WhatsApp communication are end-to-end encrypted, right?
>Well, yes, but it still leaks confidential information. Here's an interesting story that happened to me this morning...
>This morning, I was chatting with my friend @morrisonbrett on WhatsApp about laptops. He was telling me how he was excited about the new Dell he bought, and I told him how much I liked the one I got recently.
>Anyway, just some random chatting as friends do, not anyone else's business, especially advertisers, which is why that conversation was had on WhatsApp, given that it's encrypted. Right? Right?
>Well, think again. Almost immediately after that, I started getting exclusively Dell XPS ads on YouTube. WTAFF? How is that possible? Also, why would the Facebook-owned, fully encrypted app give confidential information to the competition?
>Here's how... My friend had included a YouTube search link for reviews of the model he had ordered. Note that I did not even click on the link. All I "did" was receive it. And just like that, my friend had successfully, albeit involuntarily hacked my YouTube account.
>More specifically, what happened is that WhatsApp rendered a rich preview of the link in my chat feed. That required that a request went out to YouTube with enough information for them to know it was me, and to proceed to use that leaked data to serve "relevant ads" to me.
>Conclusion: WhatsApp, despite being end-to-end encrypted, still leaks private information by making non-sandboxed queries to external web sites. It should not do that.
>Any external queries from the WhatsApp client needs to be strictly sandboxed and anonymized. Otherwise, its privacy claims are a joke.