[HN Gopher] You can deactivate anyone's WhatsApp account by simp...
___________________________________________________________________
You can deactivate anyone's WhatsApp account by simply sending an
email
Author : KomoD
Score : 232 points
Date : 2023-07-17 19:33 UTC (3 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| cuteboy19 wrote:
| But you can reactivate instantly and it doesn't cause data loss
| if you don't try anything funny during deactivation
| DennisP wrote:
| What would constitute "trying something funny?"
| chefandy wrote:
| Using your account for anything more humorous than amateur
| improv comedy, I imagine. Considering how many downvotes most
| jokes seem to get on HN, I can't imagine that'd be a problem
| with this crowd.
| [deleted]
| stuckkeys wrote:
| You forgot to include "you know, for science" part.
| breakingcups wrote:
| Then I wonder, what's the point?
| countvonbalzac wrote:
| If someone doesn't control your phone number they can't
| reactivate.
| jedberg wrote:
| Assuming you notice it was deactivated within the short time
| span they give you. If you're a casual user it could get really
| annoying to show up and be deactivated, most likely when you
| have a fairly urgent need.
| veave wrote:
| short time span == 30 days???
| urbandw311er wrote:
| I've been on holidays longer than that
| dangus wrote:
| Must be nice
| jedberg wrote:
| I live in America so I really only need to use WhatsApp
| when I travel to foreign places so I can contact vendors.
| That happens maybe once every other year. I'd be pretty
| upset if I fired up WhatsApp and it didn't work when I
| really needed to call a vendor.
| lxe wrote:
| This is perfect for getting rid of scammers.
| teddyh wrote:
| "Oh? And, when the last law was down, and the Devil turned
| round on you - where would you hide, Roper, the laws all being
| flat?"
|
| -- _A Man for All Seasons_ , Robert Bolt, 1960
| exabrial wrote:
| Reminds me of government systems where you can lock a specific
| user out by typing in bad passwords multiple times.
| johnisgood wrote:
| This happens on way too many sites.
| delphi4711 wrote:
| Apple e.g. Even when 2fa is activated, and no successful
| login happened, they will deactivate my account and force me
| to change my password :/. I had to change my email that I use
| to login to Apple.
| kiwijamo wrote:
| This happens on non-government systems too. The only system
| I've experienced this has been a financial institution's
| system. Frustrating as it meant I had to make the trip into one
| of their branches to get it reset.
| [deleted]
| KomoD wrote:
| Another very annoying one is when doing forgot password changes
| the password and emails you a copy, so some funny guy can just
| go and keep doing forgot password and it force changes your
| password.
| igitur wrote:
| I know a site that does this, except they run their own SMTP
| server that sometimes blocks up, so the emails never arrive.
| gmargari wrote:
| This was not meant to be used that way:
| https://www.troyhunt.com/building-password-purgatory-with-
| cl...
| smrtinsert wrote:
| w
| JimtheCoder wrote:
| So, we all want to make it easier to cancel things.
|
| But not too easy...
| pmx wrote:
| I want it to be easy to cancel my own stuff, not easy for
| someone else to do it for me.
| robertlagrant wrote:
| Clearly Leetcode questions don't cover avoiding the world's
| dumbest recovery processes.
| nine_zeros wrote:
| Hey, at least someone got a promo for "impact" in building a
| low maintenance service with 0% outage history.
| sakopov wrote:
| It might be dumb, but it locks you out in O(1).
| go_prodev wrote:
| Years ago I bought my dad an Audible subscription, but because it
| was a gift I signed up with my email address and then changed it
| to my dad's address on his birthday. Somehow I ended up inside
| his Amazon account because I used his email address. I guess some
| of the backend logic is hard to get right the first time.
|
| Another time I was talking to a credit union CTO who was dealing
| with someone blocking other people's account access by picking a
| random account number and making 3 bogus guesses to lock them
| out. At the time the credit union had a policy that required
| calling them to unblock... which was a PITA on weekends when
| people need money.
| mey wrote:
| Instacart has some sort of similar issue, signed up under my
| email, changed the email address to my wife, support requests
| get sent to both of our addresses.
| TheJoeMan wrote:
| Hey just fyi: they're not doing it for the purpose of locking
| people out. They're doing a distributed account breakin.
| Doesn't matter to the thief who's money they steal, so just try
| "password" on everyone's account until you get in.
| gabeio wrote:
| Yet another amazing reason to use hide my email features,
| less-guessable user emails as well as unique emails per
| service.
| jen729w wrote:
| Someone with my name bought a new iPhone in Bismarck, ND last
| week. They gave AT&T my iCloud email address which is
| firstname.lastname. An honest mistake, I guess.
