Added: ProPublica updated its article on September 8 to clarify that this does not mean that WhatsApp's end-to-end encryption has been compromised

Don't worry: WhatsApp is secure

Pro Publica, a non-profit news organization, published an article today (September 7) titled "How Facebook Undermines Privacy Protections for Its 20 Billion WhatsApp Users" The article details how Facebook uses outsourced contractors to check WhatsApp messages for illegal or potentially abusive content, and how Facebook complies with court orders to submit metadata about specific WhatsApp users The report details the following

However, the article does not state that Facebook can read your WhatsApp messages Rather, according to the Pro Publica article, content "reviewers" are looking at potentially abusive messages reported by WhatsApp users themselves, and the metadata provided to law enforcement to comply with a court order does not include message content that

Here is a key paragraph, one-third of the article: [Because WhatsApp content is encrypted, the artificial intelligence system cannot automatically scan every chat, image, and video like Facebook and Instagram Instead, WhatsApp reviewers can access private content by allowing users to press the app's "report" button

These reviewers look at the content sent before recommending action, such as kicking the user out of WhatsApp This article details the difficulty of understanding the content of reported messages, especially those using lesser-known languages, and how it is not always easy to discern whether images actually depict sexual abuse or violence against children

It also explains how Facebook would cooperate with law enforcement if it received a court order requesting user metadata (ie, recording the user's name, phone number, avatar, device information, and how many messages the user sent, when, and to whom) The report also explains how it will cooperate with law enforcement if it receives a court order requiring it to record when and how many messages are sent to whom Legally, Facebook must turn over what it has and allow law enforcement to monitor the suspect's activity on the device

Such WhatsApp metadata was apparently instrumental in the conviction of Natalie Edwards, a former US Treasury Department employee who pleaded guilty to leaking information to Buzzfeed News

The FBI was able to see a number of messages sent between Edwards and a Buzzfeed reporter (identified elsewhere as Jason Leopold) the day after the Buzzfeed article was published in 2018, establishing that Edwards and Leopold were in constant contact Edwards and Leopold were in constant contact

WhatsApp can only collect less metadata For example, it can capture only the user's phone number and omit name and device information However, at least in the short term, WhatsApp would need to see which other numbers the WhatsApp account is messaging with

Still, neither the FBI nor Facebook could see exactly what Edwards and Leopold were messaging each other; end-to-end encryption using WhatsApp's Signal protocol allows Facebook and WhatsApp not be able to see the contents of the messages being sent

Messages are only decrypted on the sender's and recipient's devices Any content reported to WhatsApp by users that appears to be abusive or illegal will be decrypted on the reporter's device

According to the Pro Publica article, such content is sent to reviewers in "unscrambled form," but it is unclear whether the content is sent unencrypted or only "unscrambled" when the reviewer reviews it

The reviewer's content may be sent unencrypted

With regard to the metadata, it is not stated whether the FBI was able to examine Edwards' or Leopold's devices for unencrypted messages

After all, Facebook cannot read your WhatsApp messages For now, you don't need to worry

Facebook collects a lot of metadata about WhatsApp users If you don't like that - and I don't myself - I suggest you use Signal, Threema, or some other encrypted messaging app