How can WhatsApp do both targeted advertisement and end-to-end encryption?
Recently there have been a lot of news articles which say that Facebook will very soon add advertising to WhatsApp, yet will keep the end-to-end encryption (source):
[M]essages will remain end-to-end encrypted. There are no plans to change that.
I am trying to understand how advertisement is possible while keeping end-to-end encryption. I understand that there are several options:
Advertisements are not targeted according to words used in messages, just general ads.
It is possible to send additional/duplicate packets with the same information to the server, which also uses "end-to-end encryption". Yet, if that's the case, it's sort of "telling the truth but not all the truth". I find it hard to believe that such a method would be used.
Are there other ways to do both ads and e2e encryption that you can think of?
privacy whatsapp end-to-end-encryption
edited 2 days ago
WΑF
1075
asked Dec 23 at 9:30
ransh
28229
|
show 4 more comments
Recently there have been a lot of news articles which say that Facebook will very soon add advertising to WhatsApp, yet will keep the end-to-end encryption (source):
[M]essages will remain end-to-end encrypted. There are no plans to change that.
I am trying to understand how advertisement is possible while keeping end-to-end encryption. I understand that there are several options:
Advertisements are not targeted according to words used in messages, just general ads.
It is possible to send additional/duplicate packets with the same information to the server, which also uses "end-to-end encryption". Yet, if that's the case, it's sort of "telling the truth but not all the truth". I find it hard to believe that such a method would be used.
Are there other ways to do both ads and e2e encryption that you can think of?
privacy whatsapp end-to-end-encryption
edited 2 days ago
WΑF
1075
asked Dec 23 at 9:30
ransh
28229
3
What prevents them from injecting an ad in between encrypted messages?
– forest
Dec 23 at 9:33
4
Well, I can't see anything about targeted ads, just regular ads.
– forest
Dec 23 at 9:38
1
So what's the reason why WhatsApp couldn't do this?
– forest
Dec 23 at 9:40
1
If it is general ads, then you're totally right. They can do it.
– ransh
Dec 23 at 9:41
2
They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
– Mooing Duck
Dec 24 at 6:03
|
show 4 more comments
Recently there have been a lot of news articles which say that Facebook will very soon add advertising to WhatsApp, yet will keep the end-to-end encryption (source):
[M]essages will remain end-to-end encrypted. There are no plans to change that.
I am trying to understand how advertisement is possible while keeping end-to-end encryption. I understand that there are several options:
Advertisements are not targeted according to words used in messages, just general ads.
It is possible to send additional/duplicate packets with the same information to the server, which also uses "end-to-end encryption". Yet, if that's the case, it's sort of "telling the truth but not all the truth". I find it hard to believe that such a method would be used.
Are there other ways to do both ads and e2e encryption that you can think of?
privacy whatsapp end-to-end-encryption
edited 2 days ago
WΑF
1075
asked Dec 23 at 9:30
ransh
28229
Recently there have been a lot of news articles which say that Facebook will very soon add advertising to WhatsApp, yet will keep the end-to-end encryption (source):
[M]essages will remain end-to-end encrypted. There are no plans to change that.
I am trying to understand how advertisement is possible while keeping end-to-end encryption. I understand that there are several options:
Advertisements are not targeted according to words used in messages, just general ads.
It is possible to send additional/duplicate packets with the same information to the server, which also uses "end-to-end encryption". Yet, if that's the case, it's sort of "telling the truth but not all the truth". I find it hard to believe that such a method would be used.
Are there other ways to do both ads and e2e encryption that you can think of?
privacy whatsapp end-to-end-encryption
privacy whatsapp end-to-end-encryption
edited 2 days ago
WΑF
1075
asked Dec 23 at 9:30
ransh
28229
edited 2 days ago
WΑF
1075
asked Dec 23 at 9:30
ransh
28229
edited 2 days ago
WΑF
1075
edited 2 days ago
WΑF
1075
edited 2 days ago
WΑF
1075
1075
asked Dec 23 at 9:30
ransh
28229
asked Dec 23 at 9:30
ransh
28229
asked Dec 23 at 9:30
ransh
28229
28229
3
What prevents them from injecting an ad in between encrypted messages?