|
| AT&T dutifully asked 'me' to confirm my email address. I did
| not.
|
| Aaaand... now I still get all of his account email. So what's
| the point.
| soneil wrote:
| I've been struggling with this for years - but with a fun
| twist. My gmail address is first.last, and someone in the UK
| keeps using it - but they do not have remotely the same first
| name, and they don't spell their last name the same as I do
| (the single-L in my username here is a less common deviation,
| their surname is the more common variant).
|
| Years. I've closed netflix accounts, I've sent them sms from
| their telco's webtext portal asking them to stop, and still
| there's a koneill out there who is very, very confused about
| why his email doesn't work. I know where he lives, I know
| what pizza he ordered, I know his name, his phone number, I
| just don't know his email address. And apparently, neither
| does he.
|
| The number of services that fail at email validation (or keep
| sending you reminders, forever, that you haven't validated),
| blows my mind. For such a simple process, that seems to exist
| on every single service I (and koneill) sign up for, it has a
| surprisingly low rate of successful implementations.
| rootusrootus wrote:
| I have a similar problem. I have a half dozen different
| people sending their emails to my gmail account. One of
| them is a woman who signed up my address for her health
| care provider, and they're quite liberal with what kind of
| detail they're willing to put in an email. I tracked her
| down on Facebook and mentioned it to her, and she seemed to
| get that it was a problem she might want to solve, but to
| this day I still get all those emails.
|
| In retrospect I should have chosen g6adfs789zg2@gmail.com
| or something.
| irrational wrote:
| There is a woman in another state that must have a gmail
| address very close to my wife's. We know when this woman
| gets Botox, how much she pays for her kids dance lessons (a
| lot!), and so much more. You would think she would realize
| at some point, but it has been years and my wife still gets
| so much of her mail.
|
| I used to get email for a guy in California when he would
| buy something from Harbor Freight, rent a movie from
| Redbox, or order a pizza. Those started tapering off about
| a year ago, so he must have figured it out.
|
| The strangest one was I was receiving email for a colonel
| in the US Army! For a few years I kept getting these group
| emails to all these army officers about upcoming training
| exercises. I thought about replying to let them know they
| shouldn't be sending them to me, but was worried about
| getting in trouble, so never did. They continued for years,
| but finally stopped. I always wondered if the guy had a
| .mil address and accidentally used gmail.com.
| makr17 wrote:
| My gmail address is lastname@gmail.com. Not a particularly
| common last name, and I thought it lucky when I got that
| address early on. I've since come to view it as mostly a
| curse.
|
| I get email invoice every time Orkin goes out to spray a
| house in North Carolina. No option to say "this isn't me",
| and I've given up calling to tell them after multiple cycles.
|
| The elderly German couple that would email their train
| itinerary so that their cousin could pick them up at the
| station. I would politely reply that I am not their cousin,
| and consequently their cousin would not be at the station.
| And six months later we start again.
|
| Someone in Canada with first initial + last name that results
| in my last name kept getting wired money, and I would get in
| email with instructions. Of course no "not me" option. I
| haven't seen one of those in a while, hopefully he figured it
| out.
|
| And so many more stories of people with my last name or close
| to it happily sending me their email... But I've had the
| address for practically forever, and really don't want to let
| it go.
| EvanAnderson wrote:
| I love these stories.
|
| I got service emails for the same year, model, and color
| Honda Civic that I own from a dealer in the UK. I am in the
| US. That alone was spooky.
|
| The car was owned by somebody who matched my first initial,
| last name email address.
|
| I tried to unsubscribe. I tried to contact customer
| service. Nothing worked.
|
| Each email would come with a little video walk around of
| the car. Eventually I started responding saying that their
| paint looked better than my car, etc.
|
| I don't get them anymore. I presume the owner sold the car.
| username135 wrote:
| This happens with my Gmail account.
|
| I know periods don't count, supposedly, but I still get emails
| for someone with the same name as mine. My email is first.last,
| theirs is firstlast. I wonder how much of my stuff they get
| erroneously?
| __ryan__ wrote:
| You are correct that the period doesn't count. Both email
| addresses belong to the same account. A possible explanation
| is that they have entered your email as a mistake.
| barbazoo wrote:
| I can view tweets again without being logged in ?!?
| shmde wrote:
| Yes. But you cannot see replies and authors page. Use
| https://nitter.net/ for that.
| bastard_op wrote:
| Sounds like there should be a mass service to close everyone's
| accounts in their name then. You know, doing them a favor and
| such.
| swader999 wrote:
| Too bad it didn't work for the entire meta user base. We could
| free the world. It would be like independence day when they
| uploaded the virus to kill the mothership.
