Mastodawn

#ASA #Complaint #Meta #WhatsApp

For those who are interested I have made a formal complaint to the ASA -

https://www.asa.org.uk/

The ad appeared in The Times on Saturday 12 July and the photo of the ad is in my original text. I will post any responses I get from them (other than the acknowledgement). Feel free to do it yourselves. The lying bar stewards.

Home

The Advertising Standards Authority (ASA) is UK's regulator of advertising. We apply the Ad Codes, written by the Committees of Advertising Practice (CAP).

Gauff 🇪🇺Jul 12

@Wen And the most pervert thing is, IMHO, that the #whatsapp encryption is indeed strong, preventing the *service* from leaking. It is sort of a "safe pipe"...

... But since #Meta has access to your keyboard, microphone, camera, contacts, etc, they can anyway intercept anything you type, do and say even before it is sent through this "safe pipe". Same thing on the receiver side!

Even worse: why the hell would they advertise if it would not see a clear return on investment, either financial or via the exploitation of our private data to feed their #IA and profiling algorithms?

I don't get how so many people don't question this!

jtb Jul 12

@gaufff And the app is closed source, so you don't actually know what it is doing. It might decrypt your message and send it somewhere else. Illegality doesn't bother Meta, we know that.

All of this is hopeless though, because everyone is using it. Eventually when Meta has taken over the entire communications infrastructure, only then will someone say, was that a good idea?
#signal #whatsapp #privacy #security #crime #organisedcrime

@gaufff @Wen How do they have my keyboard, my camera, and my microphone? I don't get it.

Wen Jul 13

@Okuna @gaufff If you are running their software unless the OS is blocking access to them (which would certainly negate the value of the keyboard to your use of the app) then what don’t you understand

@Wen @gaufff that i get a message when they try to access any of those. And hence it is my decision if I allow them. Additionally I see a light when my can or mic are active

Gauff 🇪🇺Jul 13

@Okuna @Wen I'm not *the* expert at this, maybe others will be able to elaborate on this, but I do not trust this at all.

When you give them access (mic for example), nothing states that you give them access "for this app only", right? To me, it means that they have access to those "sources" all the time.

The many many stories about people getting ads for stuff they just discussed while their phone was around (but not actively used) tends to confirm this.

To me, this is in no way paranoia. But such apps being closed source, we can never know what they do for sure.

Wen Jul 13

@gaufff @Okuna You can frequently do this on a per app/per active app basis, but I am sure many don’t.

At the same time, I am dubious on the (multiple) claims of listening in for ads. Two reasons, 1) their use would leak 2) some will be coincidence but some will be tracking individuals who are linked already - so if Fred is interested in bondage aids, Wilma, in their address book might get the same ads (simplified links obviously )

@gaufff @Wen your worries are fundamentally wrong.
Depending on OS but you give access to mic or cam per App. And when you give access to app a and prohibit for app b b has no access. Apps are sandboxed.
Facebook has violated some things in the past, but that led the operating system providers to improve the security.

Gauff 🇪🇺Jul 13

@Okuna @Wen I appreciate the feedback, thank you. And as I said, my overall knowledge is quite OK but my detailed technical knowledge is very limited. Especially on mobile devices (#iPhone , #Android , alternatives like #GrapheneOS , ...).

Still: is it still fair to say that my trust could indeed be higher if source code of these apps (apps developed by the GAFAMs and run on devices sold by those GAFAMs) would be open and available to all for review and contribution? Are apps really sandboxes on all those #OS ?

Without that, what prevents them from doing exactly what they want with our #privacy

#opensource

@Wen @gaufff and they o ly I have access to my keyboard when I use their app. If I don't use their app, my keyboard is protected from them.

Pam C Jul 12

@Wen In the UK this could be considered false advertising and can be reported to the advertising standards authority.

Adam Dalliance Jul 12

@Wen So the image there is about right then, they can't see half the message (the actual message content) but they can see the other half (The context: your location, your address book, who you are, who you are messaging, when you last met, which friends you have in common, linked to everything posted in your facebook account)

Doerk Jul 12

@pre @Wen They also can see how long it takes until you read a message from a certain sender. There are so many conclusions that can be drawn from this. And unlike the original message, it’s very easy to mass-analyse these metadata.

https://roelant.net/en/2025/meta-ai-has-access-to-your-encrypted-whatsapp-messages/

Roelant Jul 12

@Wen @helma and their AI cán actually read it. 👀

I've posted something about it for easy reference:

Meta AI has access to your encrypted WhatsApp messages – Roelant.net

AlexTECPlayz Jul 12

@roelant @Wen @helma Meta AI messages on WhatsApp use E2EE, but obviously the key is specifically shared with Meta, so that they can generate the response and send it back via a message.

