WhatsApp has fixed a problem with its View Once feature, designed to protect people's privacy with automatically disappearing pictures and videos.
View Once was introduced in 2021, enabling media to delete itself after being opened. However, that privacy mechanism was flawed and could be "trivially bypassed" when using the web app and a rogue browser extension, according to the researchers who discovered this weakness in August and responsibly disclosed the issue to WhatsApp.
WhatsApp put out a quick fix – but it was less than perfect and would still allow images to be viewed even after they were supposed to have vanished. Now, the biz claims the issue has been resolved with a software update.
"We're constantly building in layers of privacy protection, and that includes rolling out key updates to View Once on web," a WhatsApp spokesperson told The Register. "As always, we continue to encourage users to only send view once messages to people they know and trust, and make sure they're on the latest version of the app."
The initial issue, discovered by folks at crypto wallet startup Zengo, allowed "View Once" messages to be accessed by web clients that didn't adhere to the app's disappearing messages protocol. Several developers wrote browser extensions that would ignore the View Once command and keep a copy of the media the messages contained.
Though Zengo co-founder Tal Be'ery nit-picked the latest fix, which prevents browser extensions from getting media sent in vanishing messages, he acknowledged the update is a "great improvement with respect to the original starting point. We are happy that our discoveries and publications pushed WhatsApp into fixing View Once in a thorough manner to protect this feature's users' privacy." ®