well – it's an extremely popular app, and as such attracts both security researchers and bloggers that just want to get scoops on new features behind feature flags etc.
> Would you even know if you got a special copy of Whatsapp (still signed by Meta and valid) that has this explicit code?
Given the above, it's feasible – at least on Android, it's fairly easy to hash the .apk you've received and compare it to publicly know versions.
The threat of somebody finding unusual code on their phone will probably not deter targeted deploys by sophisticated/state level actors to specific users, but it goes some way towards making it implausible that everybody is running a backdoored version, potentially backdoored by Meta themselves, which is arguably the goal.
Yeah. Go review eg. okta verify apk and tell me it doesn't do anything nefarious. It's an app that basically just does a TOTP hash from some short secret for all I care/use it for. I can probably implement what it does for me in about 200-300 lines of C code without any dependencies.
The shit app has 60 MiB compressed. I was not even able to find where in the code it works with the damn secrets it uses for TOTP.
Now do WhatsApp with its zillion features.
If you mean that it's hard to explain away for the devs themselves, then people do much worse things in this world, and are able explain it to themselves just fine as something good, even.
PRISM too.
Meta works by identifying users, modelling their behavior, and then combining that data with third party sources (typically your financial activities) and then selling access to that data to third parties. Mostly for advertising.
When you use credit or debit cards your transactions and data related to it is collected and sold. When you apply for mortgages and close on a house all that information you put in there is collected and sold.
When you put your address in for the post office, when you apply for a drivers or fishing license... Your local governments collect that information and sell access to it.
Meta tries to then tie in your online and app/phone activity with your legal/financial identity it can obtain through partner data brokers.
This is Facebook's businesses model.
So, yes, this data is available to pretty much anybody that is willing to pay for it. Which includes governments.
None of this should be surprising to anybody at this point. Apple, Google, Microsoft, etc.. all of these companies will do this to greater or lesser extents nowadays since has worked out so well for Meta's bottom line.
And they are legally required to do this in most places
I don't know why you are being downvoted.
https://transparency.meta.com/reports/government-data-reques...
They can't see your messages but then can give ips or accounts that can be inferred to be related given the info meta has access to
Also take the "can't see your messages" statement with a grain of salt. Like the famous Lotus Notes backdoor [1] they might have given the government an easy(ier) way to decrypt those messages.
The backdoor in Lotus Notes (differential cryptography) wasn't a secret. It was public information. Ray Ozzie used it as a way to circumvent US encryption export laws. Today companies have to be more discrete.
[1] http://www.cypherspace.org/adam/hacks/lotus-nsa-key.html
Yep. Learning to read legal is an invaluable modern skill.
De Morgan's transformations come in handy here :^)
it's well know they track
group messages and messages (metadata),
messages to business accounts (these they can read in full as the client send to a meta owned private key),
and who forwards media to who (deduplication and cdn)
and links (thanks to previews)
and it scans and uploads your contact list in full all the time.
I mean, i would be pretty shocked if meta refused to honour american search warrants/NSL.
The real question is where they draw the line, not if they do it ever.
Unfortunately, They has no lines.
This is just a lie. I personally know somebody who worked at meta and they had a whole set of teams dedicated to building tools for governments to mass-export data based on their queries
Now I don't know the exact details of which governments had which access (was it just for warrants, which nations, what was the line between actual terrorist versus persecuting journalists), but there was absolutely bulk export and the fact that they are lying about it makes me inclined to presume the worst.
Remember Snowden outlined the Google<>US government interface:
The US agency would type in the gmail address of the subject (ie the primary key/identifier) and somewhere between the agency and Google a decision would be automatically made as to whether the owner of the account was a US person* or not.
If yes - FISA warrant was required
If no - the US agency user would have immediate access to the entire google account (think Google Take Out).
In other words, if you were not a US person there was no duty to protect data.
* = US Person is either a US citizen located anywhere in the world or anyone of any nationality who is physically in the US (current interpretation includes visa holders, visitors and even undocumented but that's shifting)
Isn't it more likely that Meta has been infiltrated by Mossad, just as they no doubt have by other intelligence services and they use these insiders to exfiltrate location data on specific targets?
Sandberg herself does teary, falsehood ridden war propaganda videos for Israel, these days.
