acefael

on Software

Goodbye WhatsApp

04 Feb 2021

You heard of the changes to the WhatsApp terms, effective someday in Februrary this year. The deadline has since shifted.

First: I think WhatsApp (WA) is OK software and practically unavoidable. They claim to have 2bn users. It is the de-facto standard. Socioeconomic pressures nudge each and everyone to use it. I tried getting rid of it before. I know what I’m talking of.

Considering the outstanding role of this one app, it is especially sad to see what the deal is you have to agree to. I can’t stop thinking of it as a deal with the devil - because of the price I have to pay when opting to use it.

What price, you say, isn’t it a free download? But any kid these days knows that you are the product and you pay with your data. More on that later. For now, let’s see what it is about that deal.

Excessive Contract

I think of computer software terms and conditions as being a contract. A contract between me and the software maker. Something you could essentially print on a piece of paper and have everyone agree to. And sometimes I wonder: did you actually read these terms, or any terms of any software? Because, if you have not, you may want to, and if its just to make yourself aware that you have no clue what you’re signed up to. In reality its no secret that nobody reads the terms and just clicks ok, and that is because it would actually be hard work to do so. These terms are convoluted lengthy legal gibberish that are such a burden do read. It simply is not a deal that is transparent to the average user .. erm .. to the target group of the software, and I don’t think thats acceptable. This is not a WA-only problem, but really, if the contract for using a messaging app is so far away from what it can intuitively be expected to be, something is clearly off.

Contract Law

Well, one thing is the piece of paper aspect. Normally a contract cannot be unilaterally changed. These modern-day computer software makers, however, tend to update their T&C’s with the fashion. In the old days you could then choose not to get that update or use something else. Not getting the update is not an option with App’ified software today. You have got to take that update and agree to the new terms or you’re on your way. And because they have that enourmous user base, there is no equivalently rich somewhere else. Social media software cannot realistically be substituted (unless they could talk to one another, but the industry knows how to lobby against any such insinuation). So essentially you cannot trust to be able to use the software in the future.

Privacy

One main point where they fail to convince me is due to their overwhelming need to squeeze the last drop of value out of my data. They now want to share what they know of me with all their family. It had to come one day, we all knew. A consequence is, that their terms now link to the terms of these other companies. And they want me to agree to these terms too. Call me old fashioned, but my piece of contract paper doesn’t yet know how to handle hyperlinks. This is a long way from being acceptable. I don’t want to bother myself with companies that they consider family, and I don’t want any of my data to show up in a leak in a cheap-labour or low-environmental-standards or weak-data-protection-laws country because they thought it could be better processed or cheaper stored there. Not now and not in 20 years time.

Risk Offloading

In the past software terms typically excluded liability and fitness for any purpose. I got used to that. At least such a deal cannot fire back. Worst thing that could happen is that I am off as well, or as bad, as I started, minus the price for the shoddy software. The WA terms, on the other hand, have this gem in their privacy policy: “We require each of these users and businesses to have lawful rights to collect, use, and share your information before providing any information to us”. This is about other users uploading your data to WA, and it means, that when they use WA and send your data to their servers, they enter a legal risk toward you because you have not agreed to the WA terms. It works the other way around as well, with you having the risk when uploading your grandma’s data.

I’d call that inappropriate offloading of risk, and it’s not ok, because there is no choice. I cannot choose not to upload my contacts or to upload only contact data of people that they know gave permission too - which is a problem they could solve. And it is quite far detached from reality because no one is going to ask their not-on-WA-contacts for this permission. Which would likely be declined anyway.

Additionally, with all this data on their computers, they now have a moral hazard when it comes to the protection of that data. When there’s a leak you gave them permission to store your contacts data, while at the same time forfeiting any right to make them liable for damages that could be incurred through their behaviour. With this moral hazard in place it is a matter of time before there will be a leak, as history tells.

Another thing here, and one of the more fundamental points, is that WA have the chuzpe to believe that their users want to have everything that can be soaked up by their apps uploaded to their computers. In the past, software with such behaviour was called a trojan horse.

Fair Data Use

Another problem with the contract is that, even if you are smart eough to read and understand it, you still don’t know what the deal is, and I think that’s a common problem these days too. Because all these companies that are big enough to play a role in the artificial intelligence businesses of the world collect and use your data to train their neural networks. So a first step for them is to store whatever they can get. But nobody knows, or can tell, what your data is going to be used for, because all this AI stuff is research in progress. The only thing that’s certain today, is that they allow themselves to take what they can from you. Oh and you can use a chat app.

Contract Intent

The folks at WA have of course heard the rumor about problems with their new terms and have extended the deadline. They appear to want to use the extra time to clear up some “misunderstandings”. But this is all marketing, i.e. lacking substance, because they use the time to change peoples minds instead of their terms. Thence this actually worsens the situation. They now say, in their FAQ, that privacy and security of my personal communications is unchanged, and also they provide further transparency.

And what does that mean? If Cisco is to be trusted, IT security means the prevention of unauthorized access. Security in this sense is therefore the bottom line of any internet facing software.

What about privacy? According to the Cambridge Dictionary, privacy is “someone’s right to keep their personal matters and relationships secret”. So, by being secure, they ensured the privacy of my communications, as they clearly point out. But this does not say anything about the privacy of my data, and actually they want to spread it around the planet as they like. When there’s a leak, the privacy of my data (and communications metadata), is out the window. Their overspecific meaning of privacy is actually not the common interpretation. There are very few things I dislike more, than someone trying to twist the meaning of words to try and make me agree to something that I would not otherwise agree to.

Why does it matter? Well, my data does include all my communications metadata too, and, as you know, if you have all the communications metadata you don’t need the actual data anymore. The links between the people are enough. And the links, the connections, between people can and are used to judge people, as history past and present tells.