Although that statement may provide comfort to those who have kept their WhatsApp numbers off the Internet, it doesn’t resolve the issue of WhatsApp’s AI helper potentially randomly generating a real person’s private number that may be a few digits off from the business contact information WhatsApp users are seeking.
Expert pushes for chatbot design tweaks
AI companies have recently been grappling with the problem of chatbots being programmed to tell users what they want to hear, instead of providing accurate information. Not only are users sick of “overly flattering” chatbot responses—potentially reinforcing users’ poor decisions—but the chatbots could be inducing users to share more private information than they would otherwise.
The latter could make it easier for AI companies to monetize the interactions, gathering private data to target advertising, which could deter AI companies from solving the sycophantic chatbot problem. Developers for Meta rival OpenAI, The Guardian noted, last month shared examples of “systemic deception behavior masked as helpfulness” and chatbots’ tendency to tell little white lies to mask incompetence.
“When pushed hard—under pressure, deadlines, expectations—it will often say whatever it needs to to appear competent,” developers noted.
Mike Stanhope, the managing director of strategic data consultants Carruthers and Jackson, told The Guardian that Meta should be more transparent about the design of its AI so that users can know if the chatbot is designed to rely on deception to reduce user friction.
“If the engineers at Meta are designing ‘white lie’ tendencies into their AI, the public need to be informed, even if the intention of the feature is to minimize harm,” Stanhope said. “If this behavior is novel, uncommon, or not explicitly designed, this raises even more questions around what safeguards are in place and just how predictable we can force an AI’s behavior to be.”
“Meta is a proud American success story, and we look forward to continuing to innovate and serve the people and businesses who love our services,” Meta’s spokesperson said.
Experts aren’t so sure Meta has clinched it
Boasberg has said that the key question he must answer is whether the FTC’s market definition is too narrow.
Arguing against the market definition, Meta has said that connecting friends and family isn’t even Meta apps’ “core use” anymore, as an evolving competitive social media landscape has forced Meta to turn its newsfeeds into discovery engines to rival TikTok. Justin Teresi, an antitrust analyst, told Bloomberg that because the FTC failed to show that users primarily come to Meta apps to connect with friends and family, it may have strengthened Meta’s case.
Rebecca Allensworth, a Vanderbilt law professor and antitrust expert, told Bloomberg that the “FTC’s narrowly defined market was always the weakest part of its case,” but the government “has done a nice job of minimizing that weakness” by showing that apps that don’t connect friends and family aren’t adequate substitutes for Meta’s apps.
“This was evident when Meta saw spikes in usage on holidays,” Allensworth suggested, which is perhaps “a sign people were turning to its products to connect with loved ones.”
Teresi thinks Meta has a 60 percent shot at winning the trial, although he criticized Meta’s seeming defense that any company competing for online ad dollars competes with Meta. That argument may have broadened the market definition too much, he suggested.
“If you’re saying that the relevant market here is competing for advertising dollars, then you could throw anything in there,” Teresi said. “You could throw TV in there, you could throw print in there if you wanted to, and there’s really no end to that concept.”
Allensworth was less confident in Meta’s chances, telling Bloomberg, “I really actually think this could go either way.”
Further, Meta argued that the FTC did not show evidence that users sharing friends-and-family content were shown more ads. Meta noted that it “does not profit by showing more ads to users who do not click on them,” so it only shows more ads to users who click ads.
Meta also insisted that there’s “nothing but speculation” showing that Instagram or WhatsApp would have been better off or grown into rivals had Meta not acquired them.
The company claimed that without Meta’s resources, Instagram may have died off. Meta noted that Instagram co-founder Kevin Systrom testified that his app was “pretty broken and duct-taped” together, making it “vulnerable to spam” before Meta bought it.
Rather than enshittification, what Meta did to Instagram could be considered “a consumer-welfare bonanza,” Meta argued, while dismissing “smoking gun” emails from Mark Zuckerberg discussing buying Instagram to bury it as “legally irrelevant.”
Dismissing these as “a few dated emails,” Meta argued that “efforts to litigate Mr. Zuckerberg’s state of mind before the acquisition in 2012 are pointless.”
