One of the most common messaging app today is WhatsApp. Apart from the Chinese community, the entire world is on WhatsApp, for one reason or another. Since the entire data breach episode in the entire world, the idea of message encryption came to be. WhatsApp was one of the first few services which added end to end encryption for people using the service. This allowed for peace of mind, in a way. In a tweet by Jordan Wildon though, he pointed out a loophole/ issue with the service which actually compromises the idea of privacy.
A misconfiguration by WhatsApp enabled ~470k Group Invite links to be indexed by search engines
It should’ve been `Disallow`ed with robots.txt or with the `noindex` meta tag
— Jane Manchun Wong (@wongmjane) February 21, 2020
Jane Mauchun Wong retweeted Jordan as well. According to the original tweet, as we all know that there is an Invite to Group via Link feature which works in a way to invite people to join a group. This works in a way, in tandem with Google and Facebook to share the link. Jordan pointed out an issue in which he was using certain special terms, in terms of “Index of:..“, which allows users to actually find group chat links from all around the world.
Everyone, using these wildcards, can find groups from all around the world and upon clicking, can actually join it. This actually poses a big breach in the idea of privacy that maintains in the groups. The retweet from Jane Mauchun Wong points out this huge flaw and adds on to it. According to her, there are more than four hundred thousand groups that are indexed due to this flaw. She claims that this could have been avoided by using robot.txt or a noindex meta tag.
Perhaps a lot of people have been reporting the issue to WhatsApp and Facebook. They would definitely see to it as soon as possible. Till then though, it is advisable to keep an eye out with your groups and see any signs of unusual activity to stay away from this. Good luck!.