What Happened when your group links are visible in the search engine, worry?
Indian security researcher Raj Shekhar unveiled that WhatsApp chat group publicly accessible through Google Search Dorks.
Raj Shekhar Told to HackersOnlineClub,
“Adding the ‘noindex’ tag is not a proper solution as links surface again on search results in a a few months. Big tech companies like WhatsApp should look for a proper solution if they really care users’ privacy.
As the same issue happen 2nd time. Whatsapp also allows users to generate rich preview links of group chat invites that eventually may allow search engine crawlers to identify the links and then index them for future searches.”
Now, a WhatsApp has fixed the issue and said that Google should not index such group chats link in its search engine. And giving advised to users not to share a group chat links website publicly.
“Since March 2020, WhatsApp has included the “noindex” tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time,” a WhatsApp spokesperson told Mashable India. “Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.”
Your @WhatsApp groups may not be as secure as you think they are. WhatsApp Group Chat Invite Links, User Profiles Made Public Again on @Google Again.
Story – https://t.co/GK2KrCtm8J#Infosec #Privacy #Whatsapp #infosecurity #CyberSecurity #GDPR #DataSecurity #dataprotection pic.twitter.com/7PvLYuM9xD
— Rajshekhar Rajaharia (@rajaharia) January 10, 2021
Similarly, in Feb 2020, Jane Manchon found this misconfiguration, which enabled more than 470,000 groups to invite links indexed by search engines like Google and Yandex.
A misconfiguration by WhatsApp enabled ~470k Group Invite links to be indexed by search engines
It should’ve been `Disallow`ed with robots.txt or with the `noindex` meta tag
— Jane Manchun Wong (@wongmjane) February 21, 2020
The key updates in the new Terms of Services include how businesses can use Facebook hosted services to store and manage their WhatsApp chats; and how it partners with Facebook to offer integrations across Facebook’s products.
After the announcement, the user talks backlash to WhatsApp and looking at other instant messaging apps like Telegram and Signal.
Elon Musk tweeted, “Use Signal”. After that Signal’s server on-load, and the user getting a delayed problem in its app.
Signal tweeted and justified,
“Verification codes are currently delayed across several providers because so many new people are trying to join Signal right now (we can barely register our excitement). We are working with carriers to resolve this as quickly as possible. Hang in there,” tweeted Signal.
WhatsApp Clarifies its Terms
Now the messaging app officially clarifies the update as follows.
WhatsApp said, “This update includes changes related to messaging a business on WhatsApp, which is optional, and provides further transparency about how we collect and use data,”.
We want to address some rumors and be 100% clear we continue to protect your private messages with end-to-end encryption. pic.twitter.com/6qDnzQ98MP
— WhatsApp (@WhatsApp) January 12, 2021