Ask HN: Ads triggered by WhatsApp “end to end encrypted” messages?

398 points by rreyes1979 ↗ HN
Hi all. We've been playing a silly little game with my wife lately: we send each other messages about some topic we never talk about and then wait for ads related to our conversation to start showing up in Instagram. As of the last month, they never fail to show up.

Please keep in mind that this is a conversation between two "personal" accounts, no business accounts involved. More so, we haven't accepted the new terms of use that "allowed" WhatsApp to access messages between personal accounts and business accounts.

Is WhatsApp scanning personal messages to target their ads as we are noticing? Weren't WhatsApp messages end to end encrypted? Is this a violation of their Terms of Use or am I missing something silly?

472 comments

[ 3.1 ms ] story [ 315 ms ] thread
Assuming you're using a phone, is there a "keyboard app" that could be intercepting things before WhatsApp? other endpoint issues with security? Not that I'd be surprised to see a big company flatly lying about their product, but because they're so big I suspect you need to work hard to eliminate other possibilities before taking them to court.
No keyboard app. We use the regular Android Keyboard provided by Google.
But doesn’t Gboard send your typing data to Google?
But this is Instagram and WhatsApp. Are they sharing data about our conversations openly?
Who is they? Google or meta?

Google are definitely collecting data from gboard.

That may not be directly shared with meta but is likely to get indirectly shared through overlapping advertising identifiers. They won't be openly sharing your text, but they will be scanning to and flagging you as having interests in something in your text or something related to what you said, then sharing that with advertisers.

An interesting experiment would be the same thing you are doing but isolated in a note taking app to discard the google keyboard you’re using. Also, it would be interesting if you can use e.g.: proxyman (available directly on iOS), or some proxy on your PC to intercept your network traffic and then try to reproduce while blocking/allowing some domains. Especially, blocking all google domains, then facebook domains, etc. If you have a Pi-hole set-up doing that at dns level may be easier.

I’ve never been able to reproduce these experiments. But keep in mind that I’m european and my WhatsApp app is slightly different - it is a version from WhatsApp Ireland (instead of WhatsApp Inc) which shares less data with third parties, the privacy policy is also slightly different for the european union.

Edit. Another idea: try to reproduce while disabling predictive text on your keyboard.

surely that just completely subverts e2e encryption??
Yes, it does. Also, DNS blocking will not work with many GApps phoning home.

Even Swiftkey keyboard (bought by microsoft) sends back telemetry to MSFT. Try a keyboard from Fdroid, but it may not be as feature rich.

so it's clear, your gboard si harvesting all input you type and then sells these data to highest bidder, nothing to do with whatsapp, just good old Google harvesting everything for ads
Facebook has an extensive history of grabbing people's data, lying about it, being caught and fined, apologising, then doing it again. So it's absolutely in character.
IANAL of course, but you should read the ToS carefully and you will probably find something that allows them to read your messages anyway.

e2e encryption doesn't forbid to read the messages as you type or read them or read a screenshot of the screen or whatever they can do inside an app :P

They were caught activating your camera by "error" a while ago https://www.macrumors.com/2019/11/12/facebook-bug-camera-bac...

As per the experiment you did...

We did the same experiment with a female friend a while ago. We started talking about her pregnancy (a topic we never touched, as she was single and of course not pregnant) in a group chat, specifically targeting her. Sure enough, after a couple of days her fb and instagram were full of strolley ads (but not ours) :)

We are seeing the same thing. More so, my wife sent me a picture of my daughter working on a puzzle. Less than 24 hours later, her Instagram was showing ads for a store that was selling the same type of puzzle as the one my daughter was playing with. So it's not just terms but images too.
putting on my tinfoil hat

yup, do you think all these img recognition stuff is made for fun? companies wants to use them to read our pics on your phones and profile us

Was the picture taken with whatsapp, or with the camera app? Do you have google photos installed? I GP classifies images, maybe also for advertisement?
She used the WhatsApp camera app. We have Google photos too, but we have it configured so that WhatsApp images don't get uploaded.
The more basic explanation is that she has been served ads for puzzles like that for a while, based on previous history and maybe retargeting from the company and you guys only notice the ad because it's more salient after sending a message with the puzzle in it.

There's no reason you'd have noticed an ad about the puzzle in the wash of content and other types of ads.

