Ask HN: Have you accepted the TOS that give FB access to your WhatsApp data?

141 points by timdaub ↗ HN
I noticed that I'm still clicking away the once proposed dialogue of Whatsapp to give all my data away to Facebook.

I have not accepted it and I keep clicking away. And you?

198 comments

[ 1.8 ms ] story [ 251 ms ] thread
Nope. I refuse. It has stopped asking me as of late, though.
Same, I wonder why they stopped.
Implicit opt-in by continuation of use of the services.

You didn't even bother to read it did you?

No, why would I? I don't read whatever dreck Facebook wants to waste my time with, do you?
You are using their service. And you know they like it shady, if they can get away with it.

And they say, thay update their contract. Sounds like a reason for me, to read what it is about, or stop using it.

Which I did.
Wise choice. I still have family and some friends there, but at some point ..
I moved everyone to Signal, I just keep WhatsApp to inform the lone straggler that will contact me of the move.
At least in EU, implicit opt-in by use is not recognized and therefore such practice would be illegal.

So perhaps they only continue to nag the users they arbitrarily detect as in jurisdictions where it’s legal to hoist new terms like that?

And what. They get a fine. Pay it. And continue to do shady things.
Oh man, I wish they would stop showing the popup every time I exit a chat. When did it stop?
Still refusing. Can't drop it because my old relatives still use it
They should really have a "don't ask again" button. Is it really opt-in if they ask the user every time they open the app? It feels like it's opt-in by attrition.
It's not opt-in and they never claimed such a thing, it is a mandatory update to their terms of service for all users.
Mandatory? If it was mandatory and it was not accepted, then the app should close when the option is declined. Otherwise, cynical me thinks they are doing what they want even without your acceptance. Just because you haven't notified them that you've read the change doesn't mean the change hasn't been implemented.
I suppose they figured it would cause a lot of upset if they didn't provide a grace period to accept the new terms (and clearly that would have been the case, based on the reaction so far). Consider that people rely on WhatsApp for essential communication with family and colleagues and so on, and they may not have time to properly review the new terms if they were rolled out with no grace period.
It's crazy to me that it seems like it's basically a legitimate tactic to hope that users accidentally agree to your TOS.
I actually find some joy out of repeatedly seeing and rejecting the dialogue.
No, I uninstalled WhatsApp. I did not have FB installed, ever, so the problem is fully solved.
Never accepted, but they stopped asking lately...
I actually just tapped that little X before switching to this tab. At this point it just feels like a Placebo.
Nope, I still click the "X" in the top corner every time I open it.

However, I use WhatsApp sparingly - my mum and one friend, that's it.

At some point I'll remove it completely.

Migrated completely from WhatsApp to Signal and Telegram.

I still run WhatsApp for the people I absolutely have to.

For that, I am using an old, and almost bust phone I have from 5 years ago.

No spyware on my primary phone.

Same, I cant say ive moved completely bc i still have a bunch of people only reachable on whatsapp, but i have a dedicated phone for it
> No spyware on my primary phone.

May I ask how you achieved this? I would be interested in that setup, maybe I could then get over the hump and start using signal (though I don't like centralized communication platforms, nor do I like phone numbers as identifiers). Last time I checked, signal required android or ios, so only usable with built-in spyware.

> Last time I checked, signal required android or ios, so only usable with built-in spyware.

You might be interested in https://grapheneos.org/ . I run it on my primary phone and it works great.

If your phone contains a baseband for RF communication, isn't that spyware as well?
Yes, I had to swap to an alternative phone while my phone was been repaired - it seems that it becomes mandatory when moving phone
I haven't. I also moved WhatsApp into isolated user profile using Island to restrict the access to my data.

On top of that changed permissions: no microphone, no file system, no camera access.

No, it’s what pushed me to delete WhatsApp
I rejected them for months, but eventually I had to accept them because they wouldn't allow me to keep using the app until I did.
If you close and re-open the app, eventually the ToS popup doesn't show up and you can keep using the app.
Yes, accidentally. I thought it would stop working if I disagree.
No, I uninstalled it when Facebook acquired WhatsApp.

I switched to Telegram, Wire and Threema.

When Matrix became viable in 2020, I switched to it.

Though, I still have a few contacts remaining at Telegram.

(comment deleted)
I have accepted, but I have locked down all the other permissions in-app such as Contacts, Camera Roll, Location etc. Whilst this certainly won't stop them, I hope it makes some of my data less useful.
Same, I click it away every time I open the app, maybe once per month.
I didn’t all this while, but just yesterday when my toddler was playing with my phone, the pop up opened and it got clicked as my toddler was repeatedly beating on the screen.

I guess this was their intention all along by showing repeated pop up windows.

I wonder if you could contact support and explain the situation. They can't ignore the fact that the agreement isn't valid if you weren't the one who clicked the button... right?
No contract is formed in this case, but FB can just stop serving such a person if they don't agree to it, if it's easier for them to do so.
I wonder if the prompt even does anything. I am sure whatsapp servers and facebook servers are like 10 feet from each other .
Ditched Whatsapp the moment it was bought by Facebook.
Yeah, burned it in lieu of Signal immediately. Was shocked how many bright well-read people I know didn't care enough to switch after I presented them with the news.
Most people don't care. In all fairness my beef with Facebook is their inability to manage user data in addition to their empire of community driven misinformation empire. With some slightly above average googling skills you can find a ton of my personal data. It's more of a principle thing here. But I agree, signal ftw.
> community driven misinformation empire.

