back to article WhatsApp's 'View Once' could be 'View Whenever' due to a flaw

A popular privacy feature in WhatsApp is "completely broken and can be trivially bypassed," according to techies at cryptowallet startup Zengo. According to cofounder Tal Be'ery, his team was building a web interface that integrated WhatsApp when they discovered a flaw in the Meta chat application's View Once messages – photos …

  1. Sora2566 Silver badge

    I mean, at the end of the day I'm not sure that this *can* be fixed.

    In order for the client to view the message, the server has to send the message to the client. What the client does with the message after that is now out of the sever's control. All the server can do is just not send the message a second time - it can't force the client to forget it.

    1. DoContra
      Big Brother

      None of these features, in any of these apps, can survive a photo/video camera/screen recorder[1], and for the most part are advertised as such. However, "not even attempting to hide the message from a client we know for a fact can't/won't do the right thing" is very low-hanging fruit, esp. for a platform where all clients are developed in-house[2].

      [1]: Cellphone apps will put up a fight against screen recorders when running on hardware/the same VM tho.

      [2]: The only "third party apps" I know for Whatsapp straight-up load the web version (Ferdi/Ferdium/etc).

  2. Anonymous Anti-ANC South African Coward Silver badge

    If they found this, what other shenanigans are hiding in Whatsapp?

    1. Anonymous Coward
      Anonymous Coward

      Come on, if you ever thought that any product of Meta/Zuckerberg would ever protect your privacy you have not been paying much attention to how the company makes its money..

  3. abend0c4 Silver badge

    As soon as it has been successfully tested...

    I presume it passed the tests previously, so that's not as comforting as it's intended to sound.

  4. T. F. M. Reader

    Total Recall

    Out of curiosity, if I open WhatsApp in a browser on a Windows computer and get a "View Once" message, will Microsoft Recall be able to save it?

  5. hayzoos

    Think about it

    There is a certain irony in th statement; "We continue to encourage users to only send view once messages to people they know and trust.”

  6. Alan Brown Silver badge

    90 days vs zero days

    If there's evidence that exploits are already circulating (as in this case), 90 days notice is pointless

    Anyone venting at publishing without notice needs to sit down and shut up in these kinds of cases

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like