Are group chats also E2E encrypted?
Could it just be confirmation bias? Or could it be that the correlation is the other way around: You see something online, decide to pick that as your topic with your partner (unconciously) and the ads show up because of the initial location you have seen the topic.
While that's possible, the more plausible explanation is Meta reading your messages imo.
Is it? I feel like this would be easily reproducible and would bite them in the ass big time.
The best way to solve this would be to pick three topics ahead of time. If you're worried about the phone's microphone, do so by pen and paper.

Then randomly select one of those three topics to discuss on WhatsApp.

Finally, keep an objective eye out for ads about all three topics. Ideally, log every single ad you see.

Better to have a computer pick random topics.
Just because that the messages might be sent end-to-end encrypted from Sue to Joe does not mean Meta cannot read them.

Meta has control over the app Sue uses. So they could send them to Meta unencrypted in addition to sending them to Joe in an encrypted fashion.

Or they just extract the relevant terms:

Sue->Joe: "Hello Joe, I'm so excited! We are going to have a baby! Let's call it Dingbert. You're not the father! Jim is. I hope you don't mind too much!".

Sue->Meta: "Sue will have a baby"

Insta->Sue: "Check out these cute baby clothes!"

I think they are extracting terms. Some of the messages generated ads that were related to a term but not really about the conversation.
More so, my wife sent me a picture of my daughter working on a puzzle. Less than 24 hours later, her Instagram was showing ads for a store that was selling the same type of puzzle as the one my daughter was playing with. So it's not just terms but images too.
She probably gave Instagram access to her photo library (not unreasonable for a photo sharing app). That means the Instagram app can scan her latest pictures in the background when it's opened. I think it's more likely that the data was leaked this way.
Glad I deleted my Meta apps and only use online FB when I need to.

The other day I noticed the yahoo mail app on iOS was reading my clipboard for no reason. I’m going to start blocking photos on most of my apps.

In case folks don’t know this: on an iPhone you do not need to give an app access to all your photos in order to use photos in the app.

Under Privacy > Photos, you can set “Selected Photos” instead of “All Photos” on a per-app basis.

Then when you go to add a photo to the app, you first go through an iOS prompt to select the photos the app will have access to. Only then do you go through the app’s photo selection dialogue.

I have all my apps set this way (or “None”).

I just did this and the UI is weird and confusing - it looks like I need to statically pick photos in the settings app, which obviously won’t work for day to day use every time I take a photo and want to publish it to instagram.

Not saying it doesn’t work like you say, just saying it doesn’t look like it does.

At least for Telegram each time you go to pick a photo to share, it offers you the chance to "add more photos visible" or you can click Manage.

I assume Instagram and friends would do the same.

I often just take the photo via Telegram instead, which automatically adds it to your photo roll and gives Telegram access to it. It works relatively well.

You can just hit “done” in the settings app and it will close (with no photos selected).

Then on Instagram (for example) when you go to post, you’ll get a message like “you’ve only let Instagram have partial access to your photos - Manage”. Tapping Manage will let you select photos that Instagram can access.

Is this something that actually happens (= can anyone prove this by disassembling the app or MITMing the network traffic), or is it just unfounded paranoia?
Considering how easy it is to implement these things without anyone noticing since it's closed source, you have to assume it is happening in any scenario where you need any decent opsec. Even in scenarios where you don't, there's been enough cases of similar things happening with well-known apps and services to be wary.
> Considering how easy it is to implement these things without anyone noticing since it's closed source

I see you’ve never heard of Jane Manchun Wong...

It shoukd be easy to test since Ios has a feature called app privacy report that lists networks and permission access and no when you just open the instagram app it does not access photos. Only when you open add to story page or click on the new post icon it does the access.
Thanks for making me aware of this! You're right!
> Considering how easy it is to implement these things without anyone noticing since it's closed source

You can reverse engineer those things and analyze your network traffic. You can’t have a client in a device controlled by the user, in this case an app, send anything to a server without anyone noticing it.

And frankly, they don’t even need it. Just with your contacts they can link you to your friends and common interests without even you having a facebook account, all you need is friends with a fb/ig account who have linked their accounts to their phones and use whatsapp.

The contacts are known to be sent to the server, they are known to be linked to facebook except in the european union where there is a different app from WhatsApp Ireland and a different privacy policy that specifically states (in the version outside of EU) that it shares your contacts with facebook and they are much more valuable and much less risky than reading your messages.