It's clearly mentioned in the WhatsApp Help Center (https://faq.whatsapp.com/1002544104126998):
"The most important thing to know is that your personal messages with friends and family are off limits. AIs can read what is shared with them. [...] Talking to an AI provided by Meta doesn't link you personal WhatsApp account information on Facebook, Instagram, or any other apps provided by Meta." and About Meta AI (https://faq.whatsapp.com/2257017191175152):

"When you choose to use these features, Meta receives your prompts, the messages you share, and feedback to deliver relevant responses directly to you.

Only people that mention @/Meta AI, or that people choose to share with Meta AI, can be read by Meta. Meta can't read any other messages in your personal chats."

Also sourcing their white paper for more technical details: https://scontent.fclj2-1.fna.fbcdn.net/v/t39.8562-6/456045578_868167208055607_7997729792527463495_n.pdf?_nc_cat=107&ccb=1-7&_nc_sid=b8d81d&_nc_ohc=Zw7UZPd_vngQ7kNvwE7lwYu&_nc_oc=Adlbx217y4C7z4SM9DtZBeCjNwCNO7ZqeCxWATsh0TkbCWLkQ3qJj1gBY0pitk6q9bRDHV89-1z8jlkkrUuLGR5I&_nc_zt=14&_nc_ht=scontent.fclj2-1.fna&_nc_gid=aEv7_QsE_aLJzeCbH9qJiA&oh=00_AfT3kmxw0WVkcE2CI7j5cF7Wiyvd_Rz8-dXOKFvfKhwttA&oe=68782163

About using AI experiences available through WhatsApp | WhatsApp Help Center

AlexTECPlayz Jul 12

@roelant @Wen @helma And as for the article you cited, The Guardian has received a response from a Meta spokesperson:

"Meta AI is trained on a combination of licensed and publicly available datasets, not on the phone numbers people use to register for WhatsApp or their private conversations,” a spokesperson said. “A quick online search shows the phone number mistakenly provided by Meta AI is both publicly available and shares the same first five digits as the TransPennine Express customer service number.”

So, nothing private was shared. The AI hallucinated a phone number similar to the official one, or the supposedly 'private' phone number was actually part of a public dataset that Meta AI used for the training data. Again, no personal information was shared from WhatsApp.

@alextecplayz @roelant @helma ‘’What you send to Meta may be used to provide you with accurate responses, so don’t send messages to Meta with information you don’t want it to know. ‘ - from the WhatsApp FAQ

@alextecplayz @roelant @helma And from the same FAQ

'What you send to Meta may be used to provide you with accurate responses, so don’t send messages to Meta with information you don’t want it to know. '

https://engineering.fb.com/2025/04/29/security/whatsapp-private-processing-ai-tools/

Roelant Jul 13

@alextecplayz The thing I'm talking about is this:

The link didn't came across when I translated the Dutch article, I've added it back in. You'll find that this information is newer than the whitepaper you mention (and the whitepaper has no reference to it yet).

As @Wen already pointed out, the FAQ's actually only prove that Meta can grant themselves access to encrypted messages, which was the actual point I was making.

Currently they do so at the request of a participants of a conversation only (according to those FAQ 's). But like "we'll never put ads in WhatsApp", there's nothing stopping them from changing that later.

Considering their 180 degree turn on ads, the fact that they've already controversially started using IG and FB data to train their AI without opt in, what's to stop them from WA being the next step once the infrastructure is there?

I've stopped giving them the benefit of the doubt long ago and they've done nothing to prove me wrong since.

As for the phone number incident, I've never suggested anything about it, other then that it was the thing that got the discovery going. Truth be told I think we'll never know for sure where the AI got it from.

