Sign in / up

back to article Teen whiz exposes WhatsApp profile pic privacy blunder bug

A privacy hole in WhatsApp allowed anyone to view someone else's profile photo – even if a user had configured the mobile messenger app to only show their pic to their contacts. The privacy slip-up, which came with the debut of WhatsApp’s newly-introduced web interface at web.whatsapp.com, was discovered by 17-year-old …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. AbelSoul
    Paris Hilton

    discovered by 17-year-old security researcher Indrajeet Bhuyan

    17-year-old security researcher?

    Fair play to him. At that age I was far too busy with other, aherm, "recreational" activities.

    Paris because she knows all about privacy concerns.

    3 0 Reply
    1. chivo243 Silver badge
      Reply Icon

      Re: discovered by 17-year-old security researcher Indrajeet Bhuyan

      I thought Paris knew about the, so called recreational activities...

      3 0 Reply
  2. frank ly

    All I can say is ....

    ... What do you expect? It was probably 'developed' by a bunch of 17-year olds.

    3 0 Reply
    1. Brewster's Angle Grinder Silver badge
      Reply Icon
      Holmes

      Re: All I can say is ....

      That's a very generous assessment of the developers' mental age. :/

      0 0 Reply
  3. Florida1920
    Facepalm

    Could someone please explain

    How that 648px × 429px lead image of two logos in any way adds value to the article? This isn't a "redesign," it's a de-design.

    7 0 Reply
  4. BasicChimpTheory

    "Element HInding Helper for AdBlock Plus" FTW! I've got articles down to a consistent-width of plain text.

    ABP will allow you to whitelist ads on this (or any other site - or even all sites) while still allowing you to enjoy other benefits these add-ons offer.

    Yes, the base ad-on allows you to block specific images but the Helper is MUCH more flexible and well worth the extra overhead, in my humble one.

    0 0 Reply
    1. Florida1920
      Reply Icon

      Egad, they changed the image to something even more ghastly. El Reg is starting to resemble a 1990s geocities site.

      Thanks for the tip. The right custom filter in "Element Hiding Helper" made them all go away.

      0 0 Reply
  5. channel extended
    Black Helicopters

    Promises promises...

    It seems more and more companys are touting the privacy/secret aspects of thier software. Only to bungle it in the coding. This smacks of a rush to market attitude.

    The only way to be completely private is don't talk to ANYone!

    0 0 Reply
    1. chivo243 Silver badge
      Reply Icon
      Go

      Re: Promises promises...

      Right, note to self, use only sign language, under the cone of silence, with the lights off. Got it.

      Or if you're going to use methods of unknown security, don't say anything that will incriminate you in any way!

      1 0 Reply
  6. Alan Birtles

    Abandon what's app and use telegram instead, it has a Web app, it's free, secure and gasp has an open api

    1 0 Reply
  7. Semaj
    Facepalm

    That's Nothing

    If you think that's bad you should look into the way groups work.

    If you add people to a group in WhatsApp and then as group admin you leave, the group is persisted and a RANDOM participant is allocated as the new admin. So if a user does this by accident, bad things can happen. Also any users who've been in the group can see each others profile pictures and phone numbers and the messages that were sent to the group even if the admin kicks them out.

    Even the fact that it's phone number rather than user name based really doesn't sit right with me.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like