> You can reverse engineer those things and analyze your network traffic.

I frankly don't think people realize how much obfuscation of both app code and network traffic goes on under the hood. "analyzing network traffic" isn't a sustainable option when things are encrypted and behind dozens of layers of protobuf, websockets and other fancy protocols, and get updated and change around all the time. Far from everything is introspectable http, javascript and json these days, and that applies espeically to big apps like these. It's not hard to send privacy-sensitive data along with "legitimate" data like analytics at unexpected times and evade scrutiny.

Yes there's people that dedicate themselves to reverse engineering apps like this, but they're few and far between, and most of them focus on either the easy fish, or security vulns. Considering nobody's building public documentation on the protocols of these apps I'll have to assume it's hard enough and changes often enough to be worth the time of people without special monetary interests.

I agree with the rest of your assessment, there's way less "obviously malicious" ways to exfiltrate data about users than literally uploading users' pictures, since for example whatsapp stored unencrypted backups on google drive until very recently, among other things. I'm just trying to shed a light on the fact that apps like this have a lot of ways to accomplish this without raising too many eyebrows.

I imagine the reputational and potential legal consequences would be fairly severe if this sort of privacy invasion were discovered (either by employee leak or reverse engineering). Seems unlikely Meta would take a risk like this.
Instagram is especially malicious with this - it is the only app that REQUIRES access to my microphone for me to post something. They try to do this by having a camera inside instagram (that you can record with which would obviously require mic access) but even to post stuff I have already taken (even just photos) it wants mic access. I usually temporarily give it what it wants, post, then remove again.
Back when deep learning was first hitting "mainstream" for object recognition in images, I recall reading that Facebook was using it to look for brand logos and other signs of using a particular product, in your uploaded photos.

Turns out they were also building a database of everyone's face so they could build shadow profiles...

> my wife sent me a picture of my daughter working on a puzzle.

> her Instagram was showing ads for a store that was selling the same type of puzzle

How did she take the pic ?

I think that's an important question. Did user take the photo within the app, thereby skipping the camera roll, or did they take the photo, then upload to WhatsApp from camera roll. If the latter than as someone else said, could be that Instagram had access to camera roll and decided to serve ads based upon the puzzle.
Yup, I think it's just some form of analytics that profiles the user.

I've always suspected them of recording conversations, also why I think Android has gradually tightened permissions and visibilty around speech to text/microphone/camera use.

That’s of course because WhatsApp's privacy policy isn’t applicable in the Metaverse.

Looking at this from a reality perspective is not very helpful.

I have a suspicion as well that this is what they're doing: before the message is encrypted and sent, the app (on your phone) does analysis and picks out keywords relevant for advertising. So they can claim and be technically correct that they are not reading your messages. Although if their algorithm is doing it on your phone, is it... reading?

Or they can say, technically it wasn't a message before it was sent. The dictionary definition[1] even mentions "send".

[1] https://www.oxfordlearnersdictionaries.com/definition/englis...

This is definitely the most likely scenario in my opinion
> Just because that the messages might be sent end-to-end encrypted from Sue to Joe does not mean Meta cannot read them.

I think it does actually no one except them can read them. If someone else can, then by definition it's not end-to-end encryption.

From https://www.definitions.net/definition/End-To-End%20Encrypti...

> End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages.

The conversations being e2ee do not affect the app itself from acting on contents. By definition the app needs to know the contents to display it, but it can also update your ad profile. It doesn't even need to send the whole message to meta, just the keywords triggered, or a preprocessed vector defining your interests.

E2ee means only the messages themselves can't be intercepted and read. But if anyone can actually prove fb acting on message contents, I suspect the EU banhammer would be interested.

The application processing the message for the purpose of displaying it is clear.

But if the message is copied, read, analyzed and sent further on behalf of a third party before encryption, then that puts that third party in the middle between the sender and the recipient. A man in the middle directly undermines e2ee: "no one else reads your message".

It doesn't matter if the third party made the messaging app or not. What matters is whether information in your messages is accessible to anyone besides you and the recipient.

E2EE doesn't prevent the app itself from analyzing messages locally, and sending updated interest profiles to meta... which can be a vector of weights or whatever thing they might be using to know what ads to show. If the logic is in the app, the message doesn't leave the app and E2EE is preserved.

