Skip to content
Naked Security Naked Security

WhatsApp cofounder: “I sold my users’ privacy”

Regretful WhatsApp cofounder Brian Acton has joined the ranks of the Silicon Valley mea-culpa-rati.

WhatsApp cofounder Brian Acton has revealed that he left the Facebook-acquired company 10 months ago because Facebook wanted to do things that made him squirm. He told Forbes:

It was like, okay, well, you want to do these things I don’t want to do. It’s better if I get out of your way. And I did.

Yes, he did. He got way out of the way, leaving $850 million on the table because he left Facebook a year before his stock grants vested. He’s still worth $3.6 billion though.
The Forbes interview is the first time Acton has talked about his reasons publicly.
He did, though, wave this terse farewell to Facebook back when the Cambridge Analytica scandal hit:

That was his last Tweet.
So, what was it that made Acton join the rapidly inflating ranks of the Silicon Valley mea-culpa-rati? A group that now includes an ex-Reddit mogul who’s apologised for making the world “a worse place”, and the former Facebook president wringing his hands over the company’s exploitation of “a vulnerability in human psychology”.
Users’ privacy, Acton said: a commodity he sold to the rather astonishing tune of $19 billion (what would eventually reach $22 billion) to Facebook …the company that eats users’ personal data and then burps utterances like “no, sorry, we can’t tell you all the data we have on you: that’s hard.

At the end of the day, I sold my company. I sold my users’ privacy to a larger benefit. I made a choice and a compromise. And I live with that every day.

Essentially, the straw that broke the camel’s back was a disagreement over how to monetize WhatsApp: an app whose cofounders were known for despising ads.
As Forbes reports, Acton’s motto at the end-to-end encrypted messaging app maker was “No ads, no games, no gimmicks”. Not exactly the kind of company you’d think would sell itself to Facebook, which gets 98% of its revenue from advertising. Forbes stated:

Another motto had been “Take the time to get it right,” a stark contrast to “Move fast and break things.”

“Take the time to get it right” might have been its motto, but it hasn’t always a good description of its actions. It didn’t wait until Facebook bought it to break things: it was doing just fine breaking things before the 2014 mega-sale.
Such as the joint Canadian-Dutch privacy probe in 2013. We gave WhatsApp credit at the time: it made mistakes, but it worked with authorities to fix them. But then it got into hot water ten months later when it screwed up encryption again.
Little more than a year passed when WhatsApp CEO Jan Koum publicly asserted that “Respect for your privacy is coded into our DNA.”
But when WhatsApp’s code was put to the test again in April 2014, it turned out that it still didn’t care all that much about privacy. Researchers discovered that attackers who could sniff network traffic between a WhatsApp user’s phone and Google’s servers could pinpoint a user as soon as they shared their location with other WhatsApp users.
Once again, WhatsApp took the researchers’ findings to heart and promised to fix its blunder in the next release.
Hey, mistakes happen. WhatsApp’s early (pre-acquisition) history was that it at least tried to do the right thing. Except, well, sell itself to Facebook and somehow imagine that user privacy and data wouldn’t be digested in the process.

Facebook made Acton and WhatsApp Cofounder Jan Koum a deal they couldn’t refuse. Founder Mark Zuckerberg also promised the pair that there would be “zero pressure” to monetize for the next five years.
Well, that didn’t work out. From Forbes:

Within 18 months, a new WhatsApp terms of service linked the accounts and made Acton look like a liar. ‘I think everyone was gambling because they thought that the EU might have forgotten because enough time had passed.’

Europe didn’t forget. Europe instead fined Facebook $122 million for giving “incorrect or misleading information” to the EU about the acquisition. No matter: it was just a bump in the road, and the deal went through.
What does all this add up to? What does Acton’s remorse mean, in practical terms?
Not much. He missed out on a mega-payday but he’s still mega-rich, and WhatsApp users were still sold to Facebook under Acton’s leadership.
He’s suggested that Facebook used him to help get the WhatsApp acquisition past EU regulators who had been concerned it might be able to link accounts… which it subsequently did.
In August, Facebook said get ready – ads are coming to WhatsApp starting next year, along with new tools that will allow businesses to offer customer support via WhatsApp chat.


Just another company owner that sold his soul and ours for a dollar. He knew what the sale would mean and did it anyway so him saying he is sorry for doing it is like an arsonist saying he is sorry for burning down an orphanage full of kids it means nothing.


Is concerning how these tech companies are continuing to put the public at risk by sharing data like this. I only hope these practices are regulated and looked at in the future.


To Mr. Acton:
I applaud your public regret (although how you didn’t see Zuckerberg’s/Facebook’s greedy and slimy actions coming from a mile away is baffling). In any case, thank you. NOW, go and create a new encrypted messaging app for the world, one that will not be sold out to entities whose sole motivation is to exploit our data and privacy for billions and billions of dollars. Make it widely available and easy to acquire. Charge for it if you have to. Or at the very least, convince your colleagues at Signal to de-couple their Android app from GOOGLE, so privacy-conscious people can use it.


Last time WhatsApp went and created a new messaging app for the world – actually, it was very recently in any reasonable sense of the word – it wasn’t exactly very secure or privacy conscious…
…indeed, there were those who speculated that app’s ability to deliver on both security and privacy would improve after the acquisition.


Paul, if anybody speculated that privacy could ever be improved after acquisition by Facebook, then I have to seriously question their sanity.


Good point Paul, though what I would read into the suggestion is that Mr Acton has the wherewithal to do it properly and (probably) a healthy enough experience of the consequences of getting it wrong to hire the best in the industry to get it right.


most of the time when you leave a company like that you have to sign a non-compete and non-disparage agreement. So I’m a little surprised he apologized. But maybe that’s splitting hairs, since it is stating the obvious.


I guess the share options/offer/whateveritwas that hadn’t vested was his non-compete clause. In other words, it’s sort of like buying yourself out of a mobile phone contract so you can go somewhere else, but with lots and lots of extra zeros on the end. For all we know he wanted to leave anyway to pursue other business opportunities…


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!