as I have already mentioned, I am part of a hacktivist group called cybercirujas. In the telegram group we have, which gathers people from all over Argentina, we were talking about trackers on cell phones. I always show Advanced Privacy from eOS and how it blocks trackers and leaks from the different applications we use on our smartphones. But I had a question about Whatsapp.
Why Privacy Advanced shows me that whatsapp has no leaks and no trackers, and why Telegram does? We were discussing about it. A colleague in the group mentioned that everything can go through Facebook and not Whatsapp. I don’t have facebook on my phone but I do have Whatsapp.
From my experience, I noticed for a long time that Advanced Privacy has trouble blocking trackers from Meta in general. There are a few (unfortunately closed) gitlab issues on this matter. The ideal for you would be to install another tracker blocking app such as Tracker Control and compare results on whatsapp…
My understanding is that WhatsApp funnels everything through the app without need of web based trackers. If this is true then the only way of combatting it is to not use WhatsApp and switch to something safer. For centralised systems I suggest Signal. Alternatively you or one of your group could self host something like XMPP, Matrix, etc.
I am very sceptical about Meta, what does WhatsApp with the 82 permissions? I guess they spy your complete phone and are not interested in sharing the data with other companies, thus they don’t want a third party tracker.
What about disallowing your location to WhatsApp, but they can locate you through WiFi or Bluetooh stations as well. What does Whatsapp do with all your photos? It is allowed to read the location of your photos. It has a look at your open apps and at all your accounts! I don’t think that I would be safe with WhatsApp if I disallowed my location and contacts.
Try convincing your friends using another messenger and eliminate all Meta products from your phone.
I use signal and Threema.
I think that would be the best course of action. I trust Meta as far as I can throw them. I think it’s pretty much guaranteed they’re doing nefarious stuff with your data.
Tracker blockers only block trackers that are known. If Meta is using some proprietary tracker built into their app a tracker blocker would not detect it. They could be uploading your personal data and you’d be none the wiser unless you put a sniffer on your connection. That would not be easy to uncover either.
Open source apps provide the best privacy. They don’t do covert stuff with your data since anyone can look at the source code and see what the software is doing. I always try to find an open source solution. I do have a couple apps from Google store on my phone, but I do my best to avoid them.
Apps typically use third party trackers that are easy to block and most of the time that’s good enough. However you never really know what a proprietary closed source app may be doing. There’s no guarantee an app respects your privacy, and it doesn’t seem to count for much these days.
I second @Vaughan - it’s the inherent limit of dns based blocking. App uses only one domain for all interfacing - can’t filter it. The overall “blocked tracker count” is only a feel good number if you have a handful of big tech apps on your phone.
I think that’s the root of the problem, the bigger they are the more they disrespect their users. Also the more resources they have available to covertly employ data collection for their nefarious purposes.
And big corporations definitely do nefarious stuff to increase market share and profits. They continually skirt the borders of legality, in fact they often move the bar using their power and influence. And don’t believe anything they print, they have no compuction about lying.
BTW what’s so great about WhatsApp that they’ve supposedly been able to rope in a quarter of the global population. I’ve never felt any need for it, don’t even know what it looks like.
I don’t use whatsapp, however this concerns applications in general, 82 authorizations is indeed a lot, if access to the microphone or files and multimedia content is not allowed in the setting, do you think whatsapp can override?
hello!
thank you all very much for your answers. I think I understand then that it is not simple to block Whatsapp and Meta “trackers”.
In my personal case, I use whatsapp for social reasons: I use it at work, my partner uses it, many friends use it, so I can’t stop using it without being isolated from certain social circles. Then, since I use eOS I have minimized the use of proprietary applications on the phone. I don’t have instagram, facebook, twitter or anything like that. Only Whatsapp, Telegram and banking or transport apps. The rest I use all open source applications.
I don’t know which of the 82 authorizations (Report for com.whatsapp 2.25.16.82 - εxodus) can be affected by the user and which are granted as default. I recently found out that many apps continue running in background although you can’t imagine why. You need to block this especially by removing the grant to battery usage in background.
I think exodus-privacy is a blessing as you can see authorizations before installation.
The thing is nobody can say for sure what a closed source app may be doing or not doing in the background. There’s no way to tell without forensic examination beyond the resources of your average user.
The only assurance you may have is what a company publishes about privacy and data collection. Then there’s no guarantee their statements are accurate and truthful.
I have a couple proprietary apps I run myself and I don’t know for sure about those either. If it’s a must have app you just have to pay your nickel and take your chances.
That’s why phones are the worst possible place to store sensitive data, I don’t keep stuff like that on my phone.
I do not run WA and the like but in case I’d have reasons to do so I’d look into sandboxing them in a work profile via shelter (so they can only spy on each other and on the limited content of that profile) and check whether that’s compatible with my use case and every day use as needed. If it overcomplicates things it might not be for me…
May be worth the try.
one solution would be to use a linux pc with the whatsdesk application and make an empty account dedicated to whatsapp, so it won’t have anything to spy on, it won’t have unix rights to spy on other accounts. I used to do this with skype.
I did specify on a linux system, on other accounts or partitions, just chmod -R o-rw, the whatsapp account won’t be able to read anywhere other than its account, another more attractive solution is to use a VM to keep your usual workspace.