Ankur's Blog

The dark truth about WhatsApp

Hello everyone! It has been a long time since I wrote something.
This post is more of a Black Mirror episode and will get creepy as you read through. It has a good ending though so hang on till the end.

 

Blue ticks aren’t the problem any more. Everybody is well aware of the fact that WhatsApp has a privacy setting with which one can toggle their last seen status. So if you are wondering that by turning off your last seen nobody is able to detect your activity then the upcoming lines will be an eye opener.

So WhatsApp has this weird feature that reveals online status for any user irrespective of what their privacy setting is. All you need to know is the phone number of the person and a program that tracks the online status. That’s it. We can list down when the person came online and how long this person spent time on WhatsApp just by a simple phone number. Getting creepy now? Hang on. It will be more.

Imagine Sleeping pill companies tracking such data and targeting users who are not getting enough sleep for their products. This just an example with which our privacy can be utilized for others benefits.

I tracked my friend’s activity with his consent. And here is what I got.

The X-Axis represents the hour of the day while the Y-AXIS represents activity on WhatsApp. By looking at the graph one can easily say when he went to sleep and when he woke up. Usually the first thing people do in the morning is to check WhatsApp messages. I’m talking about the majority. Also we can comment on when he uses WhatsApp the most.

Also we can collect data of a bunch of people and with the help of correlation and when they came online it can be predicted that who are chatting together because if you send a text to some person the other person will come online to read that text.

For the people who don’t want the technicalities on how I collected this data you may jump to the good part on how you can prevent this privacy breech.

It’s not rocket science to collect such data and with the introduction of WhatsApp Web it’s just a few lines of JavaScript.
Fire up your favorite web browser. Open WhatsApp Web. Scan the QR code. You know the drill.

So once you login open up a friend’s chat window and paste the following lines of code in the console.

var myFn = function(){  
	if(document.getElementsByClassName('O90ur').length == 1) {
		console.log("online - " + Date.now());
	}
}
setInterval(myFn, 1000);

It will print the timestamps when the person came online. Later you can export the data and plot it in a graph as I have shown above.

Generally I don’t encourage copy pasting other’s JavaScript code to console if you have no idea what that piece of code is doing. But this code snippet is very easy to understand. It just tracks the online element and prints the time. Also I’m not sure about the class names so inspect the element to be sure.

Some are thinking : Ankur, this is 2018. This privacy breach has been discovered long long ago. I know. But is there any solution to prevent this? Read on…

The Good Part

So for the people who are worried about privacy you are in luck. I have a neat solution for you.

Always be online. Do the opposite. That’s it. If you are online 24×7 with read receipts off no one can ever track you.

Let’s address challenge being online all the time.

1. You need 24×7 internet access in your mobile as well as a dedicated PC.

2. You have to do some sort of activity on WhatsApp Web.

Uninterrupted internet access is not a problem. The second point is. Just opening WhatsApp Web without doing something will mark you as idle. I have tried to maintain some sort of activity in WhatsApp Web with JavaScript but it detects and marks you inactive (I haven’t explored much but if you have an elegant JS solution do ping me. Beer is on me :D) . The only way now is if someone was there to do some sort of activity.

Luckily I had a PC to spare. So I solved this by mouse and keyboard automation with the help of AutoIt . It’s a windows application. (I believe Linux users can code their own GUI automation 😀 ). You are going to thank me for this AutoIt thing. It’s a life saver. With the help of few lines of code you can automate almost anything. And the most impressive part is that it generates a sweet executive to run on other machine.

So I ended up writing these lines of AutoIt and bam! I’m online 24×7.

WinActivate("WhatsApp");
;configure x res
$xMax = 1366;
;configure y res
$yMax = 768;
MouseMove(730,358);
;configure start hot key
HotKeySet("1", "start");
;configure end hot key
HotKeySet("{END}", "stop");
Send("A");
While 1
    Sleep(500)
WEnd
Func start()
   While 1
	  Sleep(5000)
	  ;calculate mouse position for reload button in browser
	  MouseMove(77,47);
	  Sleep(5000)
	  MouseClick("left");
	  Sleep(10000)
	  MouseMove(Random (0,$xMax,1),Random (0,$yMax,1));
	  Sleep(5000)
	  MouseMove(Random (0,$xMax,1),Random (0,$yMax,1));
	  Sleep(5000)
	  MouseMove(Random (0,$xMax,1),Random (0,$yMax,1));
	  Sleep(5000)
	  MouseMove(Random (0,$xMax,1),Random (0,$yMax,1));
	  Sleep(5000)
	  ;calculate mouse position for contact search in WhatsApp Web
	  MouseMove(234,178);
	  Sleep(5000)
	  MouseClick("left");
	  Sleep(5000)
   WEnd
EndFunc

 Func stop()
    Exit
EndFunc

It basically does some mouse movements and reloads the WhatsApp web so that there is continuous activity.

Good luck tracking me now 😀

I know it’s a lot to do but if you are really concerned about your privacy then you should. If you ask me I would rather be impressed than worried about someone tracking my data. Nevertheless it’s fun being online all the time and the next time you find me online at 4AM in the morning, I might be sleeping that time ( Though there is a good chance I’m not :D)

Before ending I have a little WhatsApp tip for you.

 

If you delete any WhatsApp message that has been replied, the message still gets seen in the reply. So be aware :p

That’s it for today. Thanks for reading. Keep sharing 🙂