If someone using whatsapp for example on there grapheneos phone, does grapheneos prevent sending some metadata to whatsapp?
so yes, what kind of metadata exactly and which not? (probably not phone number)
If someone using whatsapp for example on there grapheneos phone, does grapheneos prevent sending some metadata to whatsapp?
so yes, what kind of metadata exactly and which not? (probably not phone number)
yourmother what kind of probing question is this? Can you be more specific? I absolutely adore people who are dying to get a ready made solution and join this forum just for this purpose. Introduce yourself, tell us what your problem is and perhaps we can help you.
yourmother No.
yourmother If someone using whatsapp for example on there grapheneos phone, does grapheneos prevent sending some metadata to whatsapp?
The FAQ contains a lot of information, including this: https://grapheneos.org/faq#hardware-identifiers
yourmother Realistically, there's not going to be much difference in the metadata you send to WhatsApp using GrapheneOS compared to stock Android. There are some benefits of the additional hardening of GrapheneOS, as per the features https://grapheneos.org/features listed, but most of the metadata is provided by you using the app itself.
GrapheneOS does help limit WhatsApp's use of sensitive permissions, which can help somewhat. The camera, microphone and location permissions you can give access one time only, if required at all. Only select Files and Contacts can be shared with Storage and Contact scopes features.
On WhatsApp, conversations are end-to-end encrypted, meaning the content of the messages can't be read by WhatsApp. But WhatsApp lacks a feature like Sealed Sender from Signal which when enabled has minimal metadata collection: https://signal.org/blog/sealed-sender/. Broadly speaking, this means that WhatsApp knows when and with whom you are speaking, but not what you are saying.
Metadata can be collected and used, as per WhatsApp's privacy policy: https://www.whatsapp.com/legal/privacy-policy.
Their privacy policy can also be arbitrarily changed, the most recent of which in 2021 generated a fair amount of controversy:
https://www.wired.co.uk/article/whatsapp-instagram-facebook-data.
Hope that somewhat helps to clarify things for you.
treequell
thank you very much for your answer. i appreciate it
Bit disappointing that grapheneos can't do more about it
that no-one has invented a sandbox or virtualbox or something that can filter or scrambled the metadata.
yourmother That's not possible. WhatsApp is garbage, and there is nothing that can be done about it. Only Meta can change that, but they won't because they make good money from your metadata.
You should be disappointed by WhatsApp and Meta and not by anything else.
yourmother GrapheneOS cannot, should not and will not somehow arbitrarily modify Whatsapp at runtime and send less metadata to Whatsapp servers, because Whatsapp servers will detect that as a malicious and may block the device from using Whatsapp.
I'm probably fooling myself with this setup, but to minimize the amount of data collection from Whatsapp, I do the following:
I know this will not block all trackers or will not limit all data collection within the app. Unfortunately for a number of my contacts, it's either that or using SMS. they won't move to alternatives like Signal etc. because they don't want another app on their phone....
What are metadata ? They are the time, the sender, the receiver of a message for example. There is no way you can prevent any communication app from accessing that kind of data. Plus I suppose they collect data such as what kind of terminal you are using, ... So the best (if not only) way to avoid WhatsApp from getting metadata from you is not to use WhatsApp.
Max-Zorin I run Whatsapp through a VPN (in my case Adguard) and enable a tracker blocking DNS within the VPN app
why? vpn does not preventing collecting private data.
metadata like time, the sender, the receiver of a message etc are in the message. vpn can'nt block that.
So Whatsapp / Meta doesn't know my real IP address as I'm assuming it collects that information. I have the VPN location in another city.
I also use a burner phone number and not my main number for Whatsapp.
Max-Zorin I also use a burner phone number and not my main number for Whatsapp.
What's the point of using burner number with WhatsApp/Signal? Numbers are there to make it easier for others to find you (ostensibly). But even if you initiate every conversation, having some random number has to create some amount of cognitive burden for family/friends/colleagues. Unless you're using WhatsApp to participate in random groups outside of your circle of friends or something along those lines.
WhatsApp already has your main number anyway.
I use WhatsApp as my secondary messenger. Because pretty much everyone has it, it allows for E2EE messaging with anyone without pestering people to install yet another messenger so we can exchange some mundane information.
I don't stress about metadata collection too much even though WhatsApp privacy notices remains pretty opaque.
That said, if someone wants to have regular back-and-fourths with me, I will insist on moving to Signal. I find it's a good balance and I have yet to encounter any resistance.
What really creeps me out is Telegram, not WhatsApp.
[deleted] What really creeps me out is Telegram, not WhatsApp.
I also don't like Telegram, because to have a fully encrypted conversation using opensource part of the messenger, you have to specifically initiate "Secret Chat". Which is OK, but inconvenient when you like to continue the same conversation on a desktop client...
katemason As Moxie put it, Telegram app on your phone is just a "view" onto their servers, where the data actually lives.
And as anyone who ever used it in the wild with 'regular' folks can attest, no one is using their Secret Chats. But to stay on topic, unlike WhatsApp which at least tries to put its metadata retention in semi-concrete terms involving time periods, Telegram privacy notice doesn't even make an attempt at that, basically saying they store what they store as long as it is necessary.
Ever-present Durov rants, their silly 'No-SIM Signup' and other blockchain nonsense also do any inspire any confidence in its future.
When it comes to E2EE messaging defaults matter as this study demonstrates. The amount of people I meet that insist on moving our conversation from WhatsApp to Telegram because 'it's more secure that way' is pretty amazing. Telegram's marketing has really done a number on a lot of people
Hello, treequell
I recently sent a product link to my friend who lives abroad to buy it for me. I didnt search for it anywhere. Soon as i opened insta, adflood began related to that product. I never searched for anything related to that product before. I used hardened brave to search for the link.
Max-Zorin I haven't used WhatsApp for years but am currently thinking about a similar setup (because of people who refuse to install literally anything else), but what I am asking myself regarding the VPN: Is WhatsApp able to e.g. access the current radio cell my smartphone is logged in? Or is it able to scan all nearby WiFis? Because then the VPN would not be so helpful because they can always get your location from these sources.
That's a good question and I really can't answer it. Like I said in my original post, maybe I'm fooling myself on some things with my setup.
I was hoping with the location permission denied to Whatsapp, even if I gave it Network permission somehow the location would not be included through WiFi scanning or Cell tower scanning. But to know that someone would need to understand the inner workings of GOS and Android.