Three billion WhatsApp users are at risk - an expert has developed a tool that could spy on everyone, and you would never know about it
Security expert here… This issa nothing Burger and will be fixed on the server side soon I expect. This is about spreading fear uncertainty and doubt. The research is academic in nature and the results are interesting, but this is only a side channel to reveal things like maybe you rough timezone and maybe a few correlations via connectivity quality. This is what they do if they need to confirm if a person uses the same phone number for example. And the could just look it up in the registry or maybe just call you…
This is not a widespread privacy concern, is not very practical to use, especially at scale and is early fixable. Its comparable to the traffic pattern analysis they do to confirm tor users identity if they found them but need supporting evidence. Its what’s left when the technology works as intended. So chill your paranoia.
It’s also worth considering the Signal threat model: a contact you communicate with is not considered an adversary. You can choose not to accept an initial message request.