This said, analyzing messages for the purpose of ad display is creepy, whatever the way it is done.

E2EE most certainly does exclude analyzing messages anywhere for a third party.

Notice that "ends" in "end-to-end" are users, not applications. When an application forwards things to an entity, then that entity becomes an "end" of the conversation. When it displays a message to the user, the way the user wants, then the user is the end. When it processes the message and delivers results to Facebook, the way Facebook wants it, then the application makes Facebook the "third end".

In such scenario, Facebook had intercepted the message, just chose to forward only some extracted information (which may or may not be enough to reconstruct the original). This does not match the definition of "end-to-end encryption".

> Notice that "ends" in "end-to-end" are users, not applications.

That's not right. First, it's technically an impossible, since users can't do encryption themselves - it's the application that does it. That's where the e2ee boundary is.

Second, we've got e2ee communication between non-user entities as well. There's are servers using for example zerotier which communicate e2ee through other nodes. Third, applications can definitely send the data to other parties automatically. WhatsApp executing backups as configured does not make it not e2ee.

It's not a distinction between softwares, it's a distinction between agents. I.e. who the software works for.
Whatsapp can't read the message on their servers but they can read it at clients, otherwise they cannot display the messages for users. Likewise, Apple/Google can read them too because they have to in order to render the texts.
This is just redefining terms, then.

We know the app decrypts it to display it. But if the app decrypts it to send it to the parent company, then it is by definition not end to end encrypted anymore.

If the app decrypts it, analyzes it and sends information about the message to the parent company, then the same thing is happening. The parent company is reading the message, INSTEAD of E2E encrypting it. It doesn't matter whether that reading happens on device or on the company's servers. E2E means the company is not reading it.

there was a time when “Unlimited” meant without any limits, but US cell carriers have redefined the term to support their business model.

It’s possible that this data harvesting ad company has redefined what E2E means (to them) to advance their business interests.

>then it is by definition not end to end encrypted anymore.

HTTPS is E2E between the client and the server.

My guess is they encrypt the message twice, append it, and split it off at their servers. To anyone observing traffic, it looks like normal encrypted traffic AND they can still, if needed, show that everyone has their own key and can encrypt/decrypt their own messages. I don't think they would be brazen enough to send it to themselves in plain text.
> Just because that the messages might be sent end-to-end encrypted from Sue to Joe does not mean Meta cannot read them.

No, that's precisely what End-to-End encryption means.

Meta own the proprietary code running at either end of the encrypted pipe. Of course they can.
They can decrypt if someone enables backups, so I see no reason they could not read them indeed.

Signal might be the only app unable to read, but even that, I would not trust.

How would you propose Signal -- or any app for that matter that provides end to end encryption -- encrypt the messages in the first place if they don't have access to the plaintext at some point?
So you're nit-picking over the phrasing of the sentence, but should instead focus on the spirit/meaning behind it.

It's illustrated in their example below that they if you say you're having a baby, meta can send some type of distilled ad-keywords to its servers (eg `[mother, baby]` if it knows the user is a woman based on their name/profile, but probably more sophisticated than that). The message you sent is still technically end-to-end encrypted, though,

It means that for strictly one receiver end-to-end encryption. When it's touted as a feature without explicitly stating that "all messages are sent only e2e encrypted and only to your receiver" we can't assume only the receiver is getting the message, it might be E2E encrypted for all traffic, between people using their own keys and nothing stops Meta from sending a different encrypted payload to their own servers with a key they have access to.

Facebook loves to use newspeak, wouldn't surprise me if they applied newspeak to what "end-to-end encryption" means.

So it's end-to-end encrypted, but your data is sent to some "ends" you didn't think it would be sent to? Well, if that's not a good reason to end your usage of WhatsApp, then I don't know what is...
End-to-End means that it can't be read in the middle. It does not not mean it can't be read by proprietary clients on either end.
Oh, come on. It's called "end to end" but it isn't. Meta has to read them to provide the service. This is not a new revelation.
Until there are cybernetic implants, the "ends" are the app running on your phones, which they control.

The quandary of what one allows to run on those implants sounds like a chilling sci-fi novel (chilling not because "but FAANG could read your thoughts!" but because people would absolutely still get them installed).

