Forgot your password?
typodupeerror
Privacy Social Networks

WhatsApp Usernames Are Already Raising Impersonation Red Flags (techcrunch.com) 24

An anonymous reader quotes a report from TechCrunch: WhatsApp this week started rolling out username reservations ahead of the broader launch planned later this year. The feature -- which lets people find and message each other by handle instead of phone number -- is already raising impersonation concerns, drawing scrutiny from security experts and regulators in India, the app's largest market, with more than 500 million users. The rollout marks a shift in how people identify one another on WhatsApp. Instead of relying on phone numbers as the primary identifier, users will increasingly interact through platform-managed usernames, a change that Meta says improves privacy but that critics argue could create new opportunities for impersonation.

[...] Asked about how it protects against impersonation, Meta told TechCrunch it reserves usernames for public figures, government entities, and "some variations" of those names so only the legitimate owner can claim them. The company did not explain, however, how it decides which lookalike usernames get proactively reserved and which don't. The concerns have already reached regulators in India, where cyber fraud schemes frequently exploit messaging platforms to impersonate police, banks, and government officials. [...] Rachel Tobac, chief executive of SocialProof Security, called usernames a net privacy gain because they reduce the need to share phone numbers, which can expose users to SIM-swap attacks, phishing, and account takeovers. Still, she said, lookalike usernames still create opportunities for impersonation. "Ultimately, usernames are a great idea to avoid leaking your phone number to folks you don't know, but it's important to verify identity with the username function too," Tobac told TechCrunch. Her advice for most users: Pick a username that isn't easily guessable, so it's harder for attackers to find you, message you cold, or harass and spam you.

[...] The Mozilla Foundation said the introduction of usernames is likely to bring new tradeoffs. "Increased scams and impersonation from fake handles are potentially a big one," it told TechCrunch. "Checking a phone number can be a useful verification tool, but these harms are also permitted by the platform's fundamental design choices." Mozilla also flagged a broader interoperability question -- one worth logging if you're building on top of, or competing with, Meta's ecosystem. While letting users claim their existing Facebook and Instagram usernames may cut down on impersonation, it also shows how easily Meta can stitch identity together across its own apps, even as users still can't take that identity, or their contacts, to a rival platform. For now, WhatsApp says it is taking a gradual approach to the rollout. "We're taking our time and listening to feedback so that when it rolls out later this year we get it right," the company said in its FAQ.

WhatsApp Usernames Are Already Raising Impersonation Red Flags

Comments Filter:
  • by Fly Swatter ( 30498 ) on Thursday July 02, 2026 @12:13PM (#66219956) Homepage
    Too many collisions, clearly we should go to a serial number system. Possibly encoded in a bar code. Perhaps tattooed on your forehead at birth.
    • by Ecuador ( 740021 )

      I'm Not Sure.

    • by PPH ( 736903 )

      Perhaps tattooed on your forehead at birth.

      Dark Angel.

      Twelve Monkeys.

      • by HiThere ( 15173 )

        I think it was actually a reference to Revelations, though IIRC, that was supposed to be a mark both on the forehead and on the wrist.

    • Too many collisions, clearly we should go to a serial number system. Possibly encoded in a bar code. Perhaps tattooed on your forehead at birth.

      Prescient ad for a now-dead bank: Washington Mutual: Head Scan [youtu.be]

    • Perhaps tattooed on your forehead at birth.

      That's a bit harsh. Can't we just encode it into a small chip which we could insert into a device we keep with us at all times? We could give it a clever name like Subscriber Identity Module. Ooooh I know, we'll also create an electronic variant that allows us to provision it via QR code to make it easier to move between devices.

  • by allo ( 1728082 ) on Thursday July 02, 2026 @12:43PM (#66220022)

    So john.doe.32@yahoo and john.doe.33@yahoo can be confused? Save the handle in your address book, if you aren't sure you can remember it correctly. It's not the provider's job to force users to choose distinct names. The hamming distance between valid phone numbers is also smaller than many people assume.

  • And 'Names' make it worse than 'Numbers.'

    Trying to pretend the words on your account somehow mean that's who you are is the problem. This idea that if someone has "Michael Jackson" next to their post then its the actual famous person talking isn't something that can work.

    It's better if that name next to people's posts is known to be just 'self-selected words.' Nobody will be fooled into thinking it's Michael Jackson, if there are 5000 different accounts claiming they are Michael Jackson.

    Actual 'authenti

  • then the solution is a number consisting of octal digits [wikipedia.org].

  • by spaceman375 ( 780812 ) on Thursday July 02, 2026 @06:34PM (#66220560)

    My facebook id has been spaceman375 for over 10 years (tho I haven't logged in again after the 1st 3 months.) I can't get it on my whatsapp account because some guy used it for his instagram account. I have 2 email accounts that are spaceman375, one from last century. It's my login on many websites, and yet somehow somebody else gets to take it. [expletive]

    Okay, I'll stop bitching now. Must be the heat...

    • Then there's a person called Spac Eman born in March 75 who's sad their IRL name seems to be taken, even with their birth month and year tracked on...!

      And what about all real name collisions like Don Johnson? Or this Michael Rowe who does software, is typically known by this first name abbreviation and can't take the name MikeRoweSoft anywhere...?

    • Yeah turns out that with 8 billion people in the world a significant portion of them come up with something like "spaceman". That's the price of picking an ID that is also popular music, a movie, a name given to a profession...

      Me I haven't been able to use my actual nickname anywhere, even here on Slashdot it was taken by someone. Joke's on them though I got the domain name. Someone with my nickname tried to buy it off me a while back but fuck em it's MINE.

  • Are "CmdrTaco" and "Anonymous Coward" taken ?

HOST SYSTEM RESPONDING, PROBABLY UP...

Working...