NEW DELHI: At least 1,700 private WhatsApp group links were visible on Google through a simple web search, according to a recent research.
Published by internet security researcher Rajshekhar Rajaharia, the research claimed that the groups’ links available on the web posed a threat to WhatsApp users’ privacy. Rajaharia had shared screenshots of the WhatsApp group links on his Twitter profile on Sunday afternoon.
“Anyone who had access to these links could join these private groups, see the participants there and also have access to the group members’ phone numbers and profile photos,” he told TOI on Sunday.
On Monday, WhatsApp fixed the issue, and the links were no longer visible on Google. “Since March 2020, WhatsApp has included the “noindex” tag on all deep link pages which, according to Google, will exclude them from indexing. We have given our feedback to Google to not index these chats. As a reminder, whenever someone joins a group, everyone in that group receives a notice and the admin can revoke or change the group invite link at any time,” a WhatsApp spokesperson said in a statement.
According to Rajaharia, the issue arose because “WhatsApp allows users to generate rich preview links of group chat invites that eventually may allow search engine crawlers to identify the links and then index them for future searches”.
An index is another name for the database used by a search engine. This is the second time that WhatsApp has faced this issue. The Facebook-owned instant messaging platform had said in 2020 that it had fixed an issue that was causing phone numbers to show up on Google.
WhatsApp added that invite links are searchable only when they are posted publicly on the internet. “Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website,” the spokesperson added.
However, according to Rajaharia, a “noindex” tag is not enough to stop crawlers from indexing a website page. “There has been carelessness from WhatsApp’s end. They need to use robots.txt files to prevent indexing completely. But that would probably mean they have to reconfigure their domains, which is a long process,” he added.