“What matters is what Meta did,” Meta argued, which was pump Instagram with resources that allowed it “to ‘thrive’—adding many new features, attracting hundreds of millions and then billions of users, and monetizing with great success.”
In the case of WhatsApp, Meta argued that nobody thinks WhatsApp had any intention to pivot to social media when the founders testified that their goal was to never add social features, preferring to offer a simple, clean messaging app. And Meta disputed any claim that it feared Google might buy WhatsApp as the basis for creating a Facebook rival, arguing that “the sole Meta witness to (supposedly) learn of Google’s acquisition efforts testified that he did not have that worry.”
The flow of adding new members to a WhatsApp group message is:
A group member sends an unsigned message to the WhatsApp server that designates which users are group members, for instance, Alice, Bob, and Charlie
The server informs all existing group members that Alice, Bob, and Charlie have been added
The existing members have the option of deciding whether to accept messages from Alice, Bob, and Charlie, and whether messages exchanged with them should be encrypted
With no cryptographic signatures verifying an existing member who wants to add a new member, additions can be made by anyone with the ability to control the server or messages that flow into it. Using the common fictional scenario for illustrating end-to-end encryption, this lack of cryptographic assurance leaves open the possibility that Malory can join a group and gain access to the human-readable messages exchanged there.
WhatsApp isn’t the only messenger lacking cryptographic assurances for new group members. In 2022, a team that included some of the same researchers that analyzed WhatsApp found that Matrix—an open source and proprietary platform for chat and collaboration clients and servers—also provided no cryptographic means for ensuring only authorized members join a group. The Telegram messenger, meanwhile, offers no end-to-end encryption for group messages, making the app among the weakest for ensuring the confidentiality of group messages.
By contrast, the open source Signal messenger provides a cryptographic assurance that only an existing group member designated as the group admin can add new members. In an email, researcher Benjamin Dowling, also of King’s College, explained:
Signal implements “cryptographic group management.” Roughly this means that the administrator of a group, a user, signs a message along the lines of “Alice, Bob and Charley are in this group” to everyone else. Then, everybody else in the group makes their decision on who to encrypt to and who to accept messages from based on these cryptographically signed messages, [meaning] who to accept as a group member. The system used by Signal is a bit different [than WhatsApp], since [Signal] makes additional efforts to avoid revealing the group membership to the server, but the core principles remain the same.
On a high-level, in Signal, groups are associated with group membership lists that are stored on the Signal server. An administrator of the group generates a GroupMasterKey that is used to make changes to this group membership list. In particular, the GroupMasterKey is sent to other group members via Signal, and so is unknown to the server. Thus, whenever an administrator wants to make a change to the group (for instance, invite another user), they need to create an updated membership list (authenticated with the GroupMasterKey) telling other users of the group who to add. Existing users are notified of the change and update their group list, and perform the appropriate cryptographic operations with the new member so the existing member can begin sending messages to the new members as part of the group.
Most messaging apps, including Signal, don’t certify the identity of their users. That means there’s no way Signal can verify that the person using an account named Alice does, in fact, belong to Alice. It’s fully possible that Malory could create an account and name it Alice. (As an aside, and in sharp contrast to Signal, the account members that belong to a given WhatsApp group are visible to insiders, hackers, and to anyone with a valid subpoena.)
A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users.
The verdict, reached Tuesday, comes as a major victory not just for Meta-owned WhatsApp but also for privacy- and security-rights advocates who have long criticized the practices of NSO and other exploit sellers. The jury also awarded WhatsApp $444 million in compensatory damages.
Clickless exploit
WhatsApp sued NSO in 2019 for an attack that targeted roughly 1,400 mobile phones belonging to attorneys, journalists, human-rights activists, political dissidents, diplomats, and senior foreign government officials. NSO, which works on behalf of governments and law enforcement authorities in various countries, exploited a critical WhatsApp vulnerability that allowed it to install NSO’s proprietary spyware Pegasus on iOS and Android devices. The clickless exploit worked by placing a call to a target’s app. A target did not have to answer the call to be infected.
“Today’s verdict in WhatsApp’s case is an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone,” WhatsApp said in a statement. “Today, the jury’s decision to force NSO, a notorious foreign spyware merchant, to pay damages is a critical deterrent to this malicious industry against their illegal acts aimed at American companies and the privacy and security of the people we serve.”
