Thursday, January 28, 2021

WhatsApp's New Privacy Policy: Collecting Metadata and Its Implications

This article is by

Share this article

Article Contributor(s)

Vaishnavi Krishna Mohan

Article Title

WhatsApp's New Privacy Policy: Collecting Metadata and Its Implications

Publisher

Global Views 360

Publication Date

January 28, 2021

URL

Representative Image WhatsApp

Representative Image WhatsApp | Source: Rachit Tank via Unsplash

According to WhatsApp’s new privacy policy, the app is set to collect “only” user’s Metadata. Metadata can reveal a lot more than merely the app usage of a person. Former NSA General Counsel Stewart Baker stated, “Metadata absolutely tells you everything about somebody’s life. If you have enough metadata you don’t really need content.”

This article explores the ways in which WhatsApp is underselling the true estimation of the significance of Metadata.

Facebook owned WhatsApp recently announced the update of its privacy policy terms. 8th of February, 2021 was initially set as the deadline for users to either accept the new privacy policy or delete their account. By this time, most of us have already witnessed or been a part of the backlash that WhatsApp is experiencing. LocalCircles conducted a survey and the results indicated that 15% of India’s users are likely to move away entirely from the app while 36% will drastically reduce the usage and 67% of users are likely to discontinue chats with WhatsApp business accounts.

To reinstall trust in its users, WhatsApp released a clarification stating that the new policy update doesn’t compromise privacy of messages with friends and family. Furthermore, it explains that the update includes changes related to WhatsApp business accounts are optional too.

However, owing to severe backlash, WhatsApp has pushed the deadline to May 15 while they further clarify their policy updates.

It is true that WhatsApp cannot read our messages as it is end-to-end encrypted which implies that only a message’s sender and receiver can read it. The updated privacy policy intends to alert users that some businesses would soon be using Facebook-servers to store messages with their customers. By accepting the new privacy policy, users will be allowing WhatsApp to reserve all rights to collect your data and share it with the expansive Facebook and Instagram networks ‘regardless of whether you have profiles on those apps.’

A person using WhatsApp | Source: Andrés Rodríguez via Pixabay

By using WhatsApp, you may now be sharing your usage data, your phone’s unique identifier, your location when the location service is enabled, among several other types of metadata. A culmination of all your metadata is linked to your identity.

The value of metadata has been underestimated since the term isn’t clearly understood. Metadata is data about our data. For instance, in a cell phone conversation, the conversation itself isn’t metadata but everything except that is metadata. Data regarding who you called, how long you spoke for, where you were when you placed the call, where the other person on the line was and the time you placed the call. Consider a situation when every time you made a call to someone, you had to inform a particular person about who you called, how long you spoke for, when and where and all other details except the content spoken. This applies for every single call and everyone else’s metadata is also being recorded. The person owning the metadata can analyze and tell a lot about your personal life. Who you work with, who you spend time with, who you are close to, where you are at particular times and so on…

Kurt Opsahl, in his post in the Electronic Frontier Foundation, gives an example of how companies and governments collect intimate details about your life with the disguised use of the word called metadata. The following examples are an excerpt of his article:

“They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. They know that you called suicide prevention hotline from the Golden Gate Bridge.

They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour.

They know you called a gynaecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day. But nobody knows what you spoke about.”

Metadata provides more than required context to know some of the most intimate and personal details of your lives.  When this data is correlated with the records of other phone calls, one can easily obtain a lot more data and track our daily routines. This is merely about phone calls. WhatsApp includes a lot more features and will collect metadata of chats, businesses and money transactions.

In WhatsApp’s words:

“We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.”

In addition to this, WhatsApp also collects information about IP address, OS, browser information and phone number.

Stanford’s computer scientists conducted an analysis to understand the extent of intrusion of privacy using metadata. The scientists built an app for smartphones. The app was developed to retrieve metadata of calls and text messages from more than 800 volunteers’ phone logs. The researchers received records of more than 250,000 calls and 1.2 million texts. Their inexpensive analysis revealed personal details of several people like their health records. Researchers were also able to learn that one of their participants owned an AR semi-automatic rifle with only metadata.

Gen. Michael Hayden | Source: Wikimedia

Gen. Michael Hayden, the former head of the National Security Agency once stated that “the U.S. government kill[s] people based on metadata.”