– forest
Dec 23 at 9:33
4
Well, I can't see anything about targeted ads, just regular ads.
– forest
Dec 23 at 9:38
1
So what's the reason why WhatsApp couldn't do this?
– forest
Dec 23 at 9:40
1
If it is general ads, then you're totally right. They can do it.
– ransh
Dec 23 at 9:41
2
They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
– Mooing Duck
Dec 24 at 6:03
|
show 4 more comments
3
What prevents them from injecting an ad in between encrypted messages?
– forest
Dec 23 at 9:33
4
Well, I can't see anything about targeted ads, just regular ads.
– forest
Dec 23 at 9:38
1
So what's the reason why WhatsApp couldn't do this?
– forest
Dec 23 at 9:40
1
If it is general ads, then you're totally right. They can do it.
– ransh
Dec 23 at 9:41
2
They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
– Mooing Duck
Dec 24 at 6:03
3
3
What prevents them from injecting an ad in between encrypted messages?
– forest
Dec 23 at 9:33
What prevents them from injecting an ad in between encrypted messages?
– forest
Dec 23 at 9:33
4
4
Well, I can't see anything about targeted ads, just regular ads.
– forest
Dec 23 at 9:38
Well, I can't see anything about targeted ads, just regular ads.
– forest
Dec 23 at 9:38
1
1
So what's the reason why WhatsApp couldn't do this?
– forest
Dec 23 at 9:40
So what's the reason why WhatsApp couldn't do this?
– forest
Dec 23 at 9:40
1
1
If it is general ads, then you're totally right. They can do it.
– ransh
Dec 23 at 9:41
If it is general ads, then you're totally right. They can do it.
– ransh
Dec 23 at 9:41
2
2
They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
– Mooing Duck
Dec 24 at 6:03
They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
– Mooing Duck
Dec 24 at 6:03
|
show 4 more comments
4 Answers
4
active
oldest
votes
Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.
answered Dec 23 at 9:51
Mike Scott
7,5861930
9
unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
– BlueWizard
Dec 23 at 20:29
11
@BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
– Kevin Voorn
Dec 24 at 2:50
7
@KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
– Jan Fabry
Dec 24 at 12:44
@JanFabry Thanks!
– Kevin Voorn
Dec 24 at 13:21
5
Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
– Jon Bentley
Dec 25 at 3:39
|
show 1 more comment
End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.
This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.
Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.
Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.
answered Dec 23 at 14:49
defalt
6932614
add a comment |
I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:
- Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;
- Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.
answered Dec 24 at 10:15
Baptiste Candellier
1634
New contributor
Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
2
This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
– Damon
Dec 24 at 11:14
You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
– Loren Pechtel
Dec 25 at 22:32
add a comment |
Added to the above answers.
Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.
That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.
Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.
Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.
Enjoy your targeted pet! 😹
answered Dec 23 at 15:43
usr-local-ΕΨΗΕΛΩΝ
1,141415
Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
– Mike Scott
Dec 23 at 16:16
I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
– usr-local-ΕΨΗΕΛΩΝ
Dec 23 at 16:16
1
Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
– Mike Scott
Dec 23 at 16:20
@usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
– Kevin Voorn
Dec 24 at 2:52
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200261%2fhow-can-whatsapp-do-both-targeted-advertisement-and-end-to-end-encryption%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.
answered Dec 23 at 9:51
Mike Scott
7,5861930
9
unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
– BlueWizard
Dec 23 at 20:29
11
@BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
– Kevin Voorn
Dec 24 at 2:50
7
@KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
– Jan Fabry
Dec 24 at 12:44
@JanFabry Thanks!
