Groups that use links for invitation are making themselves yet again vulnerable to searches on the Web
NEW DELHI — The WhatsApp’s loophole that anyone could join a WhatsApp group just via a Google search was fixed in 2019. But recent reports suggest that the issue has surfaced again and this at a time when concern over privacy issues on WhatsApp have mounted following a recent update by the company around privacy, according to Gadget 360, an NDTV venture.
Rajshekhar Rajaharia, an internet security researcher, has said in his latest report that the groups that use links for invitation are making themselves yet again vulnerable to searches on the Web. He said that due to the loophole, the user profile has been made public again.
Your @WhatsApp groups may not be as secure as you think they are. WhatsApp Group Chat Invite Links, User Profiles Made Public Again on @Google Again.
Story – https://t.co/GK2KrCtm8J#Infosec #Privacy #Whatsapp #infosecurity #CyberSecurity #GDPR #DataSecurity #dataprotection pic.twitter.com/7PvLYuM9xD
— Rajshekhar Rajaharia (@rajaharia) January 10, 2021
The indexing of group chats is making private groups available on the Web as search engine crawlers may be able to identify the links and then index them for future searches, Rajaharia said. The searchers can find phone numbers and profile pictures of the users.
In response, WhatsApp issued a statement which read: “Since March 2020, WhatsApp has included the “noindex” tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.”
When the issue surfaced in 2019 it was fixed after uproar in public and media. However, according to Gadgets 360, a new bug has infiltrated this time which means the groups exposed in 2019 are no longer indexable.