The Fuss of Privacy on WhatsApp and Open Source Apps

The Fuss of Privacy on WhatsApp and Open Source Apps

Last Updated on 3 years by Piyush Jain


Before you proceed to read the article, I would like to tell the readers that the article expresses the views quite different from the current furor going on with respect to privacy. They may sound biased towards major social media players, but I have tried to account for the pragmatism with respect to data, it’s effects, business, and the way forward. I would request you to air back your opinion if you agree with me or think otherwise.

Individuals involved (It is not necessary that they will be referred to, in the article further):

  1. Mark Zuckerberg – CEO, FaceBook.
  2. Aleksandr Kogan – Chief Data Scientist, Cambridge Analytica.
  3. Alexander Nix – CEO, Cambridge Analytica.
  4. Christopher Wylie – Data Consultant, Cambridge Analytica.
  5. Ted Cruz – Republican Senator, Main campaigners for Donald Trump.
  6. Shahmir Sanni – Data Scientist, Cambridge Analytica.
  7. Brittany Kaiser – Director, Business Development, Cambridge Analytica.
  8. Steve Bannon – Chief Executive Officer of Trump’s 2016 presidential campaign.
  9. David Caroll – Professor. Asked Cambridge Analytica for its own data, which they refused to give.
  10. Carole Cadwalladr – Investigative Journalist at “The Observer” exposed the Facebook – Cambridge Analytica Scandal.

Let us say you have a stable job with a salary of a few million per annum. Assuming that you are a bit flamboyant but not so extravagant individual. You are searching for a luxury car. You are looking to buy a big size flat, kids going to an expensive school, and a decent amount of cash to invest in mutual funds and stocks after essential savings. Best of the gadgets hone your house, few servants to take care of chores, and parents living with you, who sometimes have few medical needs. You have loads of friends with a decent social movement, and a foreign holiday sometimes. Basically, it means you are an upper middle class with a peaceful life.

On social media, would you like to get recommendations for a new cell phone within the range of 15k? Would you like the recommendation from a not so known developer, for a 3 BHK house closely built without a clubhouse, a swimming pool, and proper parking?

Would it be ok to go to a mediocre hospital for your parents, compromising on the cleanliness and reputation, due to the cost factor?

The point I am trying to drive through is that there would be no benefit of target marketing if one gets irrelevant advertisements through any mode. A person will prefer the advertisements of the products that are within his financial reach and are of his needs. Anything above or below one’s status is a waste of his time and money, as well as draining the advertisers’ money, without possible benefit. Would you like it, if you were in an advertiser’s shoes?

Remember when the Government of India (like other governments) used to conduct specific surveys to understand the socio-economic pattern of the households in the areas. This was to plan for the education system, infrastructure, benefit schemes, medical requirements, and other planning/implementation activities. This was important for the right channelization of the finances and efforts for the benefit of all. With respect to India, privacy discussion took the center stage with the coming of Aadhar Card and its usage. You can find more deliberation on this in my book review “Privacy 3.0: Unlocking Our Data Driven Future, By Rahul Matthan

Your credit score is the single biggest parameter for the financial institutions to assess your credibility and avoid NPAs when they give loans. As obvious, this helps make our financial system stronger. For this again, data is required, which either be your financial standing, credit history, or repayment behavior.

You are traveling on Delhi roads in a particular time window regularly but have once visited Mumbai. Would you like to get the traffic condition of Delhi or Mumbai? Here again, privacy mattered if you are picky about things, but how much would it matter to you, if you are getting unsolicited information.

Charging your phone and its discharge pattern is one of the indicators of your caring behavior. But it is not the only one. If one would be careless in the same, then those signs will come out in other facets of life too. Your dressing pattern, hygiene, upkeep of your vehicle, and many others. So how does disclosure of this aspect impact someone? A person with a good pattern in mobile charging may be a good starting point for a finance company to see a responsible customer.

These apps also can identify the phone and its specific models. There are again two aspects to it. First is, this helps identify the behavior of the apps on the specific phones. In case, on some phones, the app starts giving an error, this can be corrected and a new version is released. 

The second aspect is towards marketing. On a holistic basis, the creator of the app will identify what is the segment which uses their app. They know if the users may be a potential target to sell a particular target product. It may not be a good idea to sell an exotic international holiday package to a low-end mobile phone owner.

