Hacker News new | past | comments | ask | show | jobs | submit login
Private WhatsApp groups visible in Google searches (dw.com)
26 points by DyslexicAtheist 35 days ago | hide | past | web | favorite | 9 comments

It's unsurprising. Here's capture of chat.whatsapp.com robots.txt page: https://web.archive.org/web/20200222114340/https://chat.what...

>DW's Jordan Wildon discovered the bug on Friday. "Your WhatsApp groups may not be as secure as you think they are," he tweeted

If a link to your whatsapp group ends up crawled by Google it's because you posted it in a public website, and then you clearly don't care how secure your group is

If it's a group and someone other than you post the link somewhere you'd be exposed without knowing, that you care or not doesn't really matter.

There could be an API for checking if URLs/links given in social media platforms should be indexed or followed. e.g. https://ispublic.facebook.com/whatsappgroup/id35425265

There could be, but why? Why would anyone use that?

The article calls this a "bug", but I don't see how this can be anything other than working as intended?

I generate a link X to do Y on application Z. I post link X on a public website. Crawlers index the public site. When I search Y application Z, the page containing link X is returned in the results.

What action is the author expecting? For all search engines to recognize and ignore these URLs? What about malicious actors? Ask them nicely to ignore?

they're expecting that the word private means something. Why do you think that an unauthenticated user should be able to read comments of a private group just because they have a URL?

> they're expecting that the word private means something

In a world where Facebook and Google have widespread vulns exposed on at minimum a yearly basis, that's their fault for not reading, and just "trusting the computer".

I'm not a chef, but I make sure I know where my food's coming from to the best of my ability.

The article doesn't claim that the content of the groups is indexed or can be read unauthenticated. It states that the group can be joined using the indexed link.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact