Disappointed to see The Markup share advice for people to use WhatsApp in its post about preparing your phone for a protest, and that it's coming from "digital security trainers."
Metadata literally kills, and WhatsApp is swimming in it. The metadata they collect includes:
Groups you're a member of, location, personal info (email, phone number, user IDs), contacts and their phone numbers, in-app search history, when you use the app & how often you use it. E2EE alone doesn't guarantee #privacy
@[email protected] people who use any #centralized, #SingleVendor and/or #SingleProvider #Communications Service like @[email protected] , #WhatsApp, #Telegram, ... for anythibg serious should be disqualified per law to teach others about #InfoSec, #ComSec, #OpSec or #ITsec, because their #Disinformation will sooner or later kill people! Use proper #E2EE and exercise #SelfCustody of #Keys, like with #XMPP+#OMEMO. Fortunately, @[email protected] / #MonoclesChat, @[email protected] and others make that easy to do. Fon't forget to *NEVER EVER* use #biometrics to unlock devices, properly encrypt your stuff and tunnel all comms over @[email protected] / #Tor so even if they eavedrop your entire comms, all they get is a garbled mess you can't decrypt even if you wanted to!
@alshafei There's also some evidence that they've got more than just metadata...and it's closed-source, so you can't really know:
@fabrice Thank you, what about media forwards?
From their privacy policy: "When a user forwards media within a message, we store that media temporarily in encrypted form on our servers to aid in more efficient delivery of additional forwards."
This implies that forwarded media is not end-to-end encrypted, but rather server-side encrypted. Can you confirm? If WhatsApp is able to forward previously sent media without re-uploading it, it seems to mean that the media encryption is not E2E?
Esra'a
Kevin Karhan 
SlightlyCyberpunk
Fabrice Desré