How can WhatsApp do both targeted advertisement and end-to-end encryption?












23














Recently there have been a lot of news articles which say that Facebook will very soon add advertising to WhatsApp, yet will keep the end-to-end encryption (source):




[M]essages will remain end-to-end encrypted. There are no plans to change that.




I am trying to understand how advertisement is possible while keeping end-to-end encryption. I understand that there are several options:




  1. Advertisements are not targeted according to words used in messages, just general ads.


  2. It is possible to send additional/duplicate packets with the same information to the server, which also uses "end-to-end encryption". Yet, if that's the case, it's sort of "telling the truth but not all the truth". I find it hard to believe that such a method would be used.



Are there other ways to do both ads and e2e encryption that you can think of?










share|improve this question




















  • 3




    What prevents them from injecting an ad in between encrypted messages?
    – forest
    Dec 23 at 9:33






  • 4




    Well, I can't see anything about targeted ads, just regular ads.
    – forest
    Dec 23 at 9:38






  • 1




    So what's the reason why WhatsApp couldn't do this?
    – forest
    Dec 23 at 9:40






  • 1




    If it is general ads, then you're totally right. They can do it.
    – ransh
    Dec 23 at 9:41






  • 2




    They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
    – Mooing Duck
    Dec 24 at 6:03


















23














Recently there have been a lot of news articles which say that Facebook will very soon add advertising to WhatsApp, yet will keep the end-to-end encryption (source):




[M]essages will remain end-to-end encrypted. There are no plans to change that.




I am trying to understand how advertisement is possible while keeping end-to-end encryption. I understand that there are several options:




  1. Advertisements are not targeted according to words used in messages, just general ads.


  2. It is possible to send additional/duplicate packets with the same information to the server, which also uses "end-to-end encryption". Yet, if that's the case, it's sort of "telling the truth but not all the truth". I find it hard to believe that such a method would be used.



Are there other ways to do both ads and e2e encryption that you can think of?










share|improve this question




















  • 3




    What prevents them from injecting an ad in between encrypted messages?
    – forest
    Dec 23 at 9:33






  • 4




    Well, I can't see anything about targeted ads, just regular ads.
    – forest
    Dec 23 at 9:38






  • 1




    So what's the reason why WhatsApp couldn't do this?
    – forest
    Dec 23 at 9:40






  • 1




    If it is general ads, then you're totally right. They can do it.
    – ransh
    Dec 23 at 9:41






  • 2




    They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
    – Mooing Duck
    Dec 24 at 6:03
















23












23








23


2





Recently there have been a lot of news articles which say that Facebook will very soon add advertising to WhatsApp, yet will keep the end-to-end encryption (source):




[M]essages will remain end-to-end encrypted. There are no plans to change that.




I am trying to understand how advertisement is possible while keeping end-to-end encryption. I understand that there are several options:




  1. Advertisements are not targeted according to words used in messages, just general ads.


  2. It is possible to send additional/duplicate packets with the same information to the server, which also uses "end-to-end encryption". Yet, if that's the case, it's sort of "telling the truth but not all the truth". I find it hard to believe that such a method would be used.



Are there other ways to do both ads and e2e encryption that you can think of?










share|improve this question















Recently there have been a lot of news articles which say that Facebook will very soon add advertising to WhatsApp, yet will keep the end-to-end encryption (source):




[M]essages will remain end-to-end encrypted. There are no plans to change that.




I am trying to understand how advertisement is possible while keeping end-to-end encryption. I understand that there are several options:




  1. Advertisements are not targeted according to words used in messages, just general ads.


  2. It is possible to send additional/duplicate packets with the same information to the server, which also uses "end-to-end encryption". Yet, if that's the case, it's sort of "telling the truth but not all the truth". I find it hard to believe that such a method would be used.



Are there other ways to do both ads and e2e encryption that you can think of?







privacy whatsapp end-to-end-encryption






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 days ago









WΑF

1075




1075










asked Dec 23 at 9:30









ransh

28229




28229








  • 3




    What prevents them from injecting an ad in between encrypted messages?
    – forest
    Dec 23 at 9:33






  • 4




    Well, I can't see anything about targeted ads, just regular ads.
    – forest
    Dec 23 at 9:38






  • 1




    So what's the reason why WhatsApp couldn't do this?
    – forest
    Dec 23 at 9:40






  • 1




    If it is general ads, then you're totally right. They can do it.
    – ransh
    Dec 23 at 9:41






  • 2




    They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
    – Mooing Duck
    Dec 24 at 6:03
















  • 3




    What prevents them from injecting an ad in between encrypted messages?
    – forest
    Dec 23 at 9:33






  • 4




    Well, I can't see anything about targeted ads, just regular ads.
    – forest
    Dec 23 at 9:38






  • 1




    So what's the reason why WhatsApp couldn't do this?
    – forest
    Dec 23 at 9:40






  • 1




    If it is general ads, then you're totally right. They can do it.
    – ransh
    Dec 23 at 9:41






  • 2




    They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
    – Mooing Duck
    Dec 24 at 6:03










3




3




What prevents them from injecting an ad in between encrypted messages?
– forest
Dec 23 at 9:33




What prevents them from injecting an ad in between encrypted messages?
– forest
Dec 23 at 9:33




4




4




Well, I can't see anything about targeted ads, just regular ads.
– forest
Dec 23 at 9:38




Well, I can't see anything about targeted ads, just regular ads.
– forest
Dec 23 at 9:38




1




1




So what's the reason why WhatsApp couldn't do this?
– forest
Dec 23 at 9:40




So what's the reason why WhatsApp couldn't do this?
– forest
Dec 23 at 9:40




1




1




If it is general ads, then you're totally right. They can do it.
– ransh
Dec 23 at 9:41




If it is general ads, then you're totally right. They can do it.
– ransh
Dec 23 at 9:41




2




2




They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
– Mooing Duck
Dec 24 at 6:03






They could also send a pile of ads to your phone, then on device your phone matches the ad that best selects your content. The field is currently moving in that direction, using on-device machine learning and such whatnot.
– Mooing Duck
Dec 24 at 6:03












4 Answers
4






active

oldest

votes


















40














Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.






share|improve this answer

















  • 9




    unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
    – BlueWizard
    Dec 23 at 20:29








  • 11




    @BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
    – Kevin Voorn
    Dec 24 at 2:50






  • 7




    @KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
    – Jan Fabry
    Dec 24 at 12:44










  • @JanFabry Thanks!
    – Kevin Voorn
    Dec 24 at 13:21






  • 5




    Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
    – Jon Bentley
    Dec 25 at 3:39





















9














End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.



This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.



Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.



Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.






share|improve this answer





























    6














    I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:




    • Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;

    • Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.






    share|improve this answer








    New contributor




    Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.














    • 2




      This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
      – Damon
      Dec 24 at 11:14












    • You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
      – Loren Pechtel
      Dec 25 at 22:32



















    5














    Added to the above answers.



    Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.



    That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.



    Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.



    Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.



    Enjoy your targeted pet! 😹






    share|improve this answer























    • Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
      – Mike Scott
      Dec 23 at 16:16










    • I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
      – usr-local-ΕΨΗΕΛΩΝ
      Dec 23 at 16:16






    • 1




      Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
      – Mike Scott
      Dec 23 at 16:20










    • @usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
      – Kevin Voorn
      Dec 24 at 2:52











    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "162"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200261%2fhow-can-whatsapp-do-both-targeted-advertisement-and-end-to-end-encryption%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    4 Answers
    4






    active

    oldest

    votes








    4 Answers
    4






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    40














    Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.






    share|improve this answer

















    • 9




      unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
      – BlueWizard
      Dec 23 at 20:29








    • 11




      @BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
      – Kevin Voorn
      Dec 24 at 2:50






    • 7




      @KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
      – Jan Fabry
      Dec 24 at 12:44










    • @JanFabry Thanks!
      – Kevin Voorn
      Dec 24 at 13:21






    • 5




      Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
      – Jon Bentley
      Dec 25 at 3:39


















    40














    Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.






    share|improve this answer

















    • 9




      unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
      – BlueWizard
      Dec 23 at 20:29








    • 11




      @BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
      – Kevin Voorn
      Dec 24 at 2:50






    • 7




      @KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
      – Jan Fabry
      Dec 24 at 12:44










    • @JanFabry Thanks!
      – Kevin Voorn
      Dec 24 at 13:21






    • 5




      Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
      – Jon Bentley
      Dec 25 at 3:39
















    40












    40








    40






    Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.






    share|improve this answer












    Your WhatsApp account is linked to your Facebook account. They know lots about you from your Facebook activity, and can use that to direct targeted ads at you on WhatsApp, without knowing anything at all about the content of your WhatsApp messages.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Dec 23 at 9:51









    Mike Scott

    7,5861930




    7,5861930








    • 9




      unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
      – BlueWizard
      Dec 23 at 20:29








    • 11




      @BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
      – Kevin Voorn
      Dec 24 at 2:50






    • 7




      @KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
      – Jan Fabry
      Dec 24 at 12:44










    • @JanFabry Thanks!
      – Kevin Voorn
      Dec 24 at 13:21






    • 5




      Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
      – Jon Bentley
      Dec 25 at 3:39
















    • 9




      unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
      – BlueWizard
      Dec 23 at 20:29