Google can in theory read what is on your screen (assuming you use Android) regardless what app with what encryption you use.
> Just because that the messages might be sent end-to-end encrypted from Sue to Joe does not mean Meta cannot read them.

so what's the point? just inconvenience. better to use telegram at this point.

…and have no encryption at all? (Unless you manually enable it for a given conversation.)
Telegram has encryption (server-client encryption). Whatsapp may have e2e encryption, but then if it sends conversation or part of them to facebook to serve advertising, that's arguably even worse.
Wait, so Telegram, which is known for being able to read all your texts, is worse than WhatsApp where people are speculating that it might read your texts?

Not that I trust WhatsApp (I use Signal) but that's an odd comparison.

you are also speculating that Telegram read our messages, in transit. For sure, unlike WhatsApp, the Telegram client is FOSS (and you can download it from FDroid).
I'm not speculating at all and I think you're misunderstanding the point I'm trying to make.

First of all, transport security (server-client encryption as you called it) like TLS is irrelevant for this discussion. All major platforms on the internet employ transport security these days, so this is a given.

The point I'm trying to make is that Telegram does not offer E2E encryption by default: (Non-"secret") Messages on Telegram pass through Telegram's servers unencrypted and are also stored there unencrypted, meaning that Telegram has access to all your messages. This is not speculation – Telegram openly admits to this in their FAQ:

https://telegram.org/faq?setln=ru#q-do-i-need-to-trust-teleg...

(See also the link contained therein.)

Meanwhile, the speculations in the present HN discussions aside, WhatsApp does provide E2E encryption, so – from this POV – is orders of magnitude more secure.

In principle yes, in practice no, as this is a statement from the WhatsApp website:

> We limit the information we share with Meta in important ways. For example, we will always protect your personal conversations with end-to-end encryption, so that neither WhatsApp nor Meta can see these private messages.

That statement was worded carefully

They are saying they dont store or forward your message text, not that your phone doesnt send them topics of interest

Exactly. Zuckerburg cannot directly read your convo but the app itself writing down a few key keywords of interest and sending it back to facebook / whatsapp is not out of the question. And that amount of traffic is so tiny and could be so easily mixed in with everything else.....
Do you really trust TOS like that, though?

Assuming they're not blatantly violating the policy (which I think they've done before), it's pretty easy to weasel out of that statement by only sharing keywords from the conversation, or only sharing the info with advertisers (but not WhatsApp and Meta), or redefining what a "personal conversation" is, or carefully redefining what "end-to-end encryption" means, or ...

There's no transparency, a huge power imbalance, and terrific pressure on WhatsApp/Meta to monetize as much as possible.

But the problem arises, I think, is when they say they can't read them: "WhatsApp's end-to-end encryption is used when you chat with another person using WhatsApp Messenger. End-to-end encryption ensures only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp." https://faq.whatsapp.com/general/security-and-privacy/end-to...
Meta->Joe: “Focus on yourself bro”
Most users activate WhatsApp's suggested "backup" feature which uploads all chats and those are most likely not E2E encrypted. And of course Meta could just directly read and upload stuff from the app, they probably buried a vague clause for that somewhere in their agreement.
Those backups are sent to Google and Apple, not to Meta.
They are E2E encrypted now in recent versions.
No, you have the option, disabled by default, to enable backup encryption. And there are two ways to enable it, one with a short password that when used Meta can always unencrypt the backup themselves and another with a 64 digit key, which AFAIK is unaudited.
(comment deleted)
Can someone working on WhatsApp weigh in on this or are there very restrictive NDA's? I would expect it's an interpretation of the TOS, so WhatsApp should be able to communicate if this is a possibility or not.
guess nobody from meta could comment on this without a legal writing the answer for them
Why would they want to even if they could? Nobody would believe their answer.
I work on a competing product (not for any of the named companies in this thread).

I don't think there is any fault with the e2e encryption. Humans are very bad at seeing causality when there is none, or accidentally leaking their thoughts into the search box.

There could also be leaks with the clipboard, photo gallery or keyboard - all things that freemium apps love to scan in the background. The way real-time-bidding ad markets work, anyone that the data leaks to can influence ad ranking - doesn't have to be FB/Meta.

If you did a true blind study, I think you'd find no link.

For example, start with a list of 1000 products images and accompanying text. Select 2 at random each day. Flip a coin to decide which to send (keep the other as control). Cover the screen so the user can't see what they've sent/received. Then, a few days later ask the user to select which product they think they sent.

