WhatsApp was recently spotted working on an option to hide the online status of users. Now, the meta-owned instant messaging service is reportedly working on a new privacy-focused feature that allows users to hide their phone numbers from certain sub-groups of a community on its Android app. The feature named phone number sharing has been spotted in development on WhatsApp for Android beta 2.22.17.23, which is available via the Google Play beta programme. The feature is currently unavailable to testers, as it is currently in development.

According to a report by WhatsApp features tracker WABetaInfo, WhatsApp will soon allow people to hide phone numbers from specific WhatsApp groups on Android. This option will be deactivated by default. While joining a group, your phone number will be automatically hidden from all members, but you can share it with a specific sub-group later as per preference.

The messaging platform is said to be rolling out the update via the Google Play beta programme, with the 2.22.17.23 beta for Android. The report comes with a screenshot showing the phone number sharing feature for communities, giving users an idea of what it might look like when it starts rolling out.

As per the report, this functionality will be exclusive to WhatsApp communities. It is not yet available for beta testers and is expected to undergo changes before the final release.

In addition to the ability to hide the numbers from communities, WABetaInfo suggests that the messaging service is working on a method to protect users from malicious users with a new Login Approval feature. Spotted recently in development, it builds on the two-step verification feature available in WhatsApp, and users may receive alerts inside WhatsApp when a user logs in to an account from a different smartphone.

WhatsApp is also bringing several updates to make chats more convenient on its platform. It is reportedly getting a new feature that allows users to hide online status. The feature is reportedly under development and not yet ready to be released to beta testers.

---

Alphabet’s Google was sued by an early adopter of its Workplace cloud productivity software who claims the company reneged on a promise to provide it with free access to the program for life.
Google Workplace, formerly known as Google Apps and G Suite, provides a host of services including Gmail, Calendar, Drive for storage and Google Docs for content creation. Some of the programmes are free to all, but enterprise features such as custom email addresses and shared Drive storage cost extra.

The Stratford Company LLC sued on behalf of all early adopters who were lured to use the software in its early stages, allowing Google to fine-tune it and then sell it for a fee. In exchange Stratford Company said the early adopters were promised a free version of Workspace as long as Google offered it.

In 2012, Google started charging new customers $12 (roughly Rs. 950) a month to use the software. Then, in 2022, Google notified legacy users that they would also be charged, although it later excluded non-business users of the software.

“Google’s abandonment of the credo ‘don’t be evil’ is well-illustrated in this case,” Stratford Company said in the complaint, filed Friday in San Jose federal court. “Google, as the better part of a conglomerate worth nearly two trillion dollars, breaks a promise to loyal customers who helped Google develop a profitable product, in order to pad its already grossly outsized profits.”

Stratford company is seeking class-action status for all the early adopters and damages to be determined at trial, but more than $5 million (roughly Rs. 40 crore).

Google didn’t immediately respond to an emailed request for comment, sent after regular business hours.

The case is The Stratford Company LLC v. Google LLC, 5:22-cv-4547, US District Court, Northern District of California (San Jose).

© 2022 Bloomberg LP

---

A vulnerability in Twitter’s software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor, the social media company said Friday.

It did not confirm a report that data on 5.4 million users was offered for sale online as a result but said users worldwide were affected.

The breach is especially worrisome because many Twitter account owners, including human rights activists, do not disclose their identities in their profiles for security reasons that include fear of persecution by repressive authorities.

“This is very bad for many who use pseudonymous Twitter accounts,” US Naval Academy data security expert Jeff Kosseff tweeted.

The vulnerability allowed someone to determine during log-in whether a particular phone number or email address was tied to an existing Twitter account, thereby revealing account owners, the company said.

Twitter said it did not know how many users may have been affected, and stressed that no passwords were exposed.

“We can confirm the impact was global,” a Twitter spokesperson said via email. “We cannot determine exactly how many accounts were impacted or the location of the account holders.”

Twitter’s acknowledgment in a blog post Friday followed a report last month by the digital privacy advocacy group Restore Privacy detailing how data presumably obtained from the vulnerability was being sold on a popular hacking forum for $30,000 (roughly Rs. 28.9 lakh).

A security researcher discovered the flaw in January, informed Twitter and was paid a reported $5,000 (roughly Rs. 4 lakh) bounty. Twitter said the bug, introduced in a June 2021 software update, was immediately fixed.

Twitter said it learned about the data sale on the hacking forum from media reports and “confirmed that a bad actor had taken advantage of the issue before it was addressed.”

It said it was directly notifying all account owners that it can confirm were affected.

“We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,” the company said.

It recommended users seeking to keep their identities veiled not add a publicly known phone number or email address to their Twitter account.

“If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened,” it said.

The revelation of the breach comes while Twitter is in a legal battle with Tesla CEO Elon Musk over his attempt to back out from his previous offer to buy San Francisco-based Twitter for $44 billion (roughly Rs. 3,500 crore).

---