WhatsApp moderators can read your messages, says report

Facebook has repeatedly claimed that nobody can read end-to-end encrypted messages sent between WhatApp users

WhatsApp, which uses end-to-end encryption and makes a big deal about privacy, is not actually as private as owner Facebook claims, according to a new report by ProPublica.

According to ProPublica, Facebook's moderator contract firm, Accenture, employs at least 1,000 moderators who sit in offices in Texas, Austin, Dublin and Singapore and sift through users' private messages, flagged by the service's own algorithms and other users.

The moderators review flagged message for spam, blackmail, hate speech, disinformation, potential terrorist threats, and 'sexually oriented businesses'. Based on the content, they can block the account, put it 'on watch' or leave it alone.

Once the flagged message reaches them, moderators can see the last five messages in a thread.

WhatsApp moderators told ProPublica that the service's machine learning algorithms often misidentify content. For instance, they frequently misunderstand pictures of kids in a bathtub as being abusive.

If true, this arrangement contradicts claims from WhatsApp that it does not read end-to-end encrypted messages sent between users.

In 2018, when US authorities began their initial probe into Facebook, the company's founder and CEO Mark Zuckerberg announced in the Senate that all content on WhatsApp is encrypted. He clearly stated, "We don't see any of the content in WhatsApp, it's fully encrypted."

Now, it appears that that just isn't true - even if your conversations are perfectly innocent, if WhatsApp's machine learning system flags as many false positives as implied.

Earlier this year, WhatsApp challenged a new law in India that required the messaging platform to allow law enforcement officials to see suspects' messages.

"Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people's right to privacy," the service told Reuters earlier this year.

A Facebook representative told 9to5Mac that all WhatsApp messages are end-to-end encrypted, and the ProPublica report was based on an apparent misunderstanding.

The spokesperson added that WhatsApp allows users to report abuse, and those reports - not messages - are reviewed by contractors.

The spokesperson did not clarify whether those reports included message logs.

"WhatsApp provides a way for people to report spam or abuse, which includes sharing the most recent messages in a chat. This feature is important for preventing the worst abuse on the internet. We strongly disagree with the notion that accepting reports a user chooses to send us is incompatible with end-to-end encryption.

"We build WhatsApp in a manner that limits the data we collect while providing us tools to prevent spam, investigate threats, and ban those engaged in abuse, including based on user reports we receive.

"This work takes extraordinary effort from security experts and a valued trust and safety team that works tirelessly to help provide the world with private communication."

The ProPublica report comes days after Ireland's Data Protection Commission (DPC) issued a fine of €225 million (about £193 million) to WhatsApp, for breaching European data privacy rules.

The watchdog said the messaging platform did not properly inform EU citizens about how it handles their personal data. It also failed to notify users how it shares their information with its parent, Facebook.

The DPC ordered WhatsApp to change both its privacy policy and how it communicates with users about sharing their data with other firms.