Reader TTS

Millions of Indians could lose access to good morning messages and dodgy forwards from their bigoted uncles if they don’t accept WhatsApp’s new privacy policy by May 15. (It was going to be

February 8, but the brouhaha covered in this piece has pushed them to _extend it_ only last night.) That bright spot apart, this is actually a daunting prospect for smartphone users around

the country who depend on WhatsApp to communicate. WhatsApp is the lifeline of text-based communications in India with a user base that is fast approaching the _half-billion mark_. Not since

the Department of Telecommunications’ monopoly on telephones ended in the ‘90s has any one entity wielded this level of control over a ubiquitous communication medium in India. And with

their new privacy policy, Facebook is trying to set the stage to finally make some serious money out of their 2014 acquisition which has grown exponentially in user-base without a

corresponding rise in earnings. Facebook wants to scale up WhatsApp to be, among other things, a full-fledged ecommerce platform, eyeing some of the success that WeChat has had in China.

They envisage a future where business accounts can communicate with prospective customers over WhatsApp, offer them a storefront, and have the users buy and pay for goods and services right

within the app itself. To enable this, Facebook has further lowered the already minimal barrier for data-sharing between WhatsApp and itself. This is also in keeping with Facebook’s larger

objective of integrating its various products into one inextricable network, to make life harder for antitrust regulators looking to break up big tech companies. The changes to WhatsApp’s

privacy policy will essentially enable business accounts to host their chats with customers on Facebook’s servers and use them for processing and handling this information, including for

serving ads. The business accounts, as always, can do as they please with the information that you convey in the course of these chats, except now they can enlist Facebook’s help for it.

This indirectly gives Facebook some level of access to the content of your communications which it did not have before. The changes don’t affect the privacy of your messages with

non-business accounts. In a delicious twist of irony, a flurry of dubious WhatsApp forwards on the subject has driven users around India (and elsewhere) into a panic, leading to a spike in

downloads of rival messaging apps Signal and Telegram. This has prompted WhatsApp to resort to _full-page newspaper ads_ to try and dispel the rumours. The thrust of the worry is that the

contents of your chats are now open for Facebook to read. To get this question out of the way, no, Facebook cannot intercept your chats (and neither can Navika Kumar). All your chats on

WhatsApp, including those with business accounts, continue to be end-to-end encrypted using the Signal protocol. That said, Facebook has been hoovering up a massive amount of metadata about

you (including but not limited to how, when and to whom you communicate, your IP address, location, various device identifiers, and so on) and this will continue to be the case. This gives

the companies a massive amount of insight into your behaviour and, in my view, is as much of a privacy concern as them having access to the contents of your chats. Additionally, as I

discussed in my _earlier column_, there are also multiple other points of vulnerability for your actual chat content, including the chat backups you do to Google Drive or iCloud, and just

about anyone on the other end of a chat – including a sneaky member of a WhatsApp group passing on your chats to whoever they feel like (or being compelled to do so by law enforcement or

other unsavoury characters). At a higher level, I am glad to see that this has stirred concerns among Indians regarding privacy, even if founded on dubious facts. Despite making noises about

it over the past couple of decades, India has not yet enacted any specific laws safeguarding privacy. Considering the government’s reliance on privacy violations to advance policy, via

Aadhaar and the like, I suppose this is only to be expected. Therefore, the only way Indians can look after their own privacy is by being personally aware and proactive. Some of the greatest

invaders of privacy are companies like Google and Facebook who depend on harvesting your data to serve you ads. Moving your communications away from Facebook products to more private and

secure alternatives is a small step towards taking back a little bit of control. Of course, the main downside of moving to Signal or Telegram is the network effect. Everyone you know is on

WhatsApp, whereas relatively fewer people would be on either of these platforms. But for now, it makes sense to download and install these applications alongside WhatsApp, so that (a) you at

least have the option of having more secure conversations with whoever is on those apps; and (b) the more people who get those apps, the more enticing a prospect it will be for others to

download it. At some point, if enough people migrate, one or more of these alternatives could be a viable substitute for WhatsApp and you may not need WhatsApp anymore. In an ideal world,

the standard would be an interoperable and secure chat protocol where people could use an app of their choosing and not be tied to any one to communicate with only the people who use that

particular app. But for now, installing Signal and Telegram alongside WhatsApp has very few downsides. You can finetune the notifications by digging into the settings, and the apps don’t use

up too much of your data or your phone’s processing power. But do remember that while Signal is end-to-end encrypted, Telegram is not, by default. But both apps collect far less metadata

(Signal nearly none) compared to WhatsApp. As long as Facebook continues to do business the way it does now, it will need more and more data about its users, including users of WhatsApp. The

same applies to Google. Being beholden to either of these companies (or the other big tech behemoths, including Apple and Amazon) exclusively for communication, or any other aspect of your

online interactions, puts you at their mercy with regard to the handling of your data. If tomorrow they change their terms and conditions, you may not have any option but to accept them,

even if you don’t agree with them. Therefore, I think it makes sense to spread your eggs across a few baskets, whether it’s using a more private search engine like DuckDuckGo, a more private

browser like Brave, or an email provider like ProtonMail, or simply using something like Signal for your messaging. While it will be convenient to stick with the familiar options, it might

be in our enlightened self-interest to diversify our privacy risks a little bit, for the long run. _Contact the author on Twitter @vinayaravind_.