    • 11




      @BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
      – Kevin Voorn
      Dec 24 at 2:50






    • 7




      @KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
      – Jan Fabry
      Dec 24 at 12:44










    • @JanFabry Thanks!
      – Kevin Voorn
      Dec 24 at 13:21






    • 5




      Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
      – Jon Bentley
      Dec 25 at 3:39










    9




    9




    unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
    – BlueWizard
    Dec 23 at 20:29






    unless you're an european citizen. Then it's illegal for facebook to connect the two services (for now).
    – BlueWizard
    Dec 23 at 20:29






    11




    11




    @BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
    – Kevin Voorn
    Dec 24 at 2:50




    @BlueWizard source? Because as far as I'm aware of that is perfectly legal when it is listed in both privacy statements under GDPR.
    – Kevin Voorn
    Dec 24 at 2:50




    7




    7




    @KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
    – Jan Fabry
    Dec 24 at 12:44




    @KevinVoorn In March 2018 they reached an agreement with the UK's ICO "that it shall not, from the date of the undertaking, share personal data with companies in the Facebook family, for Facebook’s own purposes, until it can satisfy the requirements of the GDPR." I don't think there has been an update since then.
    – Jan Fabry
    Dec 24 at 12:44












    @JanFabry Thanks!
    – Kevin Voorn
    Dec 24 at 13:21




    @JanFabry Thanks!
    – Kevin Voorn
    Dec 24 at 13:21




    5




    5




    Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
    – Jon Bentley
    Dec 25 at 3:39






    Can you provide a source for "Your WhatsApp account is linked to your Facebook account". E.g. on my phone I do not use Facebook, and I do not store my mobile number in my Facebook account. I assume I am not the only person. Are you suggesting that they use some other data analysis techniques to link my accounts regardless? If not, perhaps the answer should be amended to "may be linked" instead of "is linked" (which would of course affect the rest of the answer).
    – Jon Bentley
    Dec 25 at 3:39















    9














    End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.



    This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.



    Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.



    Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.






    share|improve this answer


























      9














      End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.



      This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.



      Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.



      Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.






      share|improve this answer
























        9












        9








        9






        End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.



        This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.



        Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.



        Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.






        share|improve this answer












        End-to-end encryption is not peer-to-peer. There is a centralised XMPP server which handles delivery of messages. What's app client communicates with the server to send and receive messages between you and your contacts.



        This server can also push ads to the WhatsApp client without interfering with message delivery system. WhatsApp will likely put ads on Status tab. Your contacts' status is also end to end encrypted and only you can decipher their status media. Without interfering with E2E, WhatsApp client can use a separate channel to download ads.



        Targeted advertisement can work without reading your messages. Users give Location access to WhatsApp to share their live location so ads based on location is still possible. How much time you spend on WhatsApp and what is the best time you likely to use WhatsApp can be used to fingerprint your online behaviour. I'm not saying that they will make WhatsApp that much intrusive to display ads but possibilities exist and metadata information is enough for them.



        Personalized ads which are only shown to you may not be that much accurate if you are not a facebook user but if they want to monetize the service just to keep it funding, then they don't have to be accurate.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 23 at 14:49









        defalt

        6932614




        6932614























            6














            I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:




            • Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;

            • Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.






            share|improve this answer








            New contributor




            Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.














            • 2




              This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
              – Damon
              Dec 24 at 11:14












            • You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
              – Loren Pechtel
              Dec 25 at 22:32
















            6














            I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:




            • Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;

            • Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.






            share|improve this answer








            New contributor




            Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.














            • 2




              This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
              – Damon
              Dec 24 at 11:14












            • You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
              – Loren Pechtel
              Dec 25 at 22:32














            6












            6








            6






            I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:




            • Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;

            • Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.






            share|improve this answer








            New contributor




            Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            I don't know if WhatsApp uses this technique---and I hope not, but technically, the app can and already does decrypt your messages once they're on your device. You could then:




            • Send the raw decrypted messages back to the WhatsApp servers, a terrible choice but nevertheless technically possible;

            • Do some machine learning on-device, creating a local advertising profile tailored to your preferences, and send limited data based on this data. This means Facebook could know you're interested in cats without actually knowing the exact content of any of your messages.







            share|improve this answer








            New contributor




            Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            share|improve this answer



            share|improve this answer






            New contributor




            Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            answered Dec 24 at 10:15









            Baptiste Candellier

            1634




            1634




            New contributor




            Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





            New contributor





            Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.






            Baptiste Candellier is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.








