Image: Jakub Porzycki/NurPhoto via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
Advertisement
Even if a user sets the "last seen" setting to "Nobody," other WhatsApp users—as well as some online sites that offer this service—can see whether a specific number is online. This is not the first time researchers notice the privacy risks of not allowing users to hide whether they are online or not. In 2014, researchers at the University of Erlangen-Nuremberg published a project that they hoped would "raise awareness of the various kinds of privacy-related information that can be queried using a phone number without any user authorization."UPDATE, April 15, 10:50 a.m. ET: WhatsApp investigated the website that Motherboard used in the test and found that it was using several WhatsApp accounts to check whether others were online. “We have banned the WhatsApp accounts associated with this website, requested Google remove their app from the Play Store, and sent the person behind it a cease and desist order,” a WhatsApp spokesperson told Motherboard. “Automating WhatsApp’s features to scrape information is a violation of our terms of service and we will continue to take action to protect the privacy of our users and help prevent abuse.”Joseph Cox contributed reporting.Subscribe to our cybersecurity podcast, CYBER.Do you reverse engineer and research vulnerabilities in mobile apps? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, lorenzofb on Wickr, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com