Microsoft shared data early on with IDF to help target their users (would have to check their ToS to see if there's a clause for that there).
I doubt there's any need to hide anything inside these kinds of companies. Leaders there likely believe they're doing the right thing helping "the good cause" by supporting extrajudicial executions of people. At worst they'll have to kick out employees who'll raise their voices, like they already did many times. No biggie.
> building tools for governments to mass-export data based on their queries
While I can totally imagine that governments would mass-export data, and I don’t doubt your friends claim, I can also imagine more innocent interpretation of this work.
I once worked on a large company’s GDPR data-export project. It was a large enough company that it also had a dedicated team to handle legal requests regularly from government(s). GDPR exporting needs to work “at scale” for all accounts, without human-in-the-loop work, and without causing any load issues to running services. The same system also handled legal requests, where the legal team could get an export for a user (almost) identically to the process of a user getting their own data. The legal team had tools set up to work with warrants, subpoenas and similar (internationally) legal data requests from courts and law enforcement. It looks like a “mass export” system, because it was, but it wasn’t used in “bulk requests” from the legal system.
Yes, I can imagine a benign use of this technology, but past behavior and the PR dishonesty have given me no reason to prefer the most benign interpretation over the most profitable interpretation.
If however they said something more authentic like "We export data in all these cases, in all these countries, and it's never more than .01% of users in a given country, and it never includes freedom-of-speech crimes, and ..." or something then maybe I'd be inclined to consider that.
- [deleted]
Re: "we don’t keep logs of who everyone is messaging"
From https://faq.whatsapp.com/444002211197967/?locale=en_US:
> In the ordinary course of providing our service, WhatsApp does not store messages once they are delivered or transaction logs of such delivered messages. Undelivered messages are deleted from our servers after 30 days. As stated in the WhatsApp Privacy Policy, we may collect, use, preserve, and share user information if we have a good-faith belief that it is reasonably necessary to (a) keep our users safe, (b) detect, investigate, and prevent illegal activity, (c) respond to legal process, or to government requests, (d) enforce our Terms and policies. This may include information about how some users interact with others on our service. We also offer end-to-end encryption for our services, which is always activated. End-to-end encryption means that messages are encrypted to protect against WhatsApp and third parties from reading them. Additional information about WhatsApp's security can be found here.
Note specifically "information about how some users interact with others on our service", which contradicts their claim they don't keep logs of which people are messaging each other.
I think rdrd just missed that piece of the fine wordsmithing - so long as there's at least one person not included in that "some users", then "we don’t keep logs of who EVERYONE is messaging" is still true.
[dead]
This is the company that built a secret localhost listener on Android so that they could track users across websites even in private mode. Do not believe this for a second.
I'm much more inclined to believe they track everything in high precision and also MITM all the messages. Especially now that they are inserting ads.
> Especially now that they are inserting ads.
I'm no apologist for Facebook, none of whose services I use. But get your facts straight. They are not 'inserting ads' in your chats, as you imply. AFAIK they are adding adds to the never-used 'Updates' tab.
Annoying from an ad perspective, no doubt. Vastly different from a are-they-MITMing-your-messages perspective.
Thanks for clarifying. I don't use any Meta stuff so I only read about it.
It's like the game where you say the same sentence but emphasize a different word each time.
"WE don’t keep logs of who everyone is messaging..."
"We don't KEEP logs of everyone who is messaging..."
"We don't keep logs of EVERYONE who is messaging..."
Etc.
It's not that nefarious.
> We do not track your PRECISE location
If they log IP addresses, they can't say they don't log location at all.
> we don’t keep logs of who everyone is messaging
Seems like a pretty strong claim
> we do not track the PERSONAL messages people are sending one another
I don't know much about their business offering, but it seems likely it's not e2e encrypted or has some kind of escrow. Businesses often multiple people to be able to access an account and that is best done without e2e encryption... let alone auditing requirements.
> We do not provide BULK information to any government
Because they are subject to subpoena and search warrants. They are legally required to provided tailored information to governments.
====
All in all it's pretty much what you'd expect for Whatsapp's "e2e but otherwise conventional saas" approach. If you want better, use signal.
Aren't push notifications logged and used for getting people's data? This was in the news over a year ago: https://www.wired.com/story/apple-google-push-notification-s...
