User Data is the gold of the digital world. So many big names are consuming users’ data for a very long time, and Facebook and Google top on the list. These companies are trying to build user-oriented products. To do that, they are collecting every single bit of user data. But anything done within a limit is good. There should be a line where these companies should stop collecting our data. The line we are talking about is getting blurry every day.
The Old Times:
From the day of its origin, Whatsapp was so committed to protect and to secure the data of its users. With end-to-end encryption and other technology, WhatsApp was used to assure us how our data is safe with them. But this single announcement has turned the table upside down.
“Respect for your privacy is coded into our DNA. Since we started WhatsApp, we’ve aspired to build our Services with a set of strong privacy principles in mind.”
WhatsApp is a necessity of our daily life. Due to which some people might accept the new policy without even reading or understanding it. Then some are planning to migrate from WhatsApp.
Let’s go back a year. In February 2020, many people posted about seeing their group chat and information on Google search results. With a simple search on Google, anyone was able to access group content, members’ information, and contacts. This breach of data and private content was tipped to Vice by Jordan Wildon (Twitter: @jordonwildon).
And Facebook already knew about it for months.
For information, every WhatsApp group has an invite code (a URL) that is created by its admin. Turn out that Google was indexing those URLs (some). This way, anyone was able to access these links from Google search results.
Embed Code of Tweet:
<blockquote class="twitter-tweet"><p lang="en" dir="ltr">A misconfiguration by WhatsApp enabled ~470k Group Invite links to be indexed by search engines<br><br>It should’ve been `Disallow`ed with robots.txt or with the `noindex` meta tag<br><br>thanks <a href="https://twitter.com/JordanWildon?ref_src=twsrc%5Etfw">@JordanWildon</a> for the tip <a href="https://t.co/CJxjJ5qyfh">https://t.co/CJxjJ5qyfh</a> <a href="https://t.co/FrW1I9Y8vs">pic.twitter.com/FrW1I9Y8vs</a></p>— Jane Manchun Wong (@wongmjane) <a href="https://twitter.com/wongmjane/status/1230831634494083072?ref_src=twsrc%5Etfw">February 21, 2020</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
It Happened Again:
After reporting the problem, the issue was resolved in a few days. But in 2021, these groups started to pop again in the search result. This time the profile picture and phone number were also showing.
According to an article from Hindustan Times, a total of 1500 invite links were indexed on the Google search result. Rajshekhar Rajaharia, a cybersecurity researcher, stated that WhatsApp was not using the robots.txt file for its subdomain chat.whatsapp.com.
Robots.txt stops a search engine crawler from indexing particular links. After notifying such things, WhatsApp has added the NoIndex tag to their subdomains.
All these were happening when WhatsApp was not collecting our data, yet we were vulnerable.
So What Data is WhatsApp Accessing?
Almost Everything. Leaving your payment data, everything is going to be shared with Facebook. Details like your IP address, OS, Phone details, operating system, operator details, chat messages, and whatever you can name. Those days are not far when you might get ads related to your chat messages.
CAIT Want Govt. to Ban WhatsApp:
“Though of course, it remains up to the user whether or not they want to message with a business on WhatsApp.” WhatsApp spokesperson added.
As we were already discussing, there should be a limit on how much these big brands can access. If they can not draw the line, I think, we should. We can not wait for the government to come up with some strict privacy laws or something. Being self-aware, we can save our data from getting into some wrong hands.