24 Jul 2018 19:45 IST

WhatsApp’s architecture is creating headaches for Facebook

Facebook must be regretting investing billions in WhatsApp; all for no revenue and no goodwill

From a ground-up computer architecture perspective, WhatsApp and Facebook share nothing in common. The differences are as stark as between the economy of the old American West, where people mattered more than rules (WhatsApp), and that of a completely regulated economy like the European Union, where every move is carefully choreographed (Facebook).

In today’s internet culture, where data security and privacy are paramount, Facebook’s giant, $19-billion purchase of WhatsApp is looking increasingly like a big corporate error, especially because it doesn’t bring any revenue to Facebook and all its earlier attempts to monetise WhatsApp have not worked.

Treating the symptom

Now under fire for helping spread fake news through forwarded messages on the app — forwards which recently resulted in the public lynching of a woman in South India — WhatsApp is struggling to come up with a technical solution to the massive problem. There are over 200 million WhatsApp users in India alone and the app’s latest answer is to simply limit the number of people to whom a message can be forwarded to five.

This is a clumsy solution because it treats every message the same. Users may want to forward legitimate public welfare, health and safety messages to more than five friends but will not be allowed to do so by the app. Last September, when hurricane Harvey hit Houston, safety messages that spread via WhatsAppa helped save lives and rescue families . People did not have electric power in their homes to watch TV to keep abreast of updates and dying phones, supported by spare batteries, served as a vital communications network, even as people sought drier and higher ground. To be sure, it is not yet known if the five-message limit is just for India or for all countries.

WhatsApp’s limit won’t contain future harm because determined bad actors can still spread messages through collaboration. When a message is going viral, one node is all it takes to continue to propel a chain reaction. Five is still too many.

No trust, no verification

When WhatsApp was built, its founders wanted to exert no control over its users at all. Part of the reasoning for this decentralised approach was that WhatsApp did not want to be held legally liable for the actions of its users; although, the Digital Millennium Act of 1998 passed by the US Congress explicitly grants a “safe harbour” provision for platforms. If you were to send a pirated music clip to a friend on WhatsApp, the owner of the music clip cannot file a damage claim on WhatsApp because all it did was to aid in the transportation of a message from one user to another.

WhatsApp went to extreme lengths to be able to accurately claim, in the event of a lawsuit, that it doesn’t know anything about its users, not even the name, gender, age, country of origin or email address. The app is simply linked to a person’s mobile number, that’s all. If a person has multiple mobile numbers, the person can have multiple WhatsApp accounts.

Account set-up is not verified, other than to verify if the number can receive a text message during the initial set-up. WhatsApp does not even require a user name or password to use its app.

Afterwards, WhatsApp doesn’t care about or even ascertain the number’s validity. If the number is retired forever by the mobile phone company for some reason, the user can still continue to use WhatsApp (using WiFi, for example). A user can move to a different country and use WhatsApp with the original account credentials without the app ever knowing about it. In fact, WhatsApp doesn’t even have to run on a mobile phone. It can run just as well on a tablet or a PC long after the user no longer has access to the original mobile phone number. In summary, WhatsApp is an absolute nightmare for Defence and homeland security officials.

Data and security

Worse, WhatsApp knows nothing about the thousands of GBs of data sent digitally through its servers at warp speed every day. The company doesn’t operate a cloud service to store the billions of messages which are pushed through its platform. Messages and associated media reside on users’ phones — and if users so desire, they can choose to back up their content to an external cloud service not operated by WhatsApp, such as on Google Drive or iCloud. Because WhatsApp doesn’t have access to these accounts, it has no idea what is contained in those huge databases over time.

This degree of disengagement with a user base is unheard of among modern internet applications. It is all the more odd that such a loosely designed architecture even found favour with Facebook when it bought WhatsApp. Because Facebook is everything that WhatsApp is not.

Facebook is built on a single philosophy: it controls everything.

Because Facebook connects people, it takes the question of this level of control seriously. It places enormous emphasis on granting only one Facebook account to each person. A person is required to enter their name, email or mobile phone number, password, date of birth and gender when they first set up an account. The email or phone number is then verified to make sure that the user has access to it. Facebook also requires them to submit some form of government ID — such as a drivers license or passport, although you could block out the drivers license number or passport number when you submit the proof. Facebook simply wants to ascertain that your ID is legitimate.

Despite all of these efforts, people and companies have continued to trick Facebook into creating fake accounts. Not having duplicate accounts is so important to Facebook that it even reports this statistic in its annual reports. Estimates are that with all of the money it spends, it is still trying to retire about 60 million fake accounts, 2-3 per cent, of its over 2 billion accounts. If someone ever tried to fake your photo and “clone” your Facebook page, you can report it to Facebook and have the clone removed.

All in one place

Also, with Facebook, everything is in its massive cloud. All details of every photo, video, message, ad, event, fundraiser or group activity that ever went up on Facebook, involving any account holder, any time since Facebook was first founded, is still safe in Facebook’s massive data infrastructure. There are reports that Facebook has over 250 billion photos going back in time. Nearly 350 million photos are uploaded each day to Facebook. And these are just photos alone.

In this sense, Facebook is no different from Google (YouTube) or Apple, in the sense that these giant behemoths hold massive amounts of user data in their respective data centres. Such massive hoards have led to accusations that the big companies own too much user data, infuriating privacy advocates. This is a serious problem at the other end of the spectrum and has resulted in Europe’s massive new sanctions against big tech.

But when it comes to fake news, including the forward which resulted in that unfortunate death in South India, Facebook is able to better control this through algorithms and human checkers who can quickly bring the post down, trace the origin of the message, and inform law enforcement. All the social media platforms — including Instagram and Twitter — have the ability to kill the spread of wrong messages when life and limb are involved.

This is something that WhatsApp simply cannot do because of the way it is built.

Misusing the service

In India, activists are already plotting how best to use WhatsApp for the upcoming general election to benefit their cause. Even if just 1 per cent of the WhatsApp India user base is active, we are talking about 2 million message originators who will always be one step ahead of the game. WhatsApp will likely not have the resources needed to counter the oncoming onslaught — a dreadful possibility for Facebook, which is already reeling under heightened scrutiny because of its privacy practices.

Viewed through this lens, Facebook must be sorely regretting its purchase of WhatsApp in 2014: billions of dollars down the drain for no revenue, too many headaches, and not enough goodwill.