WhatsApp messages are end to end encrypted (E2EE). Messages are encrypted in the app itself before being sent to recipients and WhatsApp themselves point out that they have “no ability to see the content of messages or listen to calls that are end-to-end encrypted.” (1) This is indeed how we understand E2EE.
Ok, all well and good. Except for an event that occurred today. I had sent a message to a WhatsApp group mentioning a particular make and model of car, among a whole stream of general messages. Nothing outstanding there. Imagine my surprise when a bit later on I went into Facebook and was presented with an advert, seemingly at random, for that very make and model of car! I hardly ever see car adverts in Facebook, so this one stands out somewhat.
I have checked the group properties and the app does indeed say that all messages to it are E2EE. I had not activated any other apps in between the WhatsApp message and me going into Facebook.
As far as I can see there are three possibilities here:
- This was truly a coincidence. That doesn’t feel right…
- WhatsApp somehow grabbed the ‘car make + model’ string from my message. But it’s E2EE, so no way, right?
- There is some other channel by where the WhatsApp app stored the ‘car make + model’ string or even the whole chat locally in a way that the Facebook app could access. Now, there’s a though…!