| SilasX wrote:
| Haha I'd think a better comparison would be (an explosion-free)
| Fight Club.
| maerF0x0 wrote:
| Or Mr. Robot attacking E corp.
| maskedinvader wrote:
| I get why one would feel this way if this was one of Meta's
| social media apps, but WhatsApp is one of the biggest messaging
| apps used in so many countries and perhaps also helped kill the
| telecoms companies paid sms plans to force cheaper sms msging
| rates, if anything WhatsApp is perhaps the best value Meta has
| provided to the world, bringing the world closer.
| username135 wrote:
| It still boggles my mind that they paid SO much for it
| Barrin92 wrote:
| well it is by far the most used messenger app in the world
| with 2+ billion users so in that sense it seems prescient
| but i'd agree it's still questionable how they'll monetize
| it.
| annadane wrote:
| Yes but the _original founders_ did that. Zuckerberg took it
| from them and immediately lied about data sharing, there 's a
| reason why the founders left in disgust
| avalys wrote:
| Correction: The founders _sold it to Zuckerberg for
| billions of dollars_.
|
| Saying he "took it from them" is outright dishonest.
| annadane wrote:
| They sold it under the condition he wouldn't lie, it was
| a condition for him to have it, and he lied
| avalys wrote:
| So why didn't they take the billions of dollars he paid
| them and sue to have this "condition" upheld?
| lost_tourist wrote:
| I'll never understand why people don't place value on
| integrity. I mean day to day people and not stockholders.
| Zuck controls what happens at Meta, it's not a board
| decision on stuff like this unless Zuck tells them to do
| it.
| [deleted]
| er4hn wrote:
| One of the co-founders, Brian Acton, has funded most of
| Signal (~100M USD) in his post WhapsApp life. It is a
| very hacker mindset solution. Instead of turning to the
| law to enforce nebulous claims against a megacorp, make a
| better product with the money you got from said megacorp.
| bboygravity wrote:
| Plot twist: Signal turns out to be a CIA honey-pot.
| brewdad wrote:
| I know "nothing to hide" is never a strong argument but
| even if Signal is a CIA honeypot, if it keeps my personal
| conversations from becoming marketing fodder, sign me up!
| pessimizer wrote:
| I'm definitely not a "nothing to hide" guy, but if the
| CIA wants something on me they're going to find it in 5
| minutes. They would only be using a backdoored Signal to
| get the smart guys; so I guess I have to thank the smart
| guys for the CIA giving us Signal...
| GGO wrote:
| well he took money under the promise and when FB broke
| the promise, he walked away and left $850M on the table.
| https://finance.yahoo.com/news/whatsapp-co-founder-
| walked-aw...
| nilsbunger wrote:
| To punish Facebook for breaking their promise, he ...
| gave Facebook $850M (by not vesting all his equity) ?
| mcpackieh wrote:
| Angry people can be irrational. That's my read.
| thakoppno wrote:
| > I'm taking some time off to do things outside of
| technology, such as collecting rare air-cooled Porsches.
| DropInIn wrote:
| It's not a condition if it's not in the contract or if it
| is and is not acted upon.
|
| In either of those cases it's just lip service.
| frizlab wrote:
| WhatsApp is a company Meta bought, not brought to the world
| AFAIK.
| midasuni wrote:
| Except that was all done before meta bought it.
|
| https://www.flyertalk.com/forum/travel-
| technology/952359-tho...
| lmm wrote:
| But getting bought by facebook was the only business plan
| they ever had, so it was facebook that made all that
| possible.
| eps wrote:
| Not true. They were doing perfectly fine charging a fair
| fraction of their 100 mil userbase $1 a month. They sold
| because founders wanted an _exit_.
| Angostura wrote:
| It also demands full access to the totality of your contacts
| to work properly.
|
| An appalling requirement
| NikolaNovak wrote:
| I always feel I'm in a twilight zone with whatsapp. Am I
| the only person who doesn't want or need to give the app
| all of my contacts, or even register with just phone
| number? Phone number is such an intensely and irrevocably
| identifiable token and so hard to change, that using it for
| pervasive messaging seems insane to me :-/
| jsnell wrote:
| I'm sure you're not the only one, but in a tiny, tiny
| minority. Using the phone number as the identifier was
| pretty much the main selling point of Whats App.
| qingcharles wrote:
| I hate these apps that absolutely need a phone number. I
| couldn't pay my bill on my cellphone one month, lost the
| number and now I can't access either my WhatsApp or
| Telegram accounts.