I'd bet that even after months of doing this, there will be no finding of a leak.

Some options:

1. Nobody is reading your WA messages, the same topics can be learned from your browsing activity or other msgs, eg. by reading your sms texts.

2. Meta is reading your messages directly in-transit, server-side.

3. Meta is not reading your messages server-side, but the Meta apps extract keywords from your conversations and request relevant ads from the ad servers.

4. Another non-Meta app is doing the above.

5...

Another option would be that META created a small model that could be run client-side and picked the right selection of ads to show elsewhere without even exfiltrating keywords.
Well, my wife sent me a picture of my daughter working on a puzzle. Less than 24 hours later, her Instagram was showing ads for a store that was selling the same type of puzzle as the one my daughter was playing with. So it's not just terms but images too.
That doesn’t even make sense. Why go through the trouble of retargeting based on images? If you took a photo of something you likely already own it.
> If you took a photo of something you likely already own it.

Tell that to Amazon who never fail to recommend me things I just bought.

Hey if you really liked the vacuum cleaner you just bought, you definitely want to buy another one.
Yes, for sure. Now I've got a different vacuum cleaner for every room. Never have I felt cleaner before.
Wait until you find out about whole home vacuums! Then you can turn The Whole House into a vacuum!
You have to believe that Amazon's algorithm is working as intended though, right?

The thesis is that recent vacuum cleaner purchasers are many times more likely (than the average person) to be looking to buy a vacuum cleaner.

Apparently about 20% of Amazon purchases are returned. And most returners are looking for a replacement. Some of the replacement product research is done before the return decision is made, so you get ads even if you have not initiated a return.

As much as Amazon doesn't want you to return your purchase, they really don't want you to buy the replacement somewhere else.

It would be interesting to measure how the ad ratio changes over time. Particularly when you exit the return window, but of course Amazon will know the return-likelihood curve with much greater precision.

Looking through my photos, that's not the case. It's either things I don't own but like, places I enjoyed, or photos of things I want to buy / sent to my wife to buy. In my case, the photos would be a prefect targeting opportunity.
Mindlessly retargeting you based on things you own or have already bought is standard practice in the online ad industry.
Assuming Android: your pictures may be "parsed" by Google once they make it into Google Photos. Also, Meta may think that "parsing" the images in your local Whatsapp folder of Google Photos (or all of your local images) is fair game. Note that I have no clue if this happens, I'm speculating.
Where did your daughter get the puzzle and when if she was just working on it :)
Yes, this is a bit similar to my 3. option, but more sophisticated..
If 2 is true, then it is not end-to-end encrypted, and I don't think that WhatsApp is lying. They have ways of doing their things without lying, so I don't expect 2 to be true.

I think that 1 is the most plausible, however the original post is about "topics they never talk about", so assuming that WhatsApp is the only channel and they don't leak data in other ways (and there are many other ways to leak data), then 1 becomes unlikely.

3 is the most compatible. All the targeting can be done locally, so no end-to-end unencrypted message leaves the app. The app then sends your topics of interests to Meta.

4 again assuming WhatsApp is the only channel, then there is probably some malware somewhere, and it is unlikely that Meta accepts illegally collected data (they can do it legally, better, and with less potential trouble). There are however a few legitimate apps that can do the above. I am thinking about things like predictive keyboards, accessibility apps (screen readers, ...), backup apps (end-to-end encryption is about transmission, not storage), and the OS itself. I don't think Meta controls any of these, and I don't think they would buy data from them (Google and Apple are competitors after all).

So I would go for an accidental leak (case 1). For example, for the experiment to be meaningful, you shouldn't tell anyone about the test topic before you receive the ads. Or with the WhatsApp app hinting Meta about your topics of interest.

Another thing that would make 1 happen even if they think they're not leaking information over different channels, is the software keyboard. GBoard is google's, and likely has some data collection in one way or another. Similarly, there's a lot of google-related services running with root privileges on stock android phones that could easily snoop on data from various apps. This effect is worsened by other android OEMs, like xiaomi or maybe even samsung, who ship their own invasive services on top.
Disclaimer: I worked at FB, but not on Whatsapp or ads.

I agree, I'm pretty sure 2. is not the case; I just listed it as a theoretical possibility. Despite all the bad press and problems, FB has very (very) high integrity and standards, at least the parts I saw.

