"A DW journalist recently discovered WhatsApp links that lead to closed groups could be found with a simple Google search." "WhatsApp links that lead to closed groups can be found with a simple Google search — a major security flaw revealed by DW last week (link). Following social media outrage, the links were removed from Google’s search results. Despite the removal, however, publicly-available internet archives are still storing the information, as security researcher Lav Kumar has found out. He gathered and organized over 60,000 unique links, which can still be found on multiple websites. Of the 1,000 randomly selected links DW tested, 427 were active chat links. Even without actively joining a group, its title, description, image and creator's phone number are available for all. However, upon entering a group, it is possible to also see the phone numbers of up to 256 participants, as well as other information, and adding these numbers to one's contacts can reveal their names in the app. "We show all numbers in groups for people's safety that way they know who will receive their messages," WhatsApp told DW in response. Real-life danger Using this information, DW gained access to a group described as "Ministry of finance civil servants" in Indonesia, revealing the phone numbers of all 14 members. Several other groups appeared to be official support groups for the campaign of Brazilian President Jair Bolsonaro. Among the 427 active links DW examined, there were groups described to be for school classes, medical trainees, political campaigns, businesses, pornography and sex workers. Some groups included members with particularly sensitive identities, such as one chat with hundreds of members clearly labeled as an LGBTQ+ group in a Latin American country with high rates of homophobic murders. In some cases, the group image looked like amateur pornography or had titles such as "ex-wives leaked videos," raising questions of consent. (screenshot)" Also listed were potential terrorist groups and groups advertised as for sharing footage of "extreme" sexual content, including rape. A small number indicated that they were for child pornography. WhatsApp told DW that the company has a zero-tolerance policy around child sexual abuse and bans users immediately if they are found sharing content that exploits or endangers children. The platform also claims to ban approximately 250,000 accounts each month suspected of sharing exploitative images of children and relies on user reports and all unencrypted information to do so. 'Useful for terrorism chats' In response to the revelations, some Twitter users pointed out that this information could be used by authorities to track down illegal content without WhatsApp offering an official "backdoor" to encrypted content. "Of course there is a possibility that they left it open to search for problem groups," Jake Moore, a cybersecurity specialist and former Head of Digital Forensics at a British police force, told DW, "they aren’t always too keen to help law enforcement, so might have found it beneficial to offer it out to law enforcement and not openly mention it." On whether law enforcement would use this proactively to identify crime, Moore said: "Most police forces aren’t that proactive, [but] rather reactive. However, I would imagine it would be useful for terrorism chats, yet I doubt they use WhatsApp." However, investigations into far-right terrorism in Germany show that organizations have used Whatsapp to introduce members to each other. Read more: German far-right extremists met on WhatsApp, planned mosque attacks" More links: https://www.dw.com/en/whatsapp-security-flaw-over-60000-groups-still-accessi...