NSO created WhatsApp accounts in 2018 and used them a year later to initiate calls that exploited the critical vulnerability on phones, which, among others, included 100 members of “civil society” from 20 countries, according to an investigation research group Citizen Lab performed on behalf of WhatsApp. The calls passed through WhatsApp servers and injected malicious code into the memory of targeted devices. The targeted phones would then use WhatsApp servers to connect to malicious servers maintained by NSO.
On Wednesday, OpenAI launched a 1-800-CHATGPT (1-800-242-8478) telephone number that anyone in the US can call to talk to ChatGPT via voice chat for up to 15 minutes for free. The company also says that people outside the US can send text messages to the same number for free using WhatsApp.
Upon calling, users hear a voice say, “Hello again, it’s ChatGPT, an AI assistant. Our conversation may be reviewed for safety. How can I help you?” Callers can ask ChatGPT anything they would normally ask the AI assistant and have a live, interactive conversation.
During a livestream demo of “Calling with ChatGPT” during Day 10 of “12 Days of OpenAI,” OpenAI employees demonstrated several examples of the telephone-based voice chat in action, asking ChatGPT to identify a distinctive house in California and for help in translating a message into Spanish for a friend. For fun, they showed calls from an iPhone, a flip phone, and a vintage rotary phone.
OpenAI developers demonstrate calling 1-800-CHATGPT during a livestream on December 18, 2024. Credit: OpenAI
OpenAI says the new features came out of an internal OpenAI “hack week” project that a team built just a few weeks ago. The company says its goal is to make ChatGPT more accessible if someone does not have a smartphone or a computer handy.
During the livestream, an OpenAI employee mentioned that 15 minutes of voice chatting are free and that you can download the app and create an account to get more. While the audio chat version seems to be running a full version of GPT-4o on the back end, a developer during the livestream said the free WhatsApp text mode is using GPT-4o mini.
Enlarge/ An Apple Store in Shanghai, China, on April 11, 2024.
CFOTO/Future Publishing via Getty Images
Apple said it complied with orders from the Chinese government to remove the Meta-owned WhatsApp and Threads from its App Store in China. Apple also removed Telegram and Signal from China.
“We are obligated to follow the laws in the countries where we operate, even when we disagree,” Apple said in a statement quoted by several news outlets. “The Cyberspace Administration of China ordered the removal of these apps from the China storefront based on their national security concerns. These apps remain available for download on all other storefronts where they appear.”
The Wall Street Journal paraphrased a person familiar with the matter as saying that the Chinese cyberspace agency “asked Apple to remove WhatsApp and Threads from the App Store because both contain political content that includes problematic mentions of the Chinese president [Xi Jinping].”
The New York Times similarly wrote that “a person briefed on the situation said the Chinese government had found content on WhatsApp and Threads about China’s president, Xi Jinping, that was inflammatory and violated the country’s cybersecurity laws. The specifics of what was in the content was unclear, the person said.”
Meta apps Facebook, Instagram, and Messenger were still available for iOS in China today, according to Reuters. As Reuters noted, the four apps removed from Apple’s China store were not widely used in the country, where WeChat is the dominant service.
“These apps and many foreign apps are normally blocked on Chinese networks by the ‘Great Firewall’—the country’s extensive cybersystem of censorship—and can only be used with a virtual private network or other proxy tools,” Reuters wrote. WhatsApp, Threads, Telegram, and Signal were reportedly still available on Apple devices in Hong Kong and Macau, China’s special administrative regions.
US House moves on forcing TikTok sale or ban
China’s crackdown on foreign messaging apps comes amid US debate over whether to ban or force a sale of the Chinese-owned TikTok. The House Commerce Committee last month voted 50–0 to approve a bill that would force TikTok owner ByteDance to sell the company or lose access to the US market.
US lawmakers argue that TikTok poses national security risks, saying that China can use the app to obtain sensitive personal data and manipulate US public opinion. House leaders are reportedly planning a floor vote on the TikTok bill on Saturday.
US lawmakers raised concerns about Apple’s China ties after the recent cancellation of Apple TV+ show The Problem with Jon Stewart. Stewart reportedly told members of his staff that Apple executives were concerned about potential show topics related to China and artificial intelligence.
