"Bigger businesses, like an airline or retailer, might hear from thousands of customers at a time - asking for information on a flight, or trying to track their order. To make sure they can respond quickly, these businesses may use Facebook as a technology provider to manage some of the responses on their behalf. We will clearly label chats to make you aware when that happens."

Sounds like if the businesses use Facebook tooling to manage their chats, then the Facebook servers operating the tooling will see the contents of the chat.

Obligatory disclaimer: I work at Facebook but not in WhatsApp and don't have any extra knowledge beyond what is on the linked page.

And that's probably also why they say that the change is to make it clear that they do get the data.

Of course, if you talk with someone, even if it's a person, you have no control over that other person. If you say something inappropriate in a group then everyone from that group can see it and share it. In the case of business they (probably) share all the chat data with their provider, which in most cases is Facebook (hence my analogy with the 3-persons group chat).

What the change seems to imply is that, even if the business doesn't use Facebook tooling, Facebook will always have access to that business chat. I may be wrong though.

> Facebook will always have access to that business chat.

yes, this is similar to any other business chat system. This would then allow Facebook to provide chat logs to businesses, something that would otherwise require a third party addon (and consequently a large eula before the chat starts)

As with any other chat system, it requires users to trust the people hosting it.

Personally I think its safer to talk about account details in whatsapp compared to the dodgy popups that are hacked into people's websites....

> yes, this is similar to any other business chat system. This would then allow Facebook to provide chat logs to businesses, something that would otherwise require a third party addon (and consequently a large eula before the chat starts)

Why would a third party addon be required? In an E2EE setting, the business would just have to maintain logs on their end.

I think the "may" in "may use Facebook as a technology provider to manage some of the responses on their behalf" suggests that it will only happen if they use Facebook tooling. But likewise I may be wrong.

I think many businesses will be happy with this change. Currently you have to run an instance of WhatsApp in a container that connects to the WA servers and provides the API that you then use. But Facebook doesn't let random businesses run them directly, so instead you have to use accredited third-party providers who manages the container and gives you their own API to work with. So ultimately you still have this third-party who has access to the message flow.

This sounds like it offers the possibility of cutting out that middle-man and will potentially provide an easier API and onboarding process.

Repeat the exercise by replacing "chat" with "email" and "Facebook" with "Gmail". There's been over a decade of reliance on Gmail among the businesses to routinely use it ferry very sensitive personal data around... and yet nobody cares. You point it out and they cringe at what a sorry-ass alarmist you are.

That's the state of affairs.

No fucks given.