Slashdot Mirror

← Back to Stories (view on slashdot.org)

WhatsApp Public Groups Can Leave User Data Vulnerable To Scraping (venturebeat.com)

Posted by msmash on from the privacy-woes dept.

An anonymous reader writes: WhatsApp differentiates itself from parent company Facebook by touting its end-to-end encryption. "Some of your most personal moments are shared with WhatsApp," the company writes on its website, so "your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands." But WhatsApp members may not be aware that when using the app's Group Chat feature, their data can be harvested by anyone in the group. What is worse, their mobile numbers can be used to identify and target them.

WhatsApp groups are designed to enable groups of up to 256 people to join a shared chat without having to go through a central administrator. Group originators can add contacts from their phones or create links enabling anyone to opt-in. These groups, which can be found through web searches, discuss topics as diverse as agriculture, politics, pornography, sports, and technology. Not all groups have links, but in those that do, anyone who finds the link can join the group. While all new joining members are announced to the group, they are not required to provide a name or otherwise identify themselves. This design could leave inattentive members open to targeting, as a new report from European researchers shows. WhatsApp is used by more than 1.2 billion users worldwide.

18 comments

  1. I call bs by Anonymous Coward · · Score: 0

    You're telling me 1 in 7 people use WhatsApp?
    BULLSHIT!
    More like 99 in 100 are bots.

    1. Re:I call bs by Zaelath · · Score: 1

      That's what you get when valuations are based on user growth...

      The android reviews are hilarious, there's about 2% that look genuine in the 5 star reviews, then stuff like:

      Nithin Samuel
      February 3, 2018
      Worst update.
      (That's what gets 5 stars from me, bad updates!)

      Or these:

      Lanchan gowda
      March 19, 2018
      Best apps for connecting with people

      furkan sheikh
      March 7, 2018
      Connect with all dear one good app...

      Prabhakaran p
      February 11, 2018
      Use full to connecting people

      G Anu
      March 18, 2018
      Connecting people
      (I guess this one didn't read the astro-turfing sheet right)

      And looking at the reviews, perhaps WhatsApp is connecting 800 million Indians.

    2. Re:I call bs by Anonymous Coward · · Score: 0

      The Indian folks at work tell me it's pretty popular in their circles... After I installed it I asked around because just about the only contacts I was seeing from my address book were Indian.

    3. Re:I call bs by hjf · · Score: 1

      You have no idea how big WhatsApp is in Latin America and Europe

    4. Re:I call bs by hjf · · Score: 1

      People don't ask for your phone number here. They ask for your WhatsApp.
      And all telcos have "unlimited Whatsapp"

  2. Wazzzzzup?? by Anonymous Coward · · Score: 0

    Hey Dukey, pick up the phone!

  3. What? by Obfuscant · · Score: 3
    "But WhatsApp members may not be aware that when using the app's Group Chat feature, their data can be harvested by anyone in the group."

    So, if you share your data with a group, anyone in the group can access your data. D'oh. What am I missing here?

    "What is worse, their mobile numbers can be used to identify and target them."

    So, if someone has your mobile number, they can use it to identify you and target you. D'oh again. Is this really surprising?

    1. Re:What? by rioki · · Score: 1

      Exactly my thoughts...

      Like the people that share stuff publicity online are amazed that people unknown to them can access it...

    2. Re:What? by Anonymous Coward · · Score: 0

      Yes, it is. This is what happens when companies try to hide critical components of technology. Doesn't have to though, OTR (Off the Record), went through some fairly detailed user studies to find what analogies worked to describe encryption for example.

      The problem with group chats in particular is few people understand the way they are implemented typically is with one shared key (assuming they know what a key even is). There is no software I'm aware of publicly that even allows rekeying. Closest you can do is destroy and recreate the group. This is absolutely not a trivial design oversight. It's a lazy one.

      The ramifications however are severe since people tend to have group chats around for weeks if not _years_. Think Police carrying phones for example, they'll exchange information within the group without having a fucking clue where the data is going or being stored.

    3. Re:What? by hjf · · Score: 1

      Users in WhatsApp are identified by their phone number. If you join a public group (either because someone added you, or you clicked a link), the members that don't have you as a contact see your phone number.

      You can't opt out of being added to a group. If someone adds you, that's it. You can remove yourself from the group, but there is no confirmation to add you.

    4. Re:What? by hankwang · · Score: 1

      Whatsapp will by default display your full name and phone number to group members that you don't know, in a group that you didn't necessarily ask to join. You can replace your full name by a nickname, but you have to be aware of the need. When you install Whatsapp, "this name will be visible to your Whatsapp contacts" does not make it obvious that "Whatsapp contacts" include those group members.

      --
      Avantslash: low-bandwidth mobile slashdot.
    5. Re:What? by xvan · · Score: 1

      You can't opt out of somebody else sharing your number. This is a no argument.

    6. Re:What? by xvan · · Score: 1

      The real issue, not explained here. Is that whatsapp chats are encrypted end to end. If we are to believe Facebook, they can't read you conversations (unless their explicitly target them).
      On Chat groups the conversations are logged on Whatsapp servers.

    7. Re:What? by hjf · · Score: 1

      Are you dumb?

  4. Telling someone won't help by Anonymous Coward · · Score: 0

    If you're too dumb to know that anything you post in a group can be viewed by anyone in that group, then how will telling a person that help? They won't comprehend that either.

  5. That's insane!!! by Anonymous Coward · · Score: 0

    I can't believe this. People are scraping information that they have access to? WTF.

    Even worse, if somebody has my phone number they can use it to identify me and contact me? You just CROSSED A LINE if you do that.

    All of this from that bastion of privacy, Facebook. What's this world coming to?

  6. Numbers by Anonymous Coward · · Score: 0

    That's why I am avoiding group chats in Whatsapp. Telegram doesn't show telephone numbers if you provide nick name.

  7. Woke yet? by ElitistWhiner · · Score: 1

    Any questions why?

    Facebook owned?