Still, this may not be the only aspect of the judgment. They will further assess his other aspects also, but this will help weed out other possible risky ones.

But then why is so much fuss on privacy? Where do things go wrong? Where are they overhyped?

Bots, APIs, and business communication. These are additional modes apart from the normal messaging mode where users communicate with the business for their needs. These mediums are developed and used to interact with the users in case of specific need. Let us say, you are a user of a certain brand of appliance or service, and you send a message to the specific WhatsApp or Telegram number, then an automated BOT or a Customer Service Desk professional will answer your question. Generally, this data is proprietary to the organization, and they will not sell it. But they can surely use it to upsell or cross-sell their product or service, which is quite normal for business. It is quite similar to a known finance agent coming back to you for selling a new scheme.

Where does the wrong part come from? As we all know that these apps secure their communication using TLS (Transport Layer Security) or SSL (Secure Sockets Layer), the question of snipping in between does not arise. Communication data breach between two individuals or within the (private) group is out of the question, while the communication between business may be visible to many on the business side, to all in customer service roles. Earlier too, this communication was visible. The onus of maintaining data secrecy is with the business and they should be deploying all technical, process, and HR measures to ensure prevention of leak of data through any source. GDPR and other regulatory compliances are already in place. For violating the privacy regulations, companies have been penalized, and their employees fired (or sued).

The explicit wrong part is, for example when someone announces a wedding in the family, or I broadcast to my friends in my private group about my intent of an international trip, and that is broadcasted to the business too. In an extreme case, if I share some naughty pictures to my close friend through a private message and someone else is able to see them. On the basis of that, a third party reaches out to me for their vested interest. This can be anything imaginable. There had been instances when the burglary happened in houses when miscreants saw peoples’ FaceBook posts of going on vacations. Companies spying on a prospective hire, or the recent #ArnabGate issue, where someone from his office stole his chat and shared it with the world. After that, you can see how many cans of worms were opened.

Let us say, I make a maximum limit of WhatsApp payment every day to anyone/someone regularly. If WhatsApp sells the data about my financial prowess to someone, then this is wrong and illegal. This is also not feasible technically as all this data is encrypted end-to-end, as well as comes under PCI-DSS compliances ensured by technical, process, and legal means. WhatsApp cannot disclose or sell it to anyone. They have to disclose the data only in case a law enforcement agency asked for it under legal (court) orders.

Any communication targeted specifically to an individual is wrong. For example, in your communication with friends, or private groups, if you state the liking of a particular cuisine, and start getting advertisements of restaurants of that cuisine. This does happen when you do web surfing, the cookies facilitate the same. You search for an Italian restaurant a few times, and advertisements for the Italian restaurants start popping up. Likewise for the products too.

What is different in the new policy of WhatsApp? When you communicate with businesses using BOTs, then the information is visible to WhatsApp. This information along with your Facebook interests will be used to display advertisements.

This should not be of so much concern, then why is there such hue and cry over privacy? Because of the hot and sour relationship with these social media applications. Our connections and interests keep us addicted to social media. On the other hand, we see some, or the other stranger/business have our information, without our consent.

Social media was misused in 2 ways. First by the data breach, and the second way is through misuse of the platform.

A good example of a data breach was Cambridge Analytica (CA) scandal. Was Facebook at complete fault when the Cambridge Analytica issue stuck it? Did Facebook for business interest, voluntarily give data to Cambridge Analytica taking some money from them? One needs to understand the modus operandi.

Cambridge Analytica, a British company, found a loophole in the Facebook policy and exploited it. Aleksandr Kogan of Cambridge Analytica creatively designed a survey that you would be lured to answer. He is a deadly combination of a degree in Psychology and data science. Under the Cambridge Analytica umbrella, he built a Facebook app “thisisyourdigitallife” extracted data of 87 million users to further mine it for various purposes. At the start of the survey itself, it would take the consent from you (which you never read), for fetching you and your friends’ data.

While you took the survey, it could classify your personality on the basis of the top 5 traits. Apart from this, it could also classify your friends into some categories using the data fetched from Facebook and invite them as well to take this survey. On the basis of that, it advised the clients to prepare the advertisements on the basis of the categories prepared. On the basis of the category, you are in, the advertisement of the emotional sense you are, will be broadcasted to you. Research conducted and papers written states that if the right chord is stuck then you can be brainwashed and your opinion can be changed without your knowing it. This is an old management technique to influence people or in raw words called “Consultancy”.

