Vienna researchers retrieved all WhatsApp numbers. The 3.5 billion profiles represent the largest data leak in history—and it's worse than you might think.
I do agree that, to a certain point, this shouldn’t be possible in this volume, but also, when you add a phone number as a contact, it would show up on WhatsApp as long as the profile has public data. Anyone that saves every possible phone number would have the same result (although this could take ages, thus the issue with the scraping)
What would help immediately if something like this were prohibited by law is if the account used a phone number for identification instead of an account with login details. Then the issue of phone numbers would be off the table, and with it many other issues as well.
The information about when and where a device was paired does not have to be public (devices should actually be removed when no longer in use instead of being kept in the logs).
What about SIM spoofing? The mere existence of SIM spoofing should ensure that phone numbers are not used for authentication and then displayed elsewhere… regardless of whether they are set to public or private, whereby Meta should not offer this as an option at all, but strictly refrain from storing the number in plain text anywhere, let alone publicly.
I do agree that, to a certain point, this shouldn’t be possible in this volume, but also, when you add a phone number as a contact, it would show up on WhatsApp as long as the profile has public data. Anyone that saves every possible phone number would have the same result (although this could take ages, thus the issue with the scraping)
What would help immediately if something like this were prohibited by law is if the account used a phone number for identification instead of an account with login details. Then the issue of phone numbers would be off the table, and with it many other issues as well. The information about when and where a device was paired does not have to be public (devices should actually be removed when no longer in use instead of being kept in the logs).
What about SIM spoofing? The mere existence of SIM spoofing should ensure that phone numbers are not used for authentication and then displayed elsewhere… regardless of whether they are set to public or private, whereby Meta should not offer this as an option at all, but strictly refrain from storing the number in plain text anywhere, let alone publicly.