Subscribe
About

WhatsApp moderators can read reported chats

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 10 Sep 2021

A recently released report by ProPublica has revealed that WhatsApp has more than 1 000 contract workers in Texas, Dublin and Singapore, acting as moderators to review user-reported content. 

They can read the messages of the more than two billion users of the messenger, with little regard for privacy and safety.

The moderators use special Facebook software to sift through millions of private messages, images and videos, scrutinising claims of everything from fraud and spam to child pornography and potential terrorist plotting.

They only have access to a subset of WhatsApp messages that have been flagged by users and automatically forwarded to WhatsApp as being possibly abusive.

Once the flagged content reaches them, ProPublica says moderators can see the last five messages in a thread.

“The review is one element in a broader monitoring operation in which the company also reviews material that is not encrypted, including data about the sender and their account,” says ProPublica.

During a Senate hearing in 2018, Mark Zuckerberg insisted that Facebook doesn’t see any of the content in WhatsApp, and that it’s fully encrypted.

The company has stressed this point so consistently that a flag with a similar assurance automatically appears on-screen before users send messages, assuring them that: “No one outside of this chat, not even WhatsApp, can read or listen to them.”

This begs the question about what “end-to-end encryption” means to the company, as by its definition means that only the recipient and sender should possess the digital tokens that enable a message to become legible.

WhatsApp also came under fire earlier this year over privacy concerns when it announced that it will be sharing its data with parent company Facebook. Many boycotted the app in favour of rivals Telegram and Signal Messenger.

Gathering metadata

In its terms of service WhatsApp discloses that when an account is reported, it “receives the most recent messages” from the reported group or user as well as “information on your recent interactions with the reported user.”

However, it does not specify that the information that is viewable by moderators, could include phone numbers, profile photos, linked Facebook and Instagram accounts, their IP address, and mobile phone ID.

Moreover, WhatsApp fails to disclose the fact that it gathers all users’ metadata irrespective of their privacy settings.

Several of the contentions made by WhatsApp’s moderators are reiterated by a confidential whistleblower complaint filed last year with the US Securities and Exchange Commission.

Playing it down

The complaint, which ProPublica managed to get its hands on, goes into some detail on WhatsApp’s extensive use of outside contractors, AI systems and account information to inspect user messages, images and videos.

Facebook has downplayed how much data it collects from WhatsApp users, what it does with it and how much it shares with law enforcement and other authorities.

Carl Woog, WhatsApp’s director of communications, acknowledged to ProPublica that teams of contractors review WhatsApp messages to pinpoint and remove “the worst” abusers. However, he said that the messenger does not consider this to be content moderation.

“We actually don’t typically use the term for WhatsApp,” added Woog.

False conclusions

According to Victor Chebyshev, a senior security researcher at Kaspersky’s GReAT, under the terms conditions, if a user complains about inappropriate content or someone's account, the service then has access to their recent messages. “Numerous people have falsely concluded that this regulation annuls end-to-end encryption.”

He says it is important to distinguish between such terms as end-to-end encryption and the ‘report’ button, because they are completely different algorithms.

End-to-end encryption gives the user and recipient a special key to unlock and read messages. Even if the messenger provides end-to-end encryption, it doesn’t mean that the person you are chatting to cannot send private messages from the chat to someone else without your knowledge.

“And vice versa – after hitting the ‘report’ button, WhatsApp moderators do not get access to all of your data and collect it. They receive information that you provide them with only after you ask. Hence, it’s not realistic to claim that WhatsApp gets access to exactly five recent messages, as claimed. We conclude this based only on WhatsApp’s Terms and Conditions, nevertheless, there is no technical proof for this assumption yet.”

In terms of privacy concerns, Chebyshev says it is important to remember that no type of online communication can be 100% private. “The presence of encryption and trust in an application are completely different things – and trusting the person you are chatting with is a whole different issue. Even the most secret and protected chat can be photographed, and likewise, end-to-end traffic encryption does not mean that the other person will not send your message to someone else.”

Share