Private conversations on WhatsApp may not really be… Several media outlets in recent days have exposed a huge scandal linked to the privacy of hundreds of thousands of email users belonging to Facebook. Search engines, including Google or Bing, would reference the information of certain conversations exchanged on encrypted messaging.
To share access to a Whatsapp newsgroup, users can generate a link to send to people they want to join this group. And it is this famous link that would end up indexed on search engines without users being aware, details the American site Vice.
JUST IN: Google appears to have removed indexing of WhatsApp links.
Other major search engines appear to still be indexing chat links. pic.twitter.com/D07MQBQsEY
Thousands of accessible phone numbers
A simple search on the address "chat.whatsapp.com" provides information on a particular discussion. This single site returns to nearly half a million results, or as many private conversations indexed by Google, notes the site Vice. Hundreds of thousands of conversations, and thousands of telephone numbers, including those of public figures, are thus accessible in a few clicks on the Web.
By adding certain keywords, the Numerama site was able to join a private conversation concerning the Europe Ecology-The Greens party in Île-de-France and thus access the telephone numbers of several political figures.
When you create a group conversation on WhatsApp and generate a link, it is accessible to all who click on it. But few people know that these links are also indexed by search engines. pic.twitter.com/Y7DcKnjYQy
- Marie Turcan (@TurcanMarie) February 21, 2020Whose fault is it ?
It is not the search engines that are responsible for this error, but WhatsApp. The messaging service should have told the search engines not to index certain URLs. “Search engines like Google list web pages. This is what happens in the case mentioned. These pages are treated like any site with a public URL, "explained on Twitter Danny Sullivan, in charge of communications for Google, adding that the platform" offered tools to sites wishing to block the referencing of their content " .
470,000 private conversation invitation links were still available on Google on Friday. But it would seem that the platform has since deindexed a certain number of links. This is not the case with other search engines: Bing still listed 697,000 results on Saturday afternoon, the same for Yahoo.
Search engines like Google & others list pages from the open web. That's what's happening here. It's no different than any case where a site allows URLs to be publicly listed. We do offer tools allowing sites to block content being listed in our results: https://t.co/D1YIt228E3
- Danny Sullivan (@dannysullivan) February 21, 2020"Not really a flaw"
Asked about this bug by an Indian cybersecurity researcher in November 2019, Facebook replied that it was not really a "flaw". "The fact that the links are accessible to all is an intentional decision" of the group. "Unfortunately, we cannot control everything that search engines, like Google and others, choose to index. "
I reported to facebook security in early November 2019 but they said intended behavior .... pic.twitter.com/V7HzjZZzCI
- HackrzVijay 💻 (@hackrzvijay) February 21, 2020Solicited by Vice, WhatsApp again warned Internet users. "Links that users want to share privately with people they know and trust should not be posted on a publicly accessible website. "
High-Tech
WhatsApp: Hackers could have exploited a major security flaw
High-Tech
WhatsApp: A security hole discovered by researchers in group discussions
- cybersecurity
- bug
- Phone
- Privacy
- By the Web
- Social media
- Personal data
- messaging