In 2016, Facebook was involved in the infamous data privacy scandal which centered around collection of personal data of over 87 million people by Cambridge Analytica, a political consulting and strategic analyst firm. The organization harvested user data for targeted advertising, particularly political advertising during the 2016 U.S. election. While the central offender was Cambridge Analytica, the apparent indifference for data privacy to Facebook facilitated Cambridge Analytical and several other organizations.

In June 2018, Facebook confirmed that it was sharing data with at least 4 Chinese companies, Huawei, Oppo, Lenovo and TCL. Facebook was under scrutiny from the U.S. intelligence agencies on security issues as they claimed that the data with the Chinese telecommunication companies would provide an opportunity for a foreign espionage.

In September 2019, there were reports that the Indian government contemplated making it mandatory for companies like Google, Facebook, and Amazon, to share the public data of users.

The Ministry of Electronics and IT (MeitY) was planning on issuing new guidelines under the Information Technology Act which according to which tech giants would have been required to share freely available data or the public information that they collate in the course of their operations, including traffic, buying and illness patterns.

Europe is exempted from WhatsApp’s new privacy policy as EU antitrust authorities fined Facebook 110 million euros for misleading the regulators during the takeover of WhatsApp in 2014. EU’s strict privacy laws empowers regulators to fine up to 4% of global annual revenue of the companies that breach the bloc’s rules.

Your Metadata is extremely personal. By giving WhatsApp the authority to access it, you are giving access to several other organizations, businesses and it also makes you more vulnerable to third-party hackers and trackers. WhatsApp has given multiple assurances about its updated privacy policy being noninvasive. However, most of these assurances are cleverly worded and misleading statements. It is important to read through the fine print of the new policy before accepting it.

Support us to bring the world closer

To keep our content accessible we don't charge anything from our readers and rely on donations to continue working. Your support is critical in keeping Global Views 360 independent and helps us to present a well-rounded world view on different international issues for you. Every contribution, however big or small, is valuable for us to keep on delivering in future as well.

Support Us

Share this article

Read More

April 13, 2021 2:10 PM

Detecting The Ultra-High Energy Cosmic Rays With Smartphones

Smartphones have become the most commonplace objects in our daily lives. The unimaginable power that we hold in our hands is unrealized by most of us and, more importantly, untapped. Its creativity often gets misused but one can only hope that it’s fascinating abilities would be utilized. For example, did you know that the millions of phones around the globe can be connected to form a particle detector? The following article covers the CRAYFIS (Cosmic RAYs Found in Smartphones) phone-based application developed by the physicists from the University of California—Daniel Whiteson, Michael Mulhearn, and their team. CRAYFIS aims to take advantage of the large network of smartphones around the world and detect the cosmic or gamma rays bursts which enter the Earth’s atmosphere almost constantly.

What Are Cosmic Rays?

Cosmic rays are high velocity subatomic particles bombarding the Earth’s upper atmosphere continuously. Cosmic ray bursts have the highest energy compared to all forms of electro-magnetic radiation. When we say ultra-high energy particles (energy more than 1018^eV), we mean two million times more energetic than the ones that can be produced by the particle colliders on Earth.  These rays are thought to be more powerful than typical supernovae and can release trillions of times more energy than the Sun. They are also highly unpredictable as they can enter Earth’s atmosphere from any direction and the bursts can last for any period of time ranging from a few thousand seconds to several minutes.

Despite many theoretical hypotheses, the sources of these ultra-high energy cosmic rays are still a mystery to us even after many decades of their discovery. These rays were initially discovered in the 1960’s by the U.S. military when they were doing background checks for gamma rays after nuclear weapon testing. Cosmologists suggest that these bursts could be the result of super massive stars collapsing - leading to hypernova; or can be retraced to collisions of black holes with other black holes or neutron stars.

How Do We Detect Them?

When the high-energy particles collide with the Earth’s atmosphere, the air and the gas molecules cause them to break apart and create massive showers of relatively low-energy particles. Aurora borealis i.e., the Northern and the Southern lights are the lights that are emitted when these cosmic rays interact with the Earth’s magnetic field. Currently, these particles are hitting the Earth at a rate of about one per square meter per second. The showers get scattered to a radius of one or two kilometers consisting mostly of high-energy photons, electrons, positrons and muons. But the fact that these particles can hit the Earth anytime and anywhere is where the problem arises. Since the Earth has a massive area, it is not possible to place a detector everywhere and catch them at the exact moment.

