WhatsApp chain letter is fake - and yet there is reason for concern

A chain letter is currently circulating in WhatsApp groups, claiming that “from today” an AI can read all chats, read out phone numbers, and view personal data. Only those who activate the “extended data protection” are protected.

The central claim is false: WhatsApp messages in individual and group chats remain end-to-end encrypted by default. Neither Meta nor Meta AI can read these contents. The AI function Meta AI, gradually introduced since 2025, processes, according to WhatsApp privacy notices on Meta AI, exclusively content that users actively send to the AI – for example, via an @-mention, direct questions, or AI functions like summaries. Only then does this data leave the end-to-end encrypted path and is processed in plain text on Meta servers.

The real issue: Metadata and profiling

However, there is a big data protection problem with WhatsApp: WhatsApp collects extensive metadata independently of Meta AI and independently of extended chat data protection: phone number, device information, IP address, timestamps of messages and calls, contact lists, online status, and location data. This metadata is not end-to-end encrypted and can be shared with other Meta services based on the legally controversial concept of “legitimate interest” according to GDPR.