
Whatsapp user’s IP disclosure with Link Preview feature - based2
https://medium.com/@kankrale.rahul/whatsapp-users-ip-disclosure-with-link-preview-feature-39a477f54fba
======
fasj82
Maybe it's me, but this is really, really bad. Probably because I come from an
IRC background.

I had assumed these request were proxified, but I didn't realise that would go
against E2E. Now I'd like to see an option to disable these previews.

~~~
saurik
The way Apple iMessages does this is to have the user opt-in to each preview
(it shows a grey box with a button to build a preview).

~~~
arbie
Not much different if users learn to always tap to generate the preview out of
habit.

~~~
saagarjha
Yes, but you get the benefit of getting to see the domain before deciding
whether you want to show a preview.

------
camillomiller
I don’t get the problem... it discloses the IP of each user to themselves, no?
In that case what’s the point?

~~~
dogma1138
I send you a link to my server you don’t need to click on it for me to know
your IP.

That said there isn’t a very good solution for this.

Link preview is a user requested feature they can’t disable it.

Doing link previews on the backend would expose what you share to W/A which
ain’t good either.

The only remotely viable option is that the sender must generate the link
preview and then they send it but then that can be potentially exploited for
other things.

~~~
tinus_hn
If you send me a link you create the preview and your address is disclosed.
This is a non issue.

------
breitling
Isn't there a workaround that they could load the preview on the server side?

~~~
dogma1138
So you rather W/A know what you are sharing? That kinda violates the whole
point of E2E if you start putting in exceptions.

A better workaround would be the sender generating a preview but even that has
a few threat models that can be abused.

~~~
breitling
Oh yea, good point

