WhatsApp group chats are not as private as some users might think - with groups easily discoverable on Google if an invitation link has been shared online.
WhatsApp user Jordan Wildon found private groups using Google searches, and was able to access all the users in a group, including their phone number.
The problem arises from WhatsApp’s “Invite to Group via Link”, which allows groups to be discovered online.
Using this process, Wildon discovered many groups, including ones devoted to sharing pornography.
In the groups, Wildon was able to see users and their phone numbers.
Your WhatsApp groups may not be as secure as you think they are.
The "Invite to Group via Link" feature allows groups to be indexed by Google and they are generally available across the internet. With some wildcard search terms you can easily find some… interesting… groups. pic.twitter.com/hbDlyN6g3q
— Jordan Wildon (@JordanWildon) February 21, 2020
Wildon said, “The ‘Invite to Group via Link’ feature allows groups to be indexed by Google and they are generally available across the internet. With some wildcard search terms you can easily find some… interesting… groups.”
Facebook spokesperson Alison Bonny said that “links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website:
She explained in an email to The Verge, “like all content that is shared in searchable public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users.”
Yahoo News has reached out to Facebook for comment.
Last week, after years mired in privacy scandals, WhatsApp owner Facebook has suggested that it wants to work with governments on “new rules for the internet”.
Invite links publicly posted on internet ‘can be found by other WhatsApp users’
The social media giant – which has been under fire over ‘fake news’ and hate speech online – published a set of recommendations for online content regulation.
Facebook founder and CEO Mark Zuckerberg called for “good regulation” on social media companies.
The company published recommendations for future regulation, which suggest placing more accountability on companies to do content moderation.
Facebook argues this will be a strong incentive for firms to be more responsible.
Last week, the Government published early proposals for new online harms regulation, including placing broadcasting regulator Ofcom in charge of holding internet companies to account should they fail to uphold a duty of care to users.
Facebook has said it wants to work with governments on "new rules for the internet".
Sharing the company's guidelines on Twitter, Facebook's head of global affairs and communications Sir Nick Clegg said: "Facebook wants to work with policymakers to create new rules for the internet.
"We published a White Paper that offers five principles that could frame content regulation, especially outside the US, that keeps the internet safe and protects free expression."
The guidelines suggest regulations should "respect the global scale of the internet and the value of cross-border communications" and encourage coordination between different international national regulators, as well as look to protect freedom of expression.
In terms of enforcing new rules, it also calls on regulators to develop an understanding of technology which still allows technology firms to innovate rather than issuing blanket bans on certain processes or tools, and asks regulators to take into account the "severity and prevalence" of harmful content in question, its status in law and efforts already underway to address the content.
Writing in the Financial Times, Facebook boss Mark Zuckerberg said the company supported the need for new online regulation even if it damaged Facebook financially.
"I believe good regulation may hurt Facebook's business in the near term but it will be better for everyone, including us, over the long term," he said.
"These are problems that need to be fixed and that affect our industry as a whole. If we don't create standards that people feel are legitimate, they won't trust institutions or technology.”