Apple pulled The New York Times app from its store in China in December 2016, saying that Apple was informed by China “that the app is in violation of local regulations.” The New York Times news app is still unavailable on Apple’s App Store in China, the Reuters article said.
“For years, Apple has bowed to Beijing’s demands that it block an array of apps, including newspapers, VPNs, and encrypted messaging services,” The New York Times noted yesterday. “It also built a data center in the country to house Chinese citizens’ iCloud information, which includes personal contacts, photos and email.”
WhatsApp will soon be granted access to explore the “full functionality” of the NSO Group’s Pegasus spyware—sophisticated malware the Israeli Ministry of Defense has long guarded as a “highly sought” state secret, The Guardian reported.
Since 2019, WhatsApp has pushed for access to the NSO’s spyware code after alleging that Pegasus was used to spy on 1,400 WhatsApp users over a two-week period, gaining unauthorized access to their sensitive data, including encrypted messages. WhatsApp suing the NSO, Ars noted at the time, was “an unprecedented legal action” that took “aim at the unregulated industry that sells sophisticated malware services to governments around the world.”
Initially, the NSO sought to block all discovery in the lawsuit “due to various US and Israeli restrictions,” but that blanket request was denied. Then, last week, the NSO lost another fight to keep WhatsApp away from its secret code.
As the court considered each side’s motions to compel discovery, a US district judge, Phyllis Hamilton, rejected the NSO’s argument that it should only be required to hand over information about Pegasus’ installation layer.
Hamilton sided with WhatsApp, granting the Meta-owned app’s request for “information concerning the full functionality of the relevant spyware,” writing that “information showing the functionality of only the installation layer of the relevant spyware would not allow plaintiffs to understand how the relevant spyware performs the functions of accessing and extracting data.”
WhatsApp has alleged that Pegasus can “intercept communications sent to and from a device, including communications over iMessage, Skype, Telegram, WeChat, Facebook Messenger, WhatsApp, and others” and that it could also be “customized for different purposes, including to intercept communications, capture screenshots, and exfiltrate browser history.”
To prove this, WhatsApp needs access to “all relevant spyware”—specifically “any NSO spyware targeting or directed at WhatsApp servers, or using WhatsApp in any way to access Target Devices”—for “a period of one year before the alleged attack to one year after the alleged attack,” Hamilton concluded.
The NSO has so far not commented on the order, but WhatsApp was pleased with this outcome.
“The recent court ruling is an important milestone in our long running goal of protecting WhatsApp users against unlawful attacks,” WhatsApp’s spokesperson told The Guardian. “Spyware companies and other malicious actors need to understand they can be caught and will not be able to ignore the law.”
But Hamilton did not grant all of WhatsApp’s requests for discovery, sparing the NSO from sharing specific information regarding its server architecture because WhatsApp “would be able to glean the same information from the full functionality of the alleged spyware.”
Perhaps more significantly, the NSO also won’t be compelled to identify its clients. While the NSO does not publicly name the governments that purchase its spyware, reports indicate that Poland, Saudi Arabia, Rwanda, India, Hungary, and the United Arab Emirates have used it to target dissidents, The Guardian reported. In 2021, the US blacklisted the NSO for allegedly spreading “digital tools used for repression.”
In the same order, Hamilton also denied the NSO’s request to compel WhatsApp to share its post-complaint communications with the Citizen Lab, which served as a third-party witness in the case to support WhatsApp’s argument that “Pegasus is misused by NSO’s customers against ‘civil society.’”
It appeared that the NSO sought WhatsApp’s post-complaint communications with Citizen Lab as a way to potentially pressure WhatsApp into dropping Citizen Lab’s statement from the record. Hamilton quoted a court filing from the NSO that curiously noted: “If plaintiffs would agree to withdraw from their case Citizen Lab’s contention that Pegasus was used against members of ‘civil society’ rather than to investigate terrorism and serious crime, there would be much less need for this discovery.”
Ultimately, Hamilton denied the NSO’s request because “the court fails to see the relevance of the requested discovery.”
As discovery in the case proceeds, the court expects to receive expert disclosures from each side on August 30 before the trial, which is expected to start on March 3, 2025.