Whatsapp FAQ:

WhatsApp's end-to-end encryption is used when you chat with another person using WhatsApp Messenger. End-to-end encryption ensures only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. All of this happens automatically: no need to turn on any special settings to secure your messages.

https://faq.whatsapp.com/791574747982248

> only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp

I guess the key lies in "what is sent" in the above statement. The casual reader might reasonably interpret as "no-one except the intended recipient can see _what I type_". But it doesn't say that. It only covers what gets _sent_. It doesn't say anything about what happens to the content outside specifically _sending_ it to the other party(ies).

Maybe Meta are not as trustworthy as I imagined.
Stop calling them Meta. It‘s Facebook.
don't die on this hill, it's all arbitrary and won't make a difference
Comcast rebranded as Xfinity because they knew everyone hated Comcast. Now everyone also hates Xfinity. It's fine.
Even if that interpretation was correct in a broader sense, which I don't believe it is, certainly in this context of e2ee it isn't correct.

The more obvious explanation is that before or after the e2ee (i.e within the app itself), an algorithm scans the content, categorizes it and sends this to Meta/Facebook.

In this scenario, *Nobody* has read the content other than the person you're communicating with.

The local app running on your phone might even legally by considered "you" since it is running on your device under your user agent. I realize that is a bit of a nefarious take but I could see that being the case.....
> End-to-end encryption ensures only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp.

This does not exclude an algorithm running running on the sender/recipient's App from scanning the content and sending suggestions to AD servers.

I thought that too, but if that is the case then it should be relatively easy to find this hidden functionality by decompiling the APK and exploring it.
Can I not train a text classifier on encrypted text?

Basically, let the AI figure out what ads get clicked the most for a given string of encrypted 24h window of chat history. Eventually, the AI is going to hit on its “Rosetta Stone”, even without ever formally decrypting the text, much less any human reading it.

With millions of conversations happening on WhatsApp, why shouldn’t that be possible?

And it’s not even a breach, technically, because nothing ever got decrypted, and the similarity vector generated by the AI have, per se, nothing to do with the content of the conversation or the individual that sent them. Run the same training algorithm again and they’d look completely different! Hence they can’t possibly be “personal data” in the sense of the law.

No. Encryption means the data is scrambled. Essentially unrecognizable from noise, save perhaps for some headers.

If you can discern meaning from noise, then your theory would work. But discerning meaning from random noise is obviously impossible (i.e. what if there is no meaning?).

If you leak information than you say, then the encryption is worthless. Harmful, even, because you think you have protection when you do not.

It doesn't matter how many conversations are going. With private key encryption, what a phrase encrypts to for one person would be different than the next. It would have to be trained solely on your conversation. Encryption is also dependent on all the text before it as well as text in the same block, so it would have to be the beginning of the message with no metadata to throw off alignment saying the 16-byte phrase so many times that it could pick up a difference. I'm pretty confident it's impossible to get anything useful out of that.
If any algorithm can get even one bit of data about the plaintext then the encryption is broken by definition.
Call me paranoid, but what about stuff that you just say when around your phone? This has happened to me a few times (ads showing up about relevant obscure topics), so I'm wondering.
Just uninstall the apps.
Uninstall Google too while you're at it. Click.
What was the topic?
WhatsApp Privacy Policy:

How We Work With Other Meta Companies

As part of the Meta Companies, WhatsApp receives information from, and shares information (see here) with, the other Meta Companies. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings, including the Meta Company Products. This includes:

...

- improving their services and your experiences using them, such as making suggestions for you (for example, of friends or group connections, or of interesting content), personalizing features and content, helping you complete purchases and transactions, and showing relevant offers and ads across the Meta Company Products; and

So most likely WhatsApp on your phone includes an engine that reads all your incoming messages and tells Meta that you are interested in some topic X based on your recent messaging history. Meta is not per se breaking the E2E encryption, but their app contains a backdoor that reports some topic-level information back to Meta that could be used to deduce what you are talking about without totally breaking the confidentiality of your correspondence.

(All this is just a guess based on OP's report and the above quote.)

