After years of inaction, WhatsApp now finally caught up to its predecessors Telegram and Signal. Beginning today, the app owned by Meta will enable its users to save their usernames in preparation for a full launch sometime in 2026, which it calls one of the most significant steps towards ensuring user privacy. And this feature comes as a response to people who do not want to give out their phone number every time they add classmates, neighbors or people they met at some events. All they have to do is choose a handle from three to 35 characters long which must be lowercase letters and digits only.
It sounds good on paper because the beta launch has been happening already in countries like India. Not only does WhatsApp have actual privacy features such as no public directory, no search suggestions and an option to set a username key which other people should know to message you for the first time. However, a feature to increase privacy relies heavily on user behavior, and that’s where it falters. Here’s what could go wrong.
Also read: WhatsApp usernames announced, CEO Kunal Shah wants you get yours now
Right now, a WhatsApp ID is linked to a phone number that is expensive to forge on an industrial level. The username has no such constraint attached to it. Anybody could use a username that is just slightly different from yours and reach out to your contacts or customers posing as you. In the absence of a phone number as the anchor point, the recipients would lose the only indicator of authenticity.
The whole concept of WhatsApp is based on the assumption that people will choose handles that are not associated with any identifying details. However, in reality, a significant percentage of users in India, especially their elders who have been persuaded by their children to sign up for WhatsApp, will put in their phone numbers when asked for their usernames because it is the most convenient option for them.
Since usernames don’t need to be searched, but merely known, any user possessing that username – whether from being shared in a group chat, having been exposed via screenshot, or simply guessed through a pattern – can initiate a conversation with no additional information whatsoever. WhatsApp’s username key is supposed to fix that, but it’s an option, and uptake of optional security features tends to be poor among mass-market messaging apps.
While WhatsApp may reserve handles for celebrities and corporate entities, there is still immense scope of squatting handles for regional brands, small businesses, and other personalities not included in their list of priorities. A repeat of history seems certain in this case as we witness the same pattern emerge from the early days of Twitter and Instagram, where the first users to claim a handle include con men.
The world of Indian banking fraud and KYC scam depends largely on impersonation. The username feature works perfectly to serve this purpose. The fake user name like “HDFC.Support” or “HR.Recruiter” eliminates the sole impediment that had been the knowledge about the person’s contact number previously. Along with this, the latest BSUID approach of WhatsApp Business, which allows interaction with customers without revealing any contact numbers, provides another level of identity confusion for both participants of the conversation.
Also read: Top 10 most powerful supercomputers in the world: What’s their configuration?
The majority of users do not have unique usernames for different platforms. Having a similar username on both WhatsApp and Instagram or Twitter means having created a single thread linking those accounts together because it is allowed by WhatsApp for creators and business accounts. There is no use hiding the phone number when the identity can be traced through the username used elsewhere.
WhatsApp acknowledges that one is allowed to change his or her username anytime. This feature comes handy in a variety of ways; however, it opens up room for someone who can gain trust while using one username and then shift to another one without even letting anyone know. The user might also lose an old username that gets occupied by someone else.
After that, once you have entered the group, your name will be visible forever to all users in that group without any fine-tuned control system that WhatsApp provides regarding features such as last seen or profile pictures. In a nation where the WhatsApp groups for societies, schools, and even families extend beyond one hundred members, that’s a huge surface area.
That is the true question that editors and consumers must ask themselves. It’s true that WhatsApp is correct in stating that telephone numbers have such personal value that they cannot be shared freely. However, adding the username option to a three billion strong application, where most people will ignore the additional step required, and some others will continue to reuse their username without a second thought, is not a solution to exposure. The implementation of the feature was excellent on paper. Only time will tell if it stands the test of reality.
Also read: US-China AI race: How America’s own restrictions are helping China close the gap