unknown function that allows its use as a notepad

WhatsApp has a feature for internet browsers that allows you to send messages to contacts who are not registered on your phone. Although this was its distinctive feature, Click Chat It can also be used for other situations, for example, as a notepad or photo and video store.

This option introduced by the messaging service three years ago is not one of the most popular on WhatsApp Web, the messaging version that works in browsers and simultaneously with the Android and iOS application.

However, Click Chat demonstrated that it also serves as a personal chat to save annotations, links, documents, images and photos from your computer.

How to use Click to Chat on WhatsApp

To open a personal chat, the user must enter the address in the browser https://wa.me/ followed by the full telephone number, in international format, ie +54 must be added in the case of Argentina.

For example, if your phone number is +1 (123) 456-7890, it should be expressed as follows: https://wa.me/11234567890, so you will not need to include any symbols in the final form of the URL.

After opening that web address, WhatsApp will automatically present its own chat (or you can tap “Continue” with the chat if the browser does not automatically redirect you to WhatsApp) and you can start share your notes there without having to create a contact with your mobile phone number.

Some users have even deliberately chosen to create empty groups to fill this type of repository, but using personal chat can have an advantage: not using mobile data, because messages and media content are not sent to the WhatsApp server.

In the middle of 2020 and in the middle of the pandemic, cybersecurity specialist Athul Jayaram revealed that the Click To Chat function registered a major security flaw related to the field wa.me of WhatsApp.

The problem was that some search engines indexed addresses among the results, so that a malicious user could get them with a simple search such as: “site: wa.me +34”, or with any other international prefix.

Although with this method you could only get phone numbers, but not the identity of the usersBy providing access to profile pictures, the attacker could try a reverse image search to get more information about the victim, as it is not uncommon for a user to use the same profile picture on multiple social networks.

Following this episode, Facebook took over the issue and contacted the investigator, but did not consider the security flaw relevant enough to be included in its bug reward program.

The reason was that it was a list of URLs that WhatsApp users chose to make public, because all thisUsers may block messages unwanted touch of a messaging service button.