Physically AND metaphorically…
WhatsApp promises end-to-end encryption. Signal promises it. iMessage promises it. And you know what?
They’re telling the truth.
What you say is private. The actual content of your messages – scrambled into mathematical gibberish that only you and your recipient can decode. Military-grade encryption. Unbreakable. No one can read your words. Not Meta. Not Signal. Not Apple. Not the government. Not hackers. The technology works exactly as advertised.
Except.
There’s this thing attached to every message. It’s called “metadata”.
It’s who you messaged. When you messaged them. How often. How long the conversation lasted. Your location when you sent it. Their location when they received it. The device you used. Your IP address. Which WiFi network you were on. What groups you belong to. Who else is in those groups. The patterns of your communications – do you message more in the morning or evening? Do you talk to this person daily or weekly? Did your messaging pattern change recently?
Metadata doesn’t particularly care what you have said. Instead, it maps who you are, who you know, where you go, what you do, when you do it.
Your words are encrypted.
Your life is an open book.
All that metadata gets transmitted to the company. Meta gets every WhatsApp breadcrumb. Apple gets iMessage trails. Google gets everything that touches Gmail or Android. They store it. They analyze it. And of course, they monetize it.
Sometimes they share it with governments. Sometimes they sell it to data brokers. Sometimes it gets subpoenaed. And sometimes it just leaks.
→ And sometimes it gets you killed.
Israel developed an AI system called Lavender. It processed 2.3 million Palestinians in Gaza, assigning each one a score based on their likelihood of being affiliated with Hamas or Islamic Jihad. One of the key inputs feeding this targeting algorithm? WhatsApp metadata.
More specifically, which WhatsApp groups you’re in.
If you’re in a group with someone that Israel considers a militant, Lavender flags you. That’s it. That’s the algorithm. You didn’t plan anything. You didn’t say anything incriminating. You’re just in a group chat – maybe with neighbors coordinating aid during a war, maybe with extended family, maybe with people you barely know who added you months ago.
Doesn’t matter. The metadata says you’re connected. The AI says you’re a target.
According to +972 Magazine, over 37,000 Palestinians were marked this way. Israeli military operators spent roughly 20 seconds reviewing each target before approving strikes. On residential homes. With families inside. The system was built to find people in their houses, sources admitted, because “it’s much easier to bomb a family’s home”.
Ten percent error rate was considered acceptable.
Meta’s internal engineers warned that governments could monitor group memberships and locations without ever decrypting a single message. But WhatsApp kept advertising itself as a private messaging app with end-to-end encryption. Which is technically true.
Now imagine if someone in one of the groups you’re in gets flagged by an algorithm. Your neighbourhood watch, your school parenting group, book club, …
Suddenly you’re a datapoint in a targeting system. Not because of anything you did or said. Because of metadata.
Your encrypted words stayed private. But your connections got you bombed.
Of course the governments across the Western world are looking at this. And their first line of thinking is: “we need more of that”.
The UK tried to force Apple to backdoor iCloud encryption for world wide users. Apple disabled Advanced Data Protection for British users instead, rather than fight it. The EU is drafting a “Technology Roadmap on Encryption” to break into messages by 2026. They’re setting up a research campus to work out how to do it “lawfully”. The US keeps buying spyware from Israeli companies that already know how to do it.
And they’re all pretending this is about “catching criminals”.
Spoiler alert: it’s not. It’s about turning everyone into datapoints.
Last week, an Israeli spyware company called Paragon Solutions accidentally exposed its Graphite control panel on LinkedIn. Some lawyer posted a selfie showing active surveillance of a Czech phone number. Apps being monitored. Interception logs dated February 10th. Zero-click exploits that compromise devices without any action from the target.
The US government bought Graphite for ICE operations. Canada, Australia, Denmark, Singapore – all customers. These are “vetted governments” using commercial spyware to surveil their own populations and others.
