SN 802: Where the Plaintext Is

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

For many, it isn’t just the content of the messages.

The biggest problem with WhatsApp, for example, is that it breaks GDPR.

You cannot upload the contact information of identifiable persons to servers outside the EU, without getting their explicit permission to do so and if they refuse, you cannot upload that information. The problem is, WhatsApp uploads and stores that contact data on Facebook’s servers in the USA. It does it wholesale, either you give WhatsApp all of your contacts on the phone or you can’t communicate with anyone (i.e. start a new conversation) - or, if they communicate with you, you only see their telephone number.

If I let that information be uploaded and somebody explicitly tells me that they do not want to have that information uploaded, I am liable under law for a breach of GDPR - the person will have to report me, but I am still technically breaking the law. So, I either have to delete that contact from my phone or I have to not use WhatsApp.

The other services work by uploading hashes of the telephone number and seeing if they correspond to other users, AFAIK. That isn’t a problem. WhatsApp uploads everything, name, address, telephone number, email etc. That is a big problem.

1 Like