WhatsApp has started to gradually test the username feature, which it plans to make widely available within the year. The system, which will allow communication with a username instead of a phone number, aims to offer new conveniences in terms of privacy. However, early use of the feature has attracted the attention of security experts and regulators, especially due to the possibility of impersonation and fraud. The focus of the discussions is India, which is WhatsApp’s largest market and has more than 500 million users.
With the new system, users will be able to be found by others and receive messages without sharing their phone numbers. Meta argues that this change will contribute to the protection of personal information. Despite this, experts evaluate that the usernames managed by the platform can be used by malicious people for imitation purposes, which may cause new security problems.
TechCrunch’s investigations during the early access period showed that many usernames reminiscent of Indian Prime Minister Narendra Modi, actors Shah Rukh Khan and Amitabh Bachchan, Mukesh Ambani’s telecom company Jio and the Reserve Bank of India can still be reserved. The availability of usernames such as “indiamodi”, “shahrukh.actor”, “teamamitabh”, “ambanijio” and “rbi_verify” has raised questions about the creation of fake accounts. In addition, Binance founder Changpeng Zhao, in his post on X, explained that he could not reserve the username “cz_binance”, which he had been using for a long time, on WhatsApp.
WhatsApp usernames under regulatory review
In a statement to TechCrunch, Meta stated that public figures, government institutions, and some variations of these names are pre-reserved so that they can only be acquired by their real owners. However, the company did not explain which similar usernames were protected and according to what criteria. This uncertainty keeps discussions about the possibility of abuse of the system alive.
India’s Ministry of Electronics and Information Technology (MeitY) also sent an official notification to WhatsApp regarding the issue. The notice stated that the username system could increase online fraud, phishing attacks, digital custody scams and impersonation attempts. The Ministry also pointed out that usernames that resemble real persons, public institutions, financial institutions and government institutions can be used by malicious people.
While the Ministry asked WhatsApp to explain why action should not be taken within the scope of India’s information technologies legislation, it requested that the feature not be made available in the country until the negotiations are completed. A government official close to the issue also confirmed that the ministry continues its discussions via WhatsApp.
On the other hand, New Delhi-based digital rights organization Internet Freedom Foundation (IFF) criticized the ministry’s approach. The organization argued that the notification sent did not have a clear legal basis and could give the executive branch the authority to directly intervene in the design of digital products. According to the IFF, although impersonation and fraud are serious problems, combating them should be carried out within the framework of existing criminal law, rather than limiting product features through administrative correspondence.
Similar discussions were previously brought up in a case against Telegram. The Delhi High Court had pointed out that using a username instead of a phone number could make it easier to hide user identity and pave the way for illegal content to spread faster. Although the case in question is not directly related to WhatsApp, similar evaluations have been brought to the public agenda again.
Rachel Tobac, CEO of security company SocialProof Security, thinks that usernames are a positive development in terms of privacy in general. Stating that the risks of SIM changing attacks, phishing attempts and account takeovers can be reduced by not sharing the phone number, Tobac said that similar usernames can still create opportunities for people who want to create fake accounts. That’s why he recommends users choose unique usernames that are difficult to guess.
WhatsApp states that it will not rush the username feature. The company states that it continues to evaluate the feedback and aims to make the system as secure and trouble-free as possible before the large-scale deployment that will take place during the year. With the global rollout of the feature, the impact of both privacy advantages and anti-impersonation measures in practice will become clearer.