Check out https://cse.buffalo.edu/~chandola/teaching/mlseminardocs/MassiveContagion.pdf or https://www.pnas.org/content/111/24/8788. In easier words, you will observe that your emotions change according to the genre of the movie you watch. A comedy movie would get you happy and excited, while a horror movie would seed anxiety and fear in you. Again the question comes, was Facebook at fault here? No and Yes.

Why No? Facebook kept the data open without the awareness that the data can be extracted and misused in this manner.

Why Yes? Sensing how big and popular Facebook grew, it should not have ignored that fact and should have thought through this legal aspect.

Later on, it did correct its data distribution policy, but till then this episode had sowed distrust in the people.

On the second modus operandi, Facebook kept the platform relatively open, without much scrutiny, just like airports in the US before 9/11. A company, “Internet Research Agency” (IRA) in Russia went ahead and cashed this loophole. They sent a few of their employees on the US trip to understand the US culture and the general psyche. They used this knowledge to create the fake IDs and achieve their motives. What were their motives? “Influence the US elections outcome”.

Many politicians from the US itself funded this initiative to influence the elections. IRA employees (who were Russians) in a fake cover of being US citizens, wrote Anti-democrats and pro-republican posts on Facebook. They aimed to malign Hillary Clinton and promote Donald Trump. The Mueller Report found the IRA spent only $100,000 for more than 3,500 Facebook advertisements from June 2015 to May 2017, which included anti-Clinton and pro-Trump advertisements. While facebook earned $ 81 Million during this presidential campaign. Later, Facebook analyzed and found that these posts from IRA, somehow or the other, reached 126 million Americans. This also shows the power of the platform, that it could enable foreign power to interfere in the internal matters of a country. We also saw the power of social media during Arab Spring which created a situation of civil war in the countries affected. This is called psychological warfare.

It is as good as saying that the blame for the kidnapping goes to the car manufacturer, which was used in the crime. Though, it does not leave Facebook completely innocent. The platform was used for the same, and this is not a stand-alone product, like a car.

To some extent though small, these loopholes influenced some major events in the world, like the 2016 US Presidential elections, Brexit, and few other elections all over the world. It displayed that now borders are open, and internal matters are not internal anymore. If someone spends more money, he could influence some other country without speaking a word, or firing a bullet.

Christopher Willie in his book “MindF*ck” states all this. (Also gives me a new book to read for next review). While Christopher exited Cambridge Analytica quite early before all the game started, Brittany Kaiser went through the whole of the episode and stated it in her book “Targeted: the Cambridge Analytica whistleblower’s the inside story of how big data, Trump, and Facebook broke democracy and how it can happen again”.

While Facebook thought that engineering can resolve the fake news issue, it had to shift to hire content reviewers to analyze the posts of their correctness and intent. They went ahead and hired more than 3000 content reviewers in different languages and domains.

Facebook has patched its way in the same, and since it has more than the brunt of $5 Billion penalties from court orders, it is expected that it will take every step to not enter that sort of trap further.

How does the entry of open source apps play in this market?

We should not be overwhelmed with the word “open-source”. When the app is holding data of millions of people, the company has no income source, no financial muscle power, and projection, then it is as good as giving a costly and big diamond to a weak and poor man. It is not a product that when exits the shelf, the open-source company is absolved of the responsibility as it states in its terms and conditions.

Open Sources are prone to attacks, and they do not have enough workforce to ensure the process and data compliance. People involved in the open-source app platform may not have enough motivation to ensure data safety. The open-source app will live at the mercy of donations. There may be a possibility that the app is acquired by some big company, but then what will be the motivation of it to acquire that app? It would again be the data, and the audience. We all know Wikipedia. Being an open-source encyclopedia, Wikipedia makes money through donations and selling merchandise. It is always in a struggle for survival.

There ain’t no such thing as a free lunch. You can’t have your cake and eat it too. When one gives his phone number to enter a free lottery scheme of prize money of $1000, is the person really entering a lottery scheme? The lottery company is getting a million phone numbers of people interested in money, for the cost of $1000.