            • 2




              This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
              – Damon
              Dec 24 at 11:14












            • You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
              – Loren Pechtel
              Dec 25 at 22:32














            • 2




              This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
              – Damon
              Dec 24 at 11:14












            • You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
              – Loren Pechtel
              Dec 25 at 22:32








            2




            2




            This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
            – Damon
            Dec 24 at 11:14






            This is the most obvious choice. Whatever you type is plaintext before the app encrypts it, so... end-to-end encryption is really a joke if you consider it's done by an app supplied by an openly malicious (yet legal) service provider. If nothing else they can filter out most common filter words and send hashes of all others to their ad server. Or maintain a frequently-used-not-fillword database on your device. Doesn't take but a few kilobytes. Nobody notices.
            – Damon
            Dec 24 at 11:14














            You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
            – Loren Pechtel
            Dec 25 at 22:32




            You don't even need machine learning. The system sends a list of keywords, the app reports back what keywords occurred in the message.
            – Loren Pechtel
            Dec 25 at 22:32











            5














            Added to the above answers.



            Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.



            That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.



            Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.



            Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.



            Enjoy your targeted pet! 😹






            share|improve this answer























            • Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
              – Mike Scott
              Dec 23 at 16:16










            • I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
              – usr-local-ΕΨΗΕΛΩΝ
              Dec 23 at 16:16






            • 1




              Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
              – Mike Scott
              Dec 23 at 16:20










            • @usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
              – Kevin Voorn
              Dec 24 at 2:52
















            5














            Added to the above answers.



            Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.



            That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.



            Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.



            Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.



            Enjoy your targeted pet! 😹






            share|improve this answer























            • Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
              – Mike Scott
              Dec 23 at 16:16










            • I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
              – usr-local-ΕΨΗΕΛΩΝ
              Dec 23 at 16:16






            • 1




              Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
              – Mike Scott
              Dec 23 at 16:20










            • @usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
              – Kevin Voorn
              Dec 24 at 2:52














            5












            5








            5






            Added to the above answers.



            Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.



            That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.



            Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.



            Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.



            Enjoy your targeted pet! 😹






            share|improve this answer














            Added to the above answers.



            Whatsapp also knows your contacts network (namely the numbers of the people you speak to), because that information is necessary for routing text.



            That said, you may or may not have linked Whatsapp to Facebook. Your friends may or may not have done that as well, but like some did. @MikeScott answer applies. I also want to add that Whatsapp Inc. knows how often you text to whom.



            Social network analysis combines marketing preferences of known profiled individuals to target an unknown subject based on affinity.



            Here is an example: regardless that you speak about cats (contents is encrypted), if you speak often with people that Whatsapp Inc. deems interested in cats by other means, you may see an ad about a cat shelter.



            Enjoy your targeted pet! 😹







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Dec 23 at 16:04

























            answered Dec 23 at 15:43









            usr-local-ΕΨΗΕΛΩΝ

            1,141415




            1,141415












            • Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
              – Mike Scott
              Dec 23 at 16:16










            • I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
              – usr-local-ΕΨΗΕΛΩΝ
              Dec 23 at 16:16






            • 1




              Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
              – Mike Scott
              Dec 23 at 16:20










            • @usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
              – Kevin Voorn
              Dec 24 at 2:52


















            • Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
              – Mike Scott
              Dec 23 at 16:16










            • I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
              – usr-local-ΕΨΗΕΛΩΝ
              Dec 23 at 16:16






            • 1




              Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
              – Mike Scott
              Dec 23 at 16:20










            • @usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
              – Kevin Voorn
              Dec 24 at 2:52
















            Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
            – Mike Scott
            Dec 23 at 16:16




            Even if you’ve not formally linked your Facebook account to your WhatsApp account, it’s a safe bet that Facebook can link them anyway. It’s only if you don’t have a Facebook account at all that they can’t use it to target ads to you.
            – Mike Scott
            Dec 23 at 16:16












            I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
            – usr-local-ΕΨΗΕΛΩΝ
            Dec 23 at 16:16




            I would really love to understand how. FYI I disable 3rd party cookies and use Adblockers (including rooted Android phone)
            – usr-local-ΕΨΗΕΛΩΝ
            Dec 23 at 16:16




            1




            1




            Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
            – Mike Scott
            Dec 23 at 16:20




            Even if you’re rooted and the apps can’t get a phone ID, they can still see use of your WhatsApp account and your Facebook account from the same IP address at similar times.
            – Mike Scott
            Dec 23 at 16:20












            @usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
            – Kevin Voorn
            Dec 24 at 2:52




            @usr-local-ΕΨΗΕΛΩΝ in theory your device can be linked because of a wide variety of settings, plugins etc. Am I unique? has a really good website to demonstrate this behaviour: amiunique.org
            – Kevin Voorn
            Dec 24 at 2:52


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200261%2fhow-can-whatsapp-do-both-targeted-advertisement-and-end-to-end-encryption%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Сан-Квентин

            Алькесар

            Josef Freinademetz