| romwell wrote:
| I've had my phone stolen while traveling, and I can't say
| how much I despise _any_ system that uses a phone number
| for authentication.
|
| Go figure, you can't get a SIM card sent to you from the
| US to Europe, meaning that you potentially lose:
|
| * Access to messenger apps and chat history
|
| * Access to your bank account (with a special nod to
| Citi)
|
| * Access to your email account if it uses "2FA" with a
| phone (looking at you, Google)
|
| * etc
|
| Given that my bank cards and laptop were stolen along
| with the phone, I've had a Very Fun Time(tm) dealing with
| all these systems.
| smallerfish wrote:
| You can port your phone number to a voip provider if you
| will be out of the country for a while. Use a sip phone
| app, and the "transport layer" sim that you happen to use
| will have nothing to do with the phone number that is
| intermingled with your identity.
| tiltowait wrote:
| Maybe it would break a lot of things, but my gut instinct
| is I wish it were illegal for an app to slurp up, even with
| the user's consent, all of the user's contacts. Any such
| entries should be manual.
|
| I don't use $SERVICE. I never want to use $SERVICE. I
| certainly don't consent to $SERVICE having my contact info
| because some acquaintance/friend/family member who doesn't
| know any better tapped "allow" on a button. But because
| it's allowed, any number of immoral companies like Facebook
| have my info, even though I've made a conscious decision
| never to use them due to their privacy violations.
| moffkalast wrote:
| In an ideal world. In reality it would be a short outage,
| they'd roll back the DB and patch the exploit in like 10 hours
| total.
| thund wrote:
| Imagine a world (populated by a human species) where this would
| be the norm...
| TheCaptain4815 wrote:
| Anyone know Zuckerburgs WhatsApp account?
| cwkoss wrote:
| Is anyone working on a script to enumerate all phone numbers and
| deactivate every whatsapp account yet?
| cwkoss wrote:
| I wonder if it would be possible for someone who is really good
| at getting media stories placed - buy a bunch of put options
| and sell just after the story breaks - could this be a
| profitable tradable event?
|
| Meta is such a big company I'd be surprised if the cost of the
| options premiums were less than the value that could be
| harvested... but maybe..?
| loeg wrote:
| CFAA.
| dogtorwoof wrote:
| Several friends of mine had their WhatsApp completely hacked.
| Basically, hacker would spam recovery, which results in a phone
| call to the victim. If the victim doesn't pick up the phone, the
| recovery code goes to voicemail. Hacker accesses voice mail
| (password protected yes, but for lots of people it's a birth
| year, 1234, 0000, or last 4 digits of their phone), and voila
| they have access to your WhatsApp. They can't see your messages
| but can see all the groups you're in and message those.
|
| Completely preventable by having WhatsApp 2FA enabled.
| Andrex wrote:
| Another unintentional benefit to clinging to Google Voice for
| dear life... Though I don't use WhatsApp.
| fortran77 wrote:
| And some systems still don't ask for pin if you are calling
| from your phone. So if you spoof their CID (very easy to do)
| you get in with no password
| flangola7 wrote:
| Wow that is terrible. Wouldn't that violate multiple data
| protection laws?
| cryptoegorophy wrote:
| Had this done to me BUT luckily WhatsApp has a "pin" feature,
| which prevented hackers getting any further. Not as secure
| maybe as a 2factor but saved my day. Highly recommend.
| djbusby wrote:
| Chase bank has a similar issue. Getting confused about business
| vs personal vs joint and sending the wrong notice to the wrong
| address.
| dbajaj wrote:
| ah, wished it had email forwarding while it was disabled
| godelski wrote:
| Hello, WhatsApp? I'd like to report a stolen phone. Please
| deactivate the account for ^\\+?\d{1,3}[-.\s]?\\(?\d{1,3}\\)?[-.\
| s]?\d{1,4}[-.\s]?\d{1,4}[-.\s]?\d{1,9}$
|
| k thx bye
|
| https://xkcd.com/327/
| ploum wrote:
| I don't know how I should feel about the fact that I did know
| what xkcd comic would open before I even clicked the link.
|
| https://ploum.net/xkcds-law/index.html
| 0_____0 wrote:
| Bobby Tables, his arms wide.
| TheSpiceIsLife wrote:
| I really appreciated this, thank you.
| ilovecurl wrote:
| Shaka. When the tables fell.
| mellosouls wrote:
| Inspired the companies house injection attempt discussed here
|
| https://news.ycombinator.com/item?id=27815396
| 1vuio0pswjnm7 wrote:
| https://web.archive.org/web/20230717202207if_/https://twitte...
___________________________________________________________________
(page generated 2023-07-17 23:00 UTC)