WhatsApp is facing a security crisis after it emerged that over 4,000 links inviting people to join private groups have been listed on Google.
Normally, these links are simply sent directly to the person being invited, but if they happen to be posted online anywhere, they can easily be indexed by the search engine so complete strangers can find and join them.
As XDA Developers reports, Google’s public search liaison Danny Sullivan has tweeted that this is simply a result of the search engine working as intended, and if WhatsApp did not want these links to be listed, it should use a ‘noindex’ meta tag or ‘norobots.txt’ to stop it happening.
Search engines like Google & others list pages from the open web. That’s what’s happening here. It’s no different than any case where a site allows URLs to be publicly listed. We do offer tools allowing sites to block content being listed in our results: https://t.co/D1YIt228E3February 21, 2020
Pointing the finger
WhatsApp, on the other hand, appears to be placing responsibility for the listings squarely on the shoulders of its users.
In a statement to Vice, a WhatsApp spokesperson said: “Group admins in WhatsApp groups are able to invite any WhatsApp user to join that group by sharing a link that they have generated.
“Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.”
Not sharing private links online is good practice, but easily overlooked in instances like public Facebook pages and forums. However, it seems that WhatsApp could protect the privacy of its users by making the links non-indexed.