Energetic charged particles known as cosmic rays hit our atmosphere, where they collide with air molecules to produce a shower of secondary particle | Source: CERN

Detecting such a shower requires a very big telescope, which logically means a network of individual particle detectors distributed over a mile or two-wide radius and connected to each other. The Pierre Auger Observatory in South America is the only such arrangement where 1,600 particle detectors have been scattered on 3,000 square kilometers of land. But the construction cost of the same was about $100 million. Yet, only a few cosmic ray particles could be detected using this arrangement. How do we spread this network around the Earth?

In addition to being cost-effective, such a setup must also be feasible. The Earth’s surface cannot possibly be dotted with particle detectors which cost huge fortunes. This is where smartphones come into the picture.

Detecting The Particles Using Smartphones

Smartphones are the most appropriate devices required to solve the problem. They have planet wide coverage, are affordable by most people and are being actively used by more than 1.5 billion users around the planet. Individually, these devices are low and inefficient; but a considerably dense network of such devices can give us a chance to detect cosmic ray showers belonging to the highest energy range.

Previous research has shown that smartphones have the capability of detecting ionizing radiation. The camera is the most sensitive part of the smartphone and is just the device required to meet our expectations. A CMOS (Complementary Metal Oxide Semiconductor) device is present in the camera- in which silicon photodiode pixels produce electron-hole pairs when struck by visible photons (when photons are detected by the CMOS device, it leaves traces of weakly activated pixels). The incoming rays are also laced with other noises and interference from the surroundings.  Although these devices are made to detect visible light, they still have the capability of detecting higher-energy photons and also low-ionizing particles such as the muons.

A screenshot from the app which shows the exposure time, the events- the number of particles recorded and other properties

To avoid normal light, the CRAYFIS application is to be run during nighttime with the camera facing down. As the phone processor runs the application it collects data from its surroundings using a camera as its detector element. The megapixel images (i.e., the incoming particles) are scanned at a speed of 5 to 15 frames per second, depending on the frame-processing speed of the device. Scientists expect that signals from the cosmic rays would occur rarely, i.e., around one in 500 frames. Also, there is the job of removing background data. An algorithm was created to tune the incoming particle shower by setting a threshold frequency at around 0.1 frames per second. Frames containing pixels above the threshold are stored and passed to the second stage which examines the stored frames, saving only the pixels above a second, lower threshold.

The CRAYFIS app is designed to run when the phone is not being used and when it is connected to a power source. The actual performance would be widely affected by the geometry of the smartphone’s camera and the conditions in which the data is being collected. Further, once the application is installed and is in the operating mode, no participation is required from the user, which is required to achieve wide-scale participation. When a Wifi connection is available the collected data would be uploaded to the central server so that it could be interpreted.

There is much complicated math used to trace back the information collected from the application. The most important parameters for the app are the local density of incoming particles, the detection area of the phone and the particle identification efficiency. These parameters are used to find the mean number of candidates (photons or muons) being detected. Further, the probability that a phone will detect no candidates or the probability that a phone will detect one or more candidates is given by Poisson distribution. The density of the shower is directly proportional to the incident particle energy with a distribution in x and y sensitive to the direction in which the particle came from. An Unbinned Likelihood (it is the probability of obtaining a certain data- in this case the distribution of the cosmic rays including their energy and direction, the obtained data is arranged into bins which are very, very small) analysis is used to determine the incident particle energy and direction. To eliminate background interference, a benchmark requirement has been set that at least 5 phones must detect and register a hit to be considered as a candidate.

It is impossible to express just how mind-blowing this innovation is. As the days pass, Science and Technology around us keep on surprising us and challenge us to rack our brains for more and more unique ways to deal with complex problems. The CRAYFIS app is simply beautiful and it would be a dream-come-true to the scientists if the project works out and we are able to detect these high energy, super intimidating cosmic rays with smartphones from our backyard.

Further Reading

The paper by Daniel Whiteson and team can be found here.

An exciting book “We Have No Idea” by Daniel Whiteson and cartoonist Jorge Cham can be found here.

The CRAYFIS app can be found here.

Read More