Cc: @helma

Building Private Processing for AI tools on WhatsApp

We are inspired by the possibilities of AI to help people be more creative, productive, and stay closely connected on WhatsApp, so we set out to build a new technology that allows our users around …

Engineering at Meta

stealthradek Jul 12

@Wen I think this needs to be reported as false advertising. How come their AI can write summaries then? From hashes?

Draken BlackKnight Jul 12

@Wen
USAF Gen. Michael Hayden, when he was the CIA director, once said in a testimony before Congress "We kill people based on metadata."

Gabriel Adrian Samfira Jul 12

@Wen it also doesn't really matter that the message you put on the wire is encrypted if the OS reads your entire screen and offers to "translate to English" all your messages.

#whatsapp #privacynightmare

oxidand Jul 12

@Wen

You can't even trust them with the content of your messages anymore, because their "AI" will now read them ("privately", of course)

@oxidand Is that actually the case (haven’t paid too much attention to recent announcement) - I did believe that for all their faults it was E2E?

https://www.theverge.com/news/693310/whatsapp-ai-message-summaries-meta

oxidand Jul 12

@Wen

WhatsApp rolls out AI-generated summaries for private messages

WhatsApp is launching new AI-powered message summaries that can give you a rundown on what you missed in your group chat.

The Verge

Jaroslav Svoboda Jul 12

@Wen or use @matrix

SirWumpus 👾🍁Jul 12

@Wen I prefer Wire over Signal. Signal requires a smart phone, whereas Wire works from the desktop, WUI, or mobile app and you are not tied to a identifying phone number. Same E2EE, 1-on-1 or group; the usual features, even TTL messages.

@sirwumpus I am aware of it but have never used it. I take your point over the mobile, but Signal is still pretty good. Managed to get most of my friend and social group to use it - we already did so for work.

SirWumpus 👾🍁Jul 12

@Wen I tried to get a Signal account, but I could only register from a SmartPhone, which I don't own. They would not let me register from a desktop. I see that as a failing.

@sirwumpus It is a limitation - but I might argue it was not a failing - it was designed that way. Mabe pedantic but..

https://www.cpomagazine.com/data-privacy/top-tech-companies-condemn-gchq-proposal-to-listen-in-on-encrypted-chats/

Dim Simple Jul 12

@Wen WhatsApp can read your messages.

On top of that, AI "assistants" from Google and Apple want to scan your messaging apps.

@dimsimple See note on formal complaint.

Riquiñez

Jul 12

@Wen It is easier than that. They say that but... Can anyone check the code? Nope

So, that's only marketing. And it makes me wonder why they invest money trying to convince us their app is safe. If they can't get any info from the app, why would they be even interested in us using it? 🤔

@andrewblasco Of course and reasonable points - users are the product as I seem to remember from years back. But I still think the complaint is valid - because if it is upheld (big if) it will get reported.

Kiru Jul 12

@Wen i say this frequently, but they could if they wanted to, E2EE is relatively useless if the app isn't open source, nothing theoretically is stopping it from merely sending off the message once it has been decrypted

it merely prevents MITM attacks

sheislaurence Jul 12

@Wen they 💯 % use word recognition on voice conversations. I once talked (voicecall) to a friend over Whatsapp about a 'bilboquet' (cup & ball toy), which is a very VERY VERY niche word that nobody ever uses. I never wrote it nor mentioned it anywhere else. Following day? Bilboquet ads on #FACEBOOK no less. I didn't even have the FB app on my phone. and that was before AI (yes, voice recognition has been around for some time). #Meta does whatever the f*** it likes, unhinged, unchecked.

CyberFrog Jul 12

@Wen I tried to install whatsapp yesterday for the first time, not only did it prompt me in 3 different ways to share my phone's entire address book with them (including to automate "verification", scummy af) but their entire goddamn app literally REFUSES to let me message anyone unless I share the phone address book with them even after verifying my number

also it was plastered with AI from the start, for no reason at all... I uninstalled it immediately, I'm not giving them my phone's address book and I refuse to be forced into it just to use an app that only actually requires a goddamn phone number to find people, which I could type manually very easily.... such bullshit

Kurt Jul 12

@Wen That can _ n o t _ be proven! Before ANY crypting occurs, Android (which is - as it belongs to Google to 100% - known for it's limited trustworthiness) can do with any keystroke what ever it wants. So the "security" of ANY app is irrelevant as long as it runs on a not trustworthy OS - period!