WhatsApp-Facebook Privacy U-Turn Now Being Probed by EU Data Watchdog

European privacy regulators have fired a warning shot to Facebook's WhatsApp and Yahoo, saying they sent letters to the companies expressing concerns about possible violations of the bloc's data-protection rules. From a TechCrunch report: A seismic shift in privacy policy by messaging app WhatsApp this summer, when it said it would begin sharing user data with parent company Facebook including for ad targeting, has now attracted the attention of European's data protection watchdog group, the Article 29 Working Party. The WP29 group wrote to WhatsApp founder Jan Koum yesterday, setting out its concerns about the privacy policy U-turn -- including how the shift was communicated to users. "The Article 29 Working Party (WP29) has serious concerns regarding the manner in which the information relating to the updated Terms of Service and Privacy Policy was provided to users and consequently about the validity of the users' consent,"it writes. "WP29 also questions the effectiveness of control mechanisms offered to users to exercise their rights and the effects that the data sharing will have on people that are not a user of any other service within the Facebook family of companies."

Privacy LOL

I'd like some of whatever crack you're smoking

FFS

"Facebookâ(TM)s"

Re: FFS

Facebooka is the replacement for Facebook

Fuck that shit

Let's get back to important shit like 19 year old carpet muncher videos

Re: Hillary under investigation from FBI

That's slashdot FBI for ya

Handle things on your own.

[Zombie+Ryushu]

Handle things independently. Set up your own servers with your own PKI, set up your own Groupware, XMPP, CalDav, OwnCloud file sharing. Don't rely on other people to secure your systems for you. Invite the people you know and you trust to use your servers on public servers and then communicate in private on your own servers you host yourself. That is what I do.

My Android devices so not talk to Google's servers, they talk to my home network when it comes to Contacts, Calendaring,Chatting, Tasks, so on and so fourth. I don't permit Windows nodes, or iDevices on my network. If you want privacy, do things yourself.

Re:Handle things on your own.

[sinij]

I very much agree with you! I also kill my own food, make my own tools (you should see this keyboard I am using that I rigged from deer teeth and old mattress springs!), and pedal to produce my own electricity.

Re:Handle things on your own.

I very much agree with you! I also kill my own food, make my own tools (you should see this keyboard I am using that I rigged from deer teeth and old mattress springs!), and pedal to produce my own electricity.

I was feeling quite sad this Friday. You lifted me up. Thanks. :)

Re:Handle things on your own.

[I4ko]

Somebody mod parent UP

Re:Handle things on your own.

[GeekWithAKnife]

Sounds pretty rad! -is it a bitch to floss?

Re:Handle things on your own.

Cool story, bro. Now snap out of your autism and come join the real world.

Re: Handle things on your own.

I also kill my own food too. Quite easy when they are in their egg shells to commit mass murder.
They never fight back, and there is no blood.

Re:Handle things on your own.

This is something that a few geeks here and there can have a huge impact on. Over the past several years I've also switched to hosting my own email, instant messaging, contacts, calendars, and file sharing. It was very easy (and fun) and once I set them up there has been negligible upkeep required. I could add hundreds of users without needing to upgrade my server.

With just one trusted geek in your circle of friends or relatives you can have secure online communications that are a much smaller target than a larger organization hosting it when it comes to being hacked, DDOS'd, or compromised by three letter agencies. There have been many instances where Dropbox has been shown not to be secure and where its employees or strangers have accessed users' files. This can result in identity theft, IP theft, blackmail, or other annoyances.

Having decentralized yet federated services is such a great strength of the internet and there are some great protocols and tools to perform common tasks. For instant messaging and picture sharing there's XMPP; I use Prosody on the server and the Conversations app on Android. For email there are many options; I use Dovecot, Postfix and SpamAssassin on the server with Thunderbird on the desktop and the K-9 app on Android. There is also Roundcube and similar to provide a webmail interface so you can access your email from a browser. For file sharing, contacts, calendars, and more there are again a number of free and open source options; I use ownCloud/NextCloud, which has even begun to integrate video chat. With WebRTC there is little reason to use Skype and I'm sure there are some great video conferencing solutions out there that don't spy on you.

All of these were very easy to set up and there are plenty of guides and documentation out there. I primarily use these independent services for myself and my girlfriend and on a separate server I run them for my small business as well. For someone who is interested in technology setting up these services can be fun, inexpensive, and be a great service to the people you care about. It also feels great just having a bit more control over your communication channels and files so even if you just set them up for yourself, I definitely think it's worth it.

Re:Handle things on your own.