What do you mean by this?

It's a bottomless pit of misinformation, fake news and conspiracy theories.
Signal did not exist when Facebook acquired WhatsApp though, did it?
TextSecure (text) and Redphone (voice) were the precursors to Signal in 2011 through to 2014. The Whatsapp purchase by facebook happened in 2014.

But the first official release of Signal was June 2014 (which was just the merger of Redphone and textsecure)

*All from Wikipedia correlations and faulty memory :D

I had meant I switched when the news of the new access to data request started last year.
Can someone give me a simple non-cynical explanation on what the update in terms is about? From my understanding, it only pertains to communications with businesses and give them some Facbeook tools to manage their communications with customers.
Not sure outside Europe, but here last time I checked it basically said that whenever you talk with a business account you are basically talking with Facebook, otherwise nothing else changes.

Still will be nice to have another opinion.

So it's like saying "Everything that you say to XYZ business we can listen in on"? Would we accept that from our phone companies?

Does the term "business" include governments as well?

Yes we would. Since regular phone calls aren't encrypted, not to speak of E2EE, phone companies can listen on all calls.

Of course I suspect Meta actually will listen on business calls while traditional phone companies will most likely only do so after a court order, but we put the bar much higher with digital services compared to regular phone calls.

That's because there's no monetary reason for the phone company to listen in but Facebook is all about listening and recording.
I don't mean "can" as in "technically possible, even if they have no reason to". I mean "can" as in "explicitly invited, with the intention to use the data gathered to try to influence my opinion or viewpoints [1] in the future".

[1] Advertising, and maybe political messages

If you buy something from a shop, everything related to that transaction is known to the shop partners. If you talk to an automated machine over phone, everything you say will be recorded. This seems similar, all you say to the business will be logged by Facebook. But not because you use WhatsApp, but because the business choosed Facebook to "help" with all its transactions. If you talk to a business via telegram/Twitter/matrix/etc, and the business uses a Facebook backend, all you say can be recorded and used by Facebook.

By business I'm referring to WhatsApp business accounts.

As I understand it merely allows businesses to use tools hosted by Facebook if they want.
I had the impression it means all WhatsApp business accounts, no matter if they use the Facebook backend or not (because for a WhatsApp business account you need to use the WhatsApp business app, which is the one providing the service and possibly the Facebook backend itself).

But I couldn't find any confirmation. There is a WhatsApp business API that is from Facebook, but apparently you don't necessarily need to use it.

The WhatsApp business app uses E2E encryption just like the consumer app, so I don't see how that could be the case.
A possibility that I can see is simply that they want to add a bot API which is just a simple rest API and not E2E encrypted. And if they remove the E2EE that means FB will be able to read all messages for businesses using their bot API.

Correct me if I am wrong but my understanding is that to run a WhatsApp bot you currently basically need to run a version of the whole app.

No idea if my theory is correct but if it is I wonder why they won't just provide a good library which implrments their protocol, E2E encryption and everything.

This was pretty explicitly explained by their representatives when this was all blowing up... and they actually DO provide the "library" version, it is just enough of an operations challenge for most businesses that they clearly got a lot of demand for a hosted solution tied to pages.

https://news.ycombinator.com/item?id=25875802

https://news.ycombinator.com/item?id=26218230

https://news.ycombinator.com/item?id=26801760

How is using a library an operations challenge? Especially in the era of package managers like npm and maven. This seems to me like FB is incompetent and cannot write a good library for bot use.
It’s not a library. It’s a distributed multi-node WhatsApp client that handles the proprietary parts and interacts with your chatbot application using webhooks/REST APIs.

Not trivial to setup and operate, as it was designed for high-throughput scenarios. It’s very understandable that smaller customers wouldn’t want to handle that little monster.

That is exactly what I thought which is why I suggested that FB should replace their ugly hack with a normal library. But the person who I replied claimed they have a library which sounded weird to me because then there would be no ops problem.

I feel FB is solving a technical problem by alienating a bunch of their users with a terms change. Why not instead just build the right technical solution?

By "library" I assumed you were just concerned with "local". I put it in quotes as it isn't a literal library that you would embed in your build system and link into your program. I honestly don't see how it being a literal library would make it easier... that frankly sounds more complex to integrate and maintain and ensure correct operation of than a separate daemon that you interact with over HTTP instead of some presumably-C-compatible ABI.
My understanding is the same. Facebook are providing hosting services to businesses so they can centralise their business WhatsApp messaging in one place.

This means that when a message is decrypted by a recipient, that decryption is taking place within a Facebook service, rather than on an end user device.

Unfortunately, as you say, cynicism is a problem with anything linked to a company like Facebook/Meta that has earned a certain amount of distrust.

I didn’t for a couple of months and then I changed my phone. When I opened the app for the first time, I could no longer find the option to not accept the terms.
You have accepted.
Yes. In case it wasn't clear: after not being able to find the option to not accept the terms (no "X", "skip", "later", or similar), I consciously clicked to accept the terms.
Still haven’t accepted. Waiting to see how long this lasts, and what will Facebook do about it eventually.
No, but <~1m ago it stopped popping up... I really hope they didn’t incorrectly register my consent or anything
You have accepted.
Nope.
Unfortunately, verytrivial is almost certainly right. They deliberately designed it in a way that one will eventually consent by accidentally pressing the button.
I did not see any option to cancel it and want to undo my agreement but unsure how. If anyone could tell me, I'd be very thankful.