Recently, I came across an article called Collecting huge amounts of data using WhatsApp which kind of got me thinking. The article explains how you can create your very own database of mobile numbers, profile photos, status and about text. You give WhatsApp a mobile number, and this is what they return back — even if it’s a number that isn’t in your contacts etc. The guy who wrote the article made a script to go through loads of mobile numbers and get all this info back — but let’s make it a little bit more creepy.
Spying on people has never been so easy thanks to WhatsApp’s “last seen” feature.
Firstly it’s important to remember that 99% of the time a person uses WhatsApp for chatting to someone (nobody uses the new “status” feature, right?). It’s not like some other apps like Facebook for example, because on Facebook plenty of people might be online but all they are doing is scrolling through their timeline which is never-ending. So if 2 people are online on Facebook, it doesn’t really make you think that they are chatting to each other.
Now, if 2 people are online on WhatsApp at roughly the same time it still doesn’t necessarily mean that they are chatting obviously. But if you monitor it over a long enough period of time you could get a good idea of whether 2 people are talking to each other or not. So, I wrote a little script to:
- Firstly it’ll check if the first user is online every 10 seconds.
- If they are online it’ll then check to see if the second user has been online for the next 10 minutes (also checking every 10 seconds for the second user).
- If the second user is online within that time period, we’ve got a hit. So we’ll keep a record of that.
With the script which can be found on my GitHub you’ll end up with something like this:
It mightn’t look too scary at first because by coincidence you’ll get a few hits, but imagine you let this run over the course of a few months. Then you’d be able to actually have a good idea whether 2 people are talking to each other or not. “Oh, it looks like when Alice is online, Bob goes online within a minute or two most of the time!” — see what I mean?
The script is simple enough just to show what’s possible, but it could get a lot creepier. Hopefully this goes to show how a small feature can actually be taken advantage of. If you’d rather not have this type of info public for anybody to get, you can turn off the “last seen” feature in WhatsApp but that won’t stop some of the points mentioned in the original article I mentioned at the start of this post.
Important: If you’re going to try out the script, be a bit careful. WhatsApp might throttle you’re connection to them or even ban your account if you really annoy them so it’s not a bad idea to use it on an account that isn’t your main one.