The old joke is that if you want to increase the quality of the ads you see, google rolex and Rolls-Royce for a week
IMO keyboard apps, ISP, clipboard fiends are to be blamed for the most part
If it is all encrypted how comes the police always have access to whatsapp conversations?
By accessing the device. It is not only E2E encrypted, WhatsApp servers are only a middleman, as soon as they arrive (double-check) they will be deleted from the server. Undelivered messages are retained up to 30 days, according to their privacy policy:

<<Your Messages.

We do not retain your messages in the ordinary course of providing our Services to you. Instead, your messages are stored on your device and not typically stored on our servers. Once your messages are delivered, they are deleted from our servers. The following scenarios describe circumstances where we may store your messages in the course of delivering them:

Undelivered Messages. If a message cannot be delivered immediately (for example, if the recipient is offline), we keep it in encrypted form on our servers for up to 30 days as we try to deliver it. If a message is still undelivered after 30 days, we delete it.

Media Forwarding. When a user forwards media within a message, we store that media temporarily in encrypted form on our servers to aid in more efficient delivery of additional forwards.

We offer end-to-end encryption for our Services. End-to-end encryption means that your messages are encrypted to protect against us and third parties from reading them. Learn more about end-to-end encryption and how businesses communicate with you on WhatsApp.>>

https://www.whatsapp.com/legal/privacy-policy/?lang=en

Assuming they are compliant with their privacy policy, they don’t even have the messages.

> End-to-end encryption means that your messages are encrypted to protect against us

So, they say the protection is there once the encryption has been applied. They say nothing about what happens to the content before or after that on the end user's devices. That handling is however covered by other legitimate use clauses in the privacy statement. This covers keyword scanning for targetted ads (so a defence lawyer will say at some point.)

Yeah, that could be tested by reversing engineering and analyzing your network traffic to see if there are requests leaking keywords
It's hard to encrypt "all". "End to end" encrypted would mean that a message is encrypted while in transit. "At rest" encryption would mean that the plain text message is not saved on storage, just the cypher. Software however can behave in a way that all of these are true, yet, the plain text is readable by a third party. For example, the app can send the plain text after you decrypted it. Or the encryption could have multiple keys that can decrypt; you can have a private key for yourself, and the authorities could have a master private key that decrypts all. Your phone could have a middleman between the touchscreen and the application, and so, your "keystrokes" can be stored and sent somewhere, for example, by your keyboard application.
(comment deleted)
I can attest I've seen this behaviour and played this game with a friend. We concocted obscure conversation points e.g "Flamingo statues" and not long after would get ads in the right ballpark of relevance on Instagram. Hard to know if it's nefarious as it could be mere coincidence or confirmation bias.

Tangental aside; it still confounds me where the business opportunity of WhatsApp resides for Meta if they "can't" get access to the data.

What types of phones are and your wife using? My personal theory is that a lot of these situations are actually the phone itself (or a third party keyboard app, apps copying clipboard content, etc) doing the “spying” and not WhatsApp somehow bypassing the E2E encryption.
The message might be indeed end-to-end encrypted but the local WhatsApp installation could extract keywords as you type from the message and send them to Meta.
Are you sending each other links or just mentioning the ads in text?

If this is just in text—and I'm definitely not defending Meta here—could it also be that the ads you see have got us so figured out already? The topic you choose to talk about may be influenced or seeded by your environment (online/offline), and one thing leads to the other almost deterministically.

Here's an experiment: try rolling a die a few times or using a random number generator to pick one word or more from a list like the EFF wordlists [0], and then talk about that exclusively.

[0]: https://www.eff.org/deeplinks/2016/07/new-wordlists-random-p...

Please note that it could also be the keyboard app sharing stuff.
WhatsApp make no specific claims about who this encryption is keeping you safe from. And they also require you to agree that they can use your information and interactions for their legitimate business needs. I mean, WhatsApp is standing right there when you stuff the message into the box regardless of how safe the package is in transit once it's left your phone. And consider basically every 'enchancement' to security or privacy around Facebook was done under duress for years. Pre-acquisition WhatsApp is a different story, but that story is ancient history.

I didn't agree to the recent WhatApp nor Facebook's TOS so no longer have their product on my devices. I suggest you do the same, or just sit back and enjoy the specialised, relevant, targeted ads, but think twice before each send.

I always wondered how is the business decision between charging a dollar per year for no information sharing vs some information sharing but free made. Does anyone know of a messaging app that uses such a model?
Which keyboard are you using?
they are using gboard, so it's pretty clear nothing to do with whatsapp but google doing google things