The great WhatsApp migration of 2021: How India is waking up to privacy issues

Millions of Indians could lose access to good morning messages and dodgy forwards from their bigoted uncles if they don’t accept WhatsApp’s new privacy policy by May 15. (It was going to be February 8, but the brouhaha covered in this piece has pushed them to extend it only last night.) That bright spot apart, this is actually a daunting prospect for smartphone users around the country who depend on WhatsApp to communicate. WhatsApp is the lifeline of text-based communications in India with a user base that is fast approaching the half-billion mark.

Not since the Department of Telecommunications’ monopoly on telephones ended in the ‘90s has any one entity wielded this level of control over a ubiquitous communication medium in India. And with their new privacy policy, Facebook is trying to set the stage to finally make some serious money out of their 2014 acquisition which has grown exponentially in user-base without a corresponding rise in earnings.

Facebook wants to scale up WhatsApp to be, among other things, a full-fledged ecommerce platform, eyeing some of the success that WeChat has had in China. They envisage a future where business accounts can communicate with prospective customers over WhatsApp, offer them a storefront, and have the users buy and pay for goods and services right within the app itself.

To enable this, Facebook has further lowered the already minimal barrier for data-sharing between WhatsApp and itself. This is also in keeping with Facebook’s larger objective of integrating its various products into one inextricable network, to make life harder for antitrust regulators looking to break up big tech companies.

The changes to WhatsApp’s privacy policy will essentially enable business accounts to host their chats with customers on Facebook’s servers and use them for processing and handling this information, including for serving ads. The business accounts, as always, can do as they please with the information that you convey in the course of these chats, except now they can enlist Facebook’s help for it.

This indirectly gives Facebook some level of access to the content of your communications which it did not have before. The changes don’t affect the privacy of your messages with non-business accounts.

In a delicious twist of irony, a flurry of dubious WhatsApp forwards on the subject has driven users around India (and elsewhere) into a panic, leading to a spike in downloads of rival messaging apps Signal and Telegram. This has prompted WhatsApp to resort to full-page newspaper ads to try and dispel the rumours.

The thrust of the worry is that the contents of your chats are now open for Facebook to read. To get this question out of the way, no, Facebook cannot intercept your chats (and neither can Navika Kumar). All your chats on WhatsApp, including those with business accounts, continue to be end-to-end encrypted using the Signal protocol.

That said, Facebook has been hoovering up a massive amount of metadata about you (including but not limited to how, when and to whom you communicate, your IP address, location, various device identifiers, and so on) and this will continue to be the case. This gives the companies a massive amount of insight into your behaviour and, in my view, is as much of a privacy concern as them having access to the contents of your chats.

Additionally, as I discussed in my earlier column, there are also multiple other points of vulnerability for your actual chat content, including the chat backups you do to Google Drive or iCloud, and just about anyone on the other end of a chat – including a sneaky member of a WhatsApp group passing on your chats to whoever they feel like (or being compelled to do so by law enforcement or other unsavoury characters).

At a higher level, I am glad to see that this has stirred concerns among Indians regarding privacy, even if founded on dubious facts. Despite making noises about it over the past couple of decades, India has not yet enacted any specific laws safeguarding privacy. Considering the government’s reliance on privacy violations to advance policy, via Aadhaar and the like, I suppose this is only to be expected. Therefore, the only way Indians can look after their own privacy is by being personally aware and proactive.

Some of the greatest invaders of privacy are companies like Google and Facebook who depend on harvesting your data to serve you ads. Moving your communications away from Facebook products to more private and secure alternatives is a small step towards taking back a little bit of control.

Of course, the main downside of moving to Signal or Telegram is the network effect. Everyone you know is on WhatsApp, whereas relatively fewer people would be on either of these platforms. But for now, it makes sense to download and install these applications alongside WhatsApp, so that (a) you at least have the option of having more secure conversations with whoever is on those apps; and (b) the more people who get those apps, the more enticing a prospect it will be for others to download it. At some point, if enough people migrate, one or more of these alternatives could be a viable substitute for WhatsApp and you may not need WhatsApp anymore.

In an ideal world, the standard would be an interoperable and secure chat protocol where people could use an app of their choosing and not be tied to any one to communicate with only the people who use that particular app. But for now, installing Signal and Telegram alongside WhatsApp has very few downsides. You can finetune the notifications by digging into the settings, and the apps don’t use up too much of your data or your phone’s processing power. But do remember that while Signal is end-to-end encrypted, Telegram is not, by default. But both apps collect far less metadata (Signal nearly none) compared to WhatsApp.

As long as Facebook continues to do business the way it does now, it will need more and more data about its users, including users of WhatsApp. The same applies to Google. Being beholden to either of these companies (or the other big tech behemoths, including Apple and Amazon) exclusively for communication, or any other aspect of your online interactions, puts you at their mercy with regard to the handling of your data. If tomorrow they change their terms and conditions, you may not have any option but to accept them, even if you don’t agree with them.

Therefore, I think it makes sense to spread your eggs across a few baskets, whether it’s using a more private search engine like DuckDuckGo, a more private browser like Brave, or an email provider like ProtonMail, or simply using something like Signal for your messaging. While it will be convenient to stick with the familiar options, it might be in our enlightened self-interest to diversify our privacy risks a little bit, for the long run.

Contact the author on Twitter @vinayaravind.