|
WhatsApp is a closed system, only uses telephone numbers for registration and is based in the United States of America (USA).
Advantages/disadvantages in brief:
Although WhatsApp is very popular in the private sphere, it is still rightly controversial because it falls short on issues such as privacy, data protection, freedom and independence:
Decision of the Hersfeld District Court from 15.05.2017:
“Anyone who uses the messenger service “WhatsApp” continuously transmits data in clear data form from all contact persons entered in their own smartphone address book to the company behind the service in accordance with the technical specifications of the service.
Anyone who allows this continuous transfer of data through their use of WhatsApp without first obtaining permission from their contacts in their own phone address book is committing a criminal offense against these people and runs the risk of being warned by the people concerned for a fee.”
Translated from source: https://www.lareda.hessenrecht.hessen.de/bshe/document/LARE190000030 (external)
In a letter from the Federal Data Protection Commissioner Dr. Kelber dated 29.10.2019, he makes a clear recommendation:
“… I regularly advise authorities and companies under my supervision not to use WhatsApp for internal communication. In my view, the federal authorities should develop their own data protection-friendly messenger **or participate in the further development of a free messenger, which could then gradually be opened up for communication with citizens. Of course, development on an open source basis is particularly suitable for this…”
The use of WhatsApp in schools is clearly regulated: WhatsApp is prohibited.
For good reason, there are therefore corresponding guidelines and instructions from the state school authorities responsible for education, such as
However, the state data protection officers also have a clear position on this:
https://www.datenschutzbeauftragter-info.de/whatsapp-gehoert-nicht-an-schulen (external)
State Data Protection Commissioner for Data Protection in Lower Saxony: “Information sheet for the use of WhatsApp in schools” (external)
As a rule, its use is also officially prohibited here. In many areas, however, it is used intensively and without permission due to the lack of known alternatives. In some cases, this is even tolerated by superiors, which is a clear lack of leadership. This problem must therefore be addressed openly and, if necessary, escalated via the data protection officer.
The Federal Minister of Justice is right to call for the opening of WhatsApp (German).
Brian Acton (WhatsApp co-founder), who left the Facebook group (now “Meta”), is calling for delete WhatsApp.
But: Data collection continues even without an account:
“To gain access to your data, WhatsApp does not need hidden backdoors, but simply accesses the digital phone books of your contacts. For example, if your best friend has saved your birthday, your place of residence, your email address, your phone number(s), the names and details of your family, your website, your Twitter name and various other data under your name and Whatsapp grants access to the phone book, the messenger will also read all this data.
So if you really want to make sure that Whatsapp and Facebook know as little as possible about you, you need to tell all your contacts to delete your data that goes beyond the bare minimum from their phones.”_
Translated from source: (businessinsider](https://www.businessinsider.de/tech/whatsapp-sammelt-eure-daten-selbst-wenn-ihr-den-messenger-nicht-benutzt) (external)
The question “Can and may WhatsApp be used for surveillance purposes?” is an exciting one.
Answers can be found >> here <<.
In some cases, it may be necessary to block the app’s access to the internet. There are several very interesting sources on this:
To register, it is not necessary to enter the mobile number you actually use. You can use an extra SIM card with a different mobile number - or an unused landline number (also works with the telephone number of a public telephone box!). In this case, you will receive the confirmation text message with the verification code over the phone.
Sources:
The WhatsDeleted app can be used to save messages before the sender deletes them. The messages and media are copied to a local backup so that they can still be accessed even if the sender has deleted the original message.
Project page: https://f-droid.org/packages/com.gmail.anubhavdas54.whatsdeleted (external)
The private key for the WhatsApp (and also Signal) db is stored in plain text on the device (/data/data/com.whatsapp/files/key), can be read out via ADB and the data can then be decrypted with TriCrypt/OmniCrypt. Everything you need is available as an app at XDA or online at whatcrypt.com (external)
Project page: https://github.com/EliteAndroidApps/WhatsApp-Key-DB-Extractor (external)
If you select “never” when asked about the backups to be created, you are bothered every few weeks with a pop-up asking when the backup should be made (including to the cloud). This cannot be switched off and comes up again and again - until you accidentally or annoyedly click on “daily”, “weekly” or “monthly” … very annoying, so be careful!
WhatsApp, what’s inside?
WhatsApp uses a modified version of the XMPP protocol as the message format. All messages are compressed by replacing frequently used words with 1- or 2-byte tokens (e.g. a byte 0x5f is written instead of “message”), resulting in the so-called “Functional XMPP” / FunXMPP (official name: chatd). You can get a very interesting and in-depth look at the internals at umumble.com (external; English).
Here is another nice (shorter) piece of information: https://git.triangulation.nl/koenk/whatspoke/blob/master/doc/funxmpp.md (external)
Network settings such as protocols, ports, IP addresses, host names: https://developers.facebook.com/docs/whatsapp/guides/network-requirements (external)
Which ports does WhatsApp use? (external)
WhatsApp currently uses various ports. These include not only port TCP 443 (HTTPS) and TCP 80 (HTTP) but also port numbers 4244, 5222, 5223, 5228 and 5242 (all TCP). The latter ports are mostly used when using voice or video calls from the instant messenger on Android or iOS (iPhone). For the most part, however, WhatsApp usually uses ports 443, 80 and 5222 for normal use.
Information on Wikipedia: https://de.wikipedia.org/wiki/WhatsApp#Protokollkanäle (external)
Useless knowledge
The legacy can still be found in WhatsApp today - the term “jid” has been retained in msgstore.db as “jid_row_id” and the Jabber identification number (JID) of a WhatsApp group is “[phone-number]-[creation-timestamp]@g.us”
Answer to the question whether WhatsApp also stores the contact names locally: Yes - in the wa.db, wa_contacts table, field display_name and given_name
Not everyone can/wants to delete WhatsApp (or another stand-alone solution) - and sometimes has a question about this. That’s why there’s even a public chat room for this:
„WhatsApp & other proprietary messengers“ The main topics in this public chat room (=group/conference) are proprietary messengers (isolated solutions). In particular WhatsApp, but also Signal, Threema, Telegram, … Address: xmpp:whatsapp@conference.trashserver.net Why use provider-independent chat? Because it simply works with free messengers ;-) |
If you love WhatsApp, you’d better not read the following blog article - or perhaps precisely for that reason, because as we all know, love is often blind …
https://blog.pohlers-web.de/wie-du-bist-nicht-bei-whatsapp/ (external)