In general, all your personal information stored with Google or Apple or any other American company is subject to getting requested by a court order. If you listen to any of the True Crime podcasts, you'll always hear how google searches and cell tower location are always presented in a trial as evidence. People here always think they are so smart saying
> Actualllly you can't prove that it was me who made that search query.
> Actualllly you can't prove that it was me who had that cellphone around that cell tower. Could have been anybody. I could have been hacked.
Judges always allow those evidence and jury always views it as incriminating. What makes more sense, that some unknown hacker hacked into your account and googled something about the thing you're here for, or that you actually just googled it yourself?
I was on a jury where data like this harvested from Facebook pushed us beyond a reasonable doubt. There was just enough doubt to acquit or have a hung jury with only the physical evidence and eye witnesses. There was plenty of doubt with only the social media stuff. When you put all of it together, we reached a verdict pretty quickly.
When a CIA drone operator and their commander is behind the button, they give even less of a shit than a jury. No one will ever prosecute them.
Definitely, but they don't have to contain any (plaintext) message content for encrypted messengers.
On Android, push notifications were always processed by the receiving app, so it can just decrypt a payload directly (or download new messages from the server and decrypt these); on iOS, this isn't as reliable (e.g. swiping the app out of the app switcher used to break it in several iOS versions), but "VoIP notifications" and the newer "message decryption extension" [1] are.
The same principle applies to Web Push – I believe end-to-end encryption is even mandatory there.
[1] https://developer.apple.com/documentation/usernotifications/...
They don't need meta's cooperation for this, they can burn one of their 0-click 0-day exploits and target everyone they need to.
Additionally the NSA has all Meta and WhatsApp servers directly tapped and can just harvest data, oops i mean 'meta data', that way. Then just pass that info to Israel when their internal systems get an alert on good intel.
> Then just pass that info to Israel when their internal systems get an alert on good intel.
And on top of that if you want make any money with company like X, you need to send your biometrics to some company in Israel. What is this Israel and surveillance capitalism? Or has this always being the case, and I am just now start to realizing it.
[dead]
Wow that is next level WORD SMITHERY!!
Zuck dribbled and 3D Chessed the Law
META DATA. Literally they did say truthfully they "only" read all the Meta Data, which is actually all data of the company Meta.
> Zuck dribbled and 3D Chessed the Law
Mixed metaphors aside, you can't cheat the law by naming yourself something.
Well, you can try, but the courts take a dim view of it.
> > Zuck dribbled and 3D Chessed the Law
> Mixed metaphors aside
Zapp hit that bullseye, causing the rest of the dominoes to fall like a house of cards. Checkmate.
> we don’t keep logs of who everyone is messaging
Surely they must, how else are the messages… you know… available when you use the app?
IME, they're stored on device only. If you've ever moved phones this becomes painfully obvious unless you've setup backups to your personal Google Drive (native integration with app).
I'm not saying I believe their statement, but in principle they could be storing messages indexed by recipient and have the sender id be part of the encrypted content? Then you can drop messages in each user's inbox as they arrive, from which the user's app can read, but not have stored enough information to retroactively query "Show me everyone Alice has talked to"?
It’s a lie. Russia Ukraine war demonstrated clearly that everything you write in whatsapp, your location, any photo etc are easily accessible and monitored in real time by USA government and their three letter agencies.
"we don’t keep logs of who EVERYONE is messaging"
just selected people then?
Yep, they confirm it here: https://faq.whatsapp.com/444002211197967/?locale=en_US
"This may include information about how some users interact with others on our service."
"We don't log whom Zuck is messaging, and therefore the statement 'we don't keep logs of who[m] everyone is messaging' is mathematically true!"
That's doubly suspicious, so they can, by that statement readily hand over your imprecise other-than-personal messages at an individual level to the Israelis.
This, also “logs of who EVERYONE is messaging”
Why would anyone care what they say. Judging by their previous behavior it is safe to say that if their lips are moving - they're lying
Yes, it's lying with a tiny bit of plausible deniability.
"We" don't but these other guys with logins do.
I wonder if the people of Iraq have an intuitive understanding of just how much more useful the information Facebook does track is like we do.
This isn’t some conspiracy, it’s just CYA. They know your general location from your IP and device APIs, they don’t encrypt business messaging, and they comply with subpoenas.