Users of Meta’s WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option.
Strict Account Settings is what Meta is calling the new lockdown mode built into its WhatsApp encrypted-by-default messenger. Found under the Settings > Privacy > Advanced menu in the iOS and Android versions of WhatsApp, Strict Account Settings will limit a good deal of app functionality in the name of better security.
Users are made more invisible by restricting last seen and online status, profile photos and account details to contacts and other select users; who can add them to groups is limited; link previews are disabled; high-volume messages from unknown accounts are blocked; security code change notifications are turned on; and two-step verification is enabled by default on the account.
Individual features of Strict Account Settings can be toggled off without disabling the rest, a Meta spokesperson told The Register.
Due to its reputation as a secure messaging platform, WhatsApp attracts a number of high-profile individuals who are at risk for phishing attacks, malware embedded in attachments, and the like. Meta explained the new feature as a way to protect such users, but the feature won’t be restricted to certain accounts.
“We will always defend that right to privacy for everyone … but a few of our users – like journalists or public-facing figures – may need extreme safeguards against rare and highly-sophisticated cyber attacks,” Meta explained. Strict Account Settings are rolling out to all users in the coming weeks, the company said in its announcement.
When asked if this announcement was in any way tied to a lawsuit filed last week in a San Francisco federal court alleging that WhatsApp’s end-to-end encryption is misleading and that Meta employees can access users’ messages, the company said that the two were not connected and called the lawsuit frivolous.
“Any claim that people’s WhatsApp messages are not encrypted is categorically false and absurd,” a Meta spokesperson told The Register. “WhatsApp has been end-to-end encrypted using the Signal protocol for a decade. This lawsuit is a frivolous work of fiction and we will pursue sanctions against plaintiffs’ counsel.”
Meta also on Tuesday announced it had replaced an older C++-written media processing and security library with one built in Rust, which it said is smaller, safer, and easier to maintain, and a sign that “Rust is production ready at a global scale.”
The new Rust library is used in WhatsApp’s handling of media files and other document types, performing format validation and consistency checks designed to reduce the risk of maliciously crafted files. Like Microsoft, Meta said it’s so thrilled with Rust’s security capabilities that it plans to accelerate its adoption of the language in the coming years. ®