[MrL0G1C]

Set up your own servers with your own PKI, set up your own Groupware, XMPP, CalDav, OwnCloud file sharing.

So simple, who knew, I bet I could set that up in a couple of minutes. Could you give a link to the installer file, I'll just go with the defaults.

Re:Handle things on your own.

[GNious]

My Android devices so not talk to Google's servers,

At all? As in, there's absolutely no way for it to call home for anything, and optionally slip some usage data, or some contacts or anything else, into the datastream?

Also a violation of the US-Canada and Canada-EU

[WillAffleckUW]

Technically, due to the strong Constitutional privacy rights in the Charter of Rights and Freedoms, it's a violation of any data for any Canadian citizen involved in the EU as well, under current treaties.

Constituion overrules all. Treaties are subject to them. You can't give away Rights or Freedoms or make exceptions in a Treaty.

Re:Also a violation of the US-Canada and Canada-EU

Constituion overrules all. Treaties are subject to them. You can't give away Rights or Freedoms or make exceptions in a Treaty.

That is categorically wrong. International legal obligations still have force regardless of whether a domestic legal order conflicts with a State's obligations. See Article 27 of the Vienna Convention on the Law of Treaties 1968. This has also existed in customary law at least as far back as the 1870s. For a recent example see: https://en.wikipedia.org/wiki/LaGrand_case.

Practically speaking, domestic law will obviously have an impact on an individual regardless of whether the domestic law is in conflict with a State's treaty obligations, but the treaty obligations do not just vaporise.

Re:Also a violation of the US-Canada and Canada-EU

[WillAffleckUW]

Not a domestic law. It's the fricking Canadian Constitution itself. The Charter of Rights and Freedoms is not a law, it's the fricking Constitution.

CAPICHE?

Re:Also a violation of the US-Canada and Canada-EU

The reasoning above applies whether law or constitution. The point is that from the perspective of international law you cannot plead the internal legal order as an excuse for breaking an international legal obligation. While in many senses international law is on top, it might be better to think of the two legal systems (domestic and international) running in parallel and periodically causing the other to change. Developments in one effect the other.

As an aside, some European constitutions actually incorporate international treaties automatically into the internal system if the treaty can be given domestic effect by a court. On the other hand Canada is a dualist system so all treaties have to be copied into domestic law.

The rough order where international and domestic rules conflict (in an ideal state anyway) is that a domestic law or constitution breaches an international legal obligation, a remedy is provided to the party to whom an obligation is owned, and then domestic law / constitution changes or I suppose the state denounces the treaty and/or provides a remedy. As a lay-person most people will not see this order because it often happens on the scale of years. It of course does not always work like that in practice.

I can illustrate the way that international law and domestic constitutions interact most clearly with a hypothetical example of a country that adopts a system of apartheid or genocide in its constitution. These are things are intolerable internationally (jus cogens norms / erga omnes / against ICCPR or ICESCR / Genocide convention for reference). Apartheid does not just become internationally legal because it is in a constitution.

As a final point, the Canadian Charter of Rights and Freedoms seems to have been heavily inspired - to the point of almost verbatim copying (I have never looked into this heavily) on the International Covenant on Civil and Political Rights. The ICCPR is one of the core human rights treaties. Thus most of what is in the Charter is arguably at least related to customary international human rights law. Thus, something which would breach the Charter in many cases would be a breach of the Canadian government's international human rights obligations. Thus, in that sense the original poster's point has some truth re: international norms, but it is not because it is a constitution but rather because the Charter reflects international rules that should not be broken.

What data?

[mugurel]

I thought Whatsapp has end-to-end encryption nowadays...

Re:What data?

[winphreak]

As did I. There might be some user data to be collected, and who it was sent to, but that's my only guess.
Maybe they keep tabs on it for their facebook overlords now? God knows everything that was once on facebook exists somewhere in a server or backup.

Re:What data?

[cpghost]

You can't be sure if they don't provide the source code. But even if they did... basically, they claim to implement Signal Private Messenger's protocol, which is strong end-to-end encryption. However, even this protocol doesn't hide metadata from WhatsApp's servers. For example, every WhatsApp user needs to keep WhatsApp directory server(s) updated about his/her current IP so she can be found by others WhatsApp users. This alone is already up to a couple of hours pretty accurate meta data that can be invaluable to Facebook... which can target you with better ads, based on your current (network) location.

Re:What data?

[Zoxed]

- list of all your WhatsApp contacts (usually imported from your phone contacts)
- "metadata", e.g. how often you text which contacts