– Kevin Voorn
Dec 24 at 13:21
5
Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
– Jon Bentley
Dec 25 at 3:39
|
show 1 more comment
Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.
answered Dec 23 at 9:51
Mike Scott
7,5861930
9
unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
– BlueWizard
Dec 23 at 20:29
11
@BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
– Kevin Voorn
Dec 24 at 2:50
7
@KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
– Jan Fabry
Dec 24 at 12:44
@JanFabry Thanks!
– Kevin Voorn
Dec 24 at 13:21
5
Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
– Jon Bentley
Dec 25 at 3:39
|
show 1 more comment
Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.
answered Dec 23 at 9:51
Mike Scott
7,5861930
Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.
answered Dec 23 at 9:51
Mike Scott
7,5861930
answered Dec 23 at 9:51
Mike Scott
7,5861930
answered Dec 23 at 9:51
Mike Scott
7,5861930
answered Dec 23 at 9:51
Mike Scott
7,5861930
7,5861930
9
unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
– BlueWizard
Dec 23 at 20:29
11
@BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
– Kevin Voorn
Dec 24 at 2:50
7
@KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
– Jan Fabry
Dec 24 at 12:44
@JanFabry Thanks!
– Kevin Voorn
Dec 24 at 13:21
5
Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
– Jon Bentley
Dec 25 at 3:39
|
show 1 more comment
9
unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
– BlueWizard
Dec 23 at 20:29
11
@BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
– Kevin Voorn
Dec 24 at 2:50
7
@KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
– Jan Fabry
Dec 24 at 12:44
@JanFabry Thanks!
– Kevin Voorn
Dec 24 at 13:21
5
Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
– Jon Bentley
Dec 25 at 3:39
9
9
unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
– BlueWizard
Dec 23 at 20:29
unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
– BlueWizard
Dec 23 at 20:29
11
11
@BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
– Kevin Voorn
Dec 24 at 2:50
@BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
– Kevin Voorn
Dec 24 at 2:50
7
7
@KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
– Jan Fabry
Dec 24 at 12:44
@KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
– Jan Fabry
Dec 24 at 12:44
@JanFabry Thanks!
– Kevin Voorn
Dec 24 at 13:21
@JanFabry Thanks!
– Kevin Voorn
Dec 24 at 13:21
5
5
Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
– Jon Bentley
Dec 25 at 3:39
Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
– Jon Bentley
Dec 25 at 3:39
|
show 1 more comment
End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.
This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.
Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.
Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.
answered Dec 23 at 14:49
defalt
6932614
add a comment |
End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.
This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.
Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.
Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.
answered Dec 23 at 14:49
defalt
6932614
add a comment |
End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.
This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.
Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.
Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.
answered Dec 23 at 14:49
defalt
6932614
End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.
This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.
Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.
Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.
answered Dec 23 at 14:49
defalt
6932614
answered Dec 23 at 14:49
defalt
6932614
answered Dec 23 at 14:49
defalt
6932614
answered Dec 23 at 14:49
defalt
6932614
6932614
add a comment |
add a comment |
I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:
- Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;
- Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.
answered Dec 24 at 10:15
Baptiste Candellier
1634
New contributor
Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
2
This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
– Damon
Dec 24 at 11:14
You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
– Loren Pechtel
Dec 25 at 22:32
add a comment |
I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:
- Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;
- Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.
answered Dec 24 at 10:15
Baptiste Candellier
1634
New contributor
Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
2
This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
– Damon
Dec 24 at 11:14
You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
– Loren Pechtel
Dec 25 at 22:32
add a comment |
I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:
- Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;
- Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.
answered Dec 24 at 10:15
Baptiste Candellier
1634
New contributor
Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:
- Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;
- Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.
answered Dec 24 at 10:15
Baptiste Candellier
1634
New contributor
Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Dec 24 at 10:15
Baptiste Candellier
1634
New contributor
Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Dec 24 at 10:15
Baptiste Candellier
1634
answered Dec 24 at 10:15
Baptiste Candellier
1634
1634
New contributor
Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
2
This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
– Damon
Dec 24 at 11:14
You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
– Loren Pechtel
Dec 25 at 22:32
add a comment |
2
This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
– Damon
Dec 24 at 11:14
You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
– Loren Pechtel
Dec 25 at 22:32
2
2
This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
– Damon
Dec 24 at 11:14
This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
– Damon
Dec 24 at 11:14
You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
– Loren Pechtel
Dec 25 at 22:32
You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
– Loren Pechtel
Dec 25 at 22:32
add a comment |
Added to the above answers.
Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.
That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.
Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.
Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.
Enjoy your targeted pet! 😹
answered Dec 23 at 15:43
usr-local-ΕΨΗΕΛΩΝ
1,141415
Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
– Mike Scott
Dec 23 at 16:16
I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
– usr-local-ΕΨΗΕΛΩΝ
Dec 23 at 16:16
1
Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
– Mike Scott
Dec 23 at 16:20
@usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
– Kevin Voorn
Dec 24 at 2:52
add a comment |
Added to the above answers.
Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.
That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.
Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.
Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.
Enjoy your targeted pet! 😹
answered Dec 23 at 15:43
usr-local-ΕΨΗΕΛΩΝ
1,141415
Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
– Mike Scott
Dec 23 at 16:16
I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
– usr-local-ΕΨΗΕΛΩΝ
Dec 23 at 16:16
1
Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
– Mike Scott
Dec 23 at 16:20
@usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
– Kevin Voorn
Dec 24 at 2:52
add a comment |
Added to the above answers.
Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.
That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.
Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.
Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.
Enjoy your targeted pet! 😹
answered Dec 23 at 15:43
usr-local-ΕΨΗΕΛΩΝ
1,141415
Added to the above answers.
Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.
That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.
Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.
Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.
Enjoy your targeted pet! 😹
answered Dec 23 at 15:43
usr-local-ΕΨΗΕΛΩΝ
1,141415
edited Dec 23 at 16:04
answered Dec 23 at 15:43
usr-local-ΕΨΗΕΛΩΝ
1,141415
answered Dec 23 at 15:43
usr-local-ΕΨΗΕΛΩΝ
1,141415
answered Dec 23 at 15:43
usr-local-ΕΨΗΕΛΩΝ
1,141415
1,141415
Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
– Mike Scott
Dec 23 at 16:16
I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
– usr-local-ΕΨΗΕΛΩΝ
Dec 23 at 16:16
1
Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
– Mike Scott
Dec 23 at 16:20
@usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
– Kevin Voorn
Dec 24 at 2:52
add a comment |
Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
– Mike Scott
Dec 23 at 16:16
I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
– usr-local-ΕΨΗΕΛΩΝ
Dec 23 at 16:16
1
Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
– Mike Scott
Dec 23 at 16:20
@usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
– Kevin Voorn
Dec 24 at 2:52
Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
– Mike Scott
Dec 23 at 16:16
Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
– Mike Scott
Dec 23 at 16:16
I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
– usr-local-ΕΨΗΕΛΩΝ
Dec 23 at 16:16
I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
– usr-local-ΕΨΗΕΛΩΝ
Dec 23 at 16:16
1
1
Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
– Mike Scott
Dec 23 at 16:20
Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
– Mike Scott
Dec 23 at 16:20
@usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
– Kevin Voorn
Dec 24 at 2:52
@usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
– Kevin Voorn
Dec 24 at 2:52
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200261%2fhow-can-whatsapp-do-both-targeted-advertisement-and-end-to-end-encryption%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
What prevents them from injecting an ad in between encrypted messages?
– forest
Dec 23 at 9:33
4
Well, I can't see anything about targeted ads, just regular ads.
– forest
Dec 23 at 9:38
1
So what's the reason why WhatsApp couldn't do this?
– forest
Dec 23 at 9:40
1
If it is general ads, then you're totally right. They can do it.
– ransh
Dec 23 at 9:41
2
They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
– Mooing Duck
Dec 24 at 6:03