Send email Copy Email Address
Tobias Ebelshäuser

CISPA Faculty Dr. Katharina Krombholz on WhatsApp Debate

Advantages and disadvantages of different messengers

The data privacy protection of the messenger WhatsApp is set to change in the near future. In the last few weeks, more and more users have been receiving notifications regarding the changes, sparking controversy across various media outlets. CISPA-Faculty Dr. Katharina Krombholz has talked about the use of different messengers with Unser Ding, the youth radio of Saarländischer Rundfunk. 

"I really don't think you should be that outraged about the upcoming innovations on Whatsapp. The things that have already happened in the past are much more serious. But basically, there will be some changes in the background, because Whatsapp will become increasingly tied to Facebook," she says. 

Back in 2014, Facebook bought the messenger WhatsApp and promised the EU that no data tie-in was technically possible. "That was already complete nonsense from the technical perspective at the time. And over the years, Whatsapp was then technically incorporated ever further. And now, the new data protection directive will allow even more access to user's data," says the CISPA scientist. 

What changes are actually in store for users remains to be seen. There is still a lot of uncertainty, even among data protection lawyers in Europe. " It is a fact that they clearly want to have a better data connection and thus collect much more information about the users of WhatsApp, which can then of course also be used accordingly, for example with personalized advertising and who knows what else will be technically possible in the future."

WhatsApp is end-to-end encrypted. This in theory means that the content of messages can't be accessed by either Whatsapp or Facebook. "But what they definitely can see is the metadata. They know who is communicating, when and with whom. This metadata is visible to the social networks, and you can do quite a lot of shenanigans with this metadata," Krombholz explains, pointing out a major problem: "Whatsapp can only be used if I give this company access to my address book. That means that all the data I have stored about my friends, such as their birthdays or pictures, will then be sent to Whatsapp. And probably also Facebook in the future. If that's not already the case anyway."

It cannot be ruled out that Facebook, as the parent company of both Whatsapp and Instagram, will be able to tell who is in a certain relationship with whom, Krombholz said. "Based on the metadata, you can draw an incredible number of conclusions about the social lives of all of us. Even about people who aren't connected to any of Facebook's social networks. So-called shadow profiles are created, which means that even people who haven't actively registered with Facebook or Whatsapp are also registered with Whatsapp and Facebook like that because all of us upload our address books there."

Therefore, the CISPA scientist raises the question of alternative social networks and messengers. Do people really want to give all their data and the data of their friends to large corporations? Is this what our Internet of the future should look like? "I think most of us might not want that to happen," says CISPA faculty Krombholz, which is why she recommends giving other messengers a try. 

"There are some alternatives out there that are worth looking at. In good conscience, I can recommend Signal and Threema," Krombholz says. Signal encrypts end-to-end. The source code is freely accessible and no data is stored on the servers, which are largely located in the USA. 

Threema from Switzerland is also an alternative, according to the senior CISPA scientist. However, this app is not available for free. "Threema is very privacy-conscious. They go to quite a lot of trouble to preserve the privacy of each and every one of us. And what's perhaps important for some of us is that there are, of course, features such as stickers, gifs and group chats," says the scientist. 

She positions herself quite clearly against the services Telegram and Kik, adding, "Ultimately, each of us has to consider: What do I want? But I don't think we all have to be so strict with each other and uninstall WhatsApp overnight. I think it's also perfectly fine to install Signal or Threema and try them out for a while. And to communicate with selected people there. It's also perfectly fine to use several messengers at the beginning." 


Katharina Krombholz is currently Faculty at CISPA and head of the Usable Security group in the research area of empirical and behavioral security.

Previously, she was a senior research scientist at SBA Research. She completed her doctoral dissertation with honors in November 2016. She also earned a master's degree in media informatics from TU Wien in 2012.


The text was translated by: Tobias Ebelshäuser