If one has to save himself from these unknown pitfalls, then one has to be careful himself in divulging his information to unknown/untrusted sources. It is as good as saying to drive carefully and be wary of the reckless drivers on the road to save yourself from them. Or be aware of the pickpockets when you are walking on the road. In the digital world, this is the precaution one has to take to keep himself safe.

In India, the Government is trying to protect its citizens, while allowing these apps to be used. We are discussing the use of data in the form of PI (Personal Information) and non-PI data. If one closely examines, even after anonymization, and isolation of PI data, a few numbers of factors (say utmost 4 factors and 6 factors in the population like the US and India respectively) can easily zero-in on the specific user from the data. Apart from that, all the roles stated in privacy protection (Data Principal, Custodian, Trustee, Trust, Fiduciary) are on the payrolls of the company itself. It is as good as setting up a wolf to guard the sheep. This itself places doubt on where the loyalties of these roles would be.

WhatsApp did ask us for only 99 cents a year in 2016 to generate revenue from 2 Billion users sending 65 Billion messages, making 2 billion minutes of calls per day, in 180 countries, but it fired back. On the basis of that revenue, it could generate a market valuation for Facebook. After spending $ 19 Billion, where would Facebook benefit from its acquisition? Regulatory bodies (like FTC) should have resolved these concerns (and not just a warning) and then give a go-ahead to this acquisition. Facebook cannot be held on ransom using the gun of privacy. Here too (I reiterate) that Facebook is looking for business using the WhatsApp business API only, and not using any private chats.

Let’s grow up and understand that any effort and engagement of people has a price to pay. As a user, you give time and be an object of advertisement, and as a company, you gain data and an understanding of the market demands. Privacy is a myth, just like democracy. The lower your digital footprints, the safer you will be.

References:

  1. https://soccermatics.medium.com/my-interview-with-aleksander-kogan-what-cambridge-analytica-were-trying-to-do-and-why-their-f869ef65d945
  2. https://sites.google.com/michalkosinski.com/mypersonality
  3. https://amzn.to/3c7EEO2
  4. https://www.theguardian.com/news/2018/mar/17/data-war-whistleblower-christopher-wylie-faceook-nix-bannon-trump
  5. https://www.dw.com/en/facebooks-cambridge-analytica-data-scandal-what-you-need-to-know/a-43071390
  6. https://www.dw.com/en/cambridge-analytica-facebooks-mark-zuckerberg-summoned-to-uk-parliament-in-data-misuse-case/a-43055148
  7. https://www.dw.com/en/facebook-faces-5-billion-fine-over-privacy-violations/a-49575702
  8. https://en.wikipedia.org/wiki/Russian_interference_in_the_2016_United_States_elections
  9. https://tosdr.org/
  10. https://www.pnas.org/content/111/24/8788
  11. https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal
  12.  Micro-targeting – https://www.youtube.com/watch?v=vU_jHjATysU
  13. https://www.theguardian.com/technology/2016/jan/18/whatsapp-drops-subscription-fee-free
  14. https://www.oberlo.in/blog/whatsapp-statistics
  15. https://www.businessofapps.com/data/whatsapp-statistics/
  16. https://static.mygov.in/rest/s3fs-public/mygov_159453381955063671.pdf
  17. https://www.youtube.com/watch?v=juTJOaKSj88
  18. https://www.youtube.com/watch?v=TyAmoIeaN9E
  19. http://www.jantakareporter.com/entertainment/leaked-whatsapp-chat-shows-former-ib-minister-rajyavardhan-singh-rathore-allegedly-stopped-probe-against-arnab-goswami-republic-tv-accused-of-gaining-illegal-access/329225/
  20. https://www.ftc.gov/news-events/press-releases/2014/04/ftc-notifies-facebook-whatsapp-privacy-obligations-light-proposed
  21. https://www.slideshare.net/AdityaPattnaik3/facebook-whatsapp-acquisition-deal-analysis
  22. https://www.theguardian.com/technology/2017/may/07/the-great-british-brexit-robbery-hijacked-democracy

2 thoughts on “The Fuss of Privacy on WhatsApp and Open Source Apps”

  1. Great read Piyush bhai , agree that nothing comes free and once we are out on the “roads” vendors will target based on our dressing/car status etc. An item worth 10 rupees maybe pedaled for 100 depending on the customer “type” .

Comments are closed.

Scroll to Top