Why has India requested that WhatsApp halt the implementation of usernames


On Wednesday, the Indian government directed Meta not to roll out WhatsApp's proposed username feature in the country until consultations on its privacy and security implications are completed. In a notice sent to the Chief Compliance Officer of Meta's India operations, officials sought a detailed explanation within three days regarding the feature. The directive comes amid growing debate over whether usernames could increase cybersecurity risks or strengthen user privacy.

Before examining the government's concerns, it is important to understand what the feature introduces. Until now, connecting with someone on WhatsApp required sharing a phone number. Whether it was a security guard, classmate or neighbour, users had to reveal their mobile number to start a conversation. Usernames are designed to change that.

At present, users can reserve a preferred username through WhatsApp's settings. The platform states, "We've announced the option for people to reserve their preferred username on WhatsApp. The ability to use a username is not yet live and will roll out slowly later this year."

Once the feature becomes available, users will be able to connect using usernames instead of phone numbers, similar to messaging platforms such as Telegram and social media services like Instagram and Facebook.

Why has India paused the rollout?

Although usernames are expected to improve privacy by reducing the need to share phone numbers, government officials have expressed concerns about the possibility of misuse.

In its notice to Meta, officials asked the company to explain within three days why regulatory action should not be initiated "for launching a feature that may increase cybercrimes."

The concerns primarily relate to impersonation. Officials believe usernames could make it easier for fraudsters to pose as celebrities, public figures or government officials. While phone numbers currently provide at least one identifiable element when users receive messages, a username-based system could make it more difficult to distinguish genuine accounts from fraudulent ones.

At a time when cyber frauds, including so-called "digital arrest" scams, have become increasingly common, officials fear the feature could provide another avenue for cybercriminals.

Similar concerns have also been raised outside government circles.

When WhatsApp first announced the feature, entrepreneur and financial educator Ankur Warikoo questioned whether scammers could create usernames resembling those of public personalities.

"Imagine receiving a message from warikoo / awarikoo / ankurwarikooo / ankur_warikoo / a_warikoo / ankurwarikooofficial etc etc - soliciting money," he wrote on X.

Jasveer Singh, co-founder of KnotDating, argued that usernames could make WhatsApp resemble Telegram, which he believes has become more vulnerable to scams because users can be contacted without sharing phone numbers.

"WhatsApp just launched usernames. My first thought wasn't privacy - it was scams. The biggest reason I never used Telegram was because anyone could contact you without knowing your phone number. It became a paradise for scammers," he wrote on X.

What safeguards has WhatsApp proposed?

Meta has said the feature includes several safeguards designed to reduce the risk of misuse.

To prevent impersonation of public figures, celebrities and government entities, WhatsApp says it has reserved well-known usernames and their variations so that only verified or legitimate account owners can claim them.

"We've held well-known names and some variations of them - like public figures, celebrities, government entities and Meta-verified accounts - so they can only be claimed by their legitimate owners. If you try to reserve those, the system will say it's not available," the company said on X.

WhatsApp has also stated that when someone contacts a user for the first time through a username, the application will display the sender's country of origin along with a warning message.

Additionally, users will have the option to enable a Username Key, a four-digit code that must be shared alongside the username before someone can initiate contact.

The platform has also rejected online claims that users have successfully reserved usernames associated with celebrities.

"People are making false claims about reserving popular or well-known usernames - this isn't true, only the legitimate account owners are able to reserve well-known public-figure names," WhatsApp said.

What are experts saying?

Following the government's directive, the Internet Freedom Foundation (IFF) questioned the legal basis for the notice.

"The Internet Freedom Foundation is concerned that the notice has no clear basis in law. It is an attempt by the executive to decide what a company may build and ship, which no statute permits," the organisation said.

According to the IFF, the Ministry of Electronics and Information Technology (MeitY) has not identified any legal provision that authorises it to approve product features before their release or require them to be withdrawn.

The organisation acknowledged that impersonation and online fraud remain genuine concerns but argued that these issues should be addressed through enforcement of existing criminal laws rather than restricting product features.

The IFF compared the approach to prohibiting telecom companies from issuing SIM cards because they are sometimes misused in online fraud.

Cybersecurity experts have also offered differing perspectives.

Speaking to India Today Tech, Vikram Raichura, founder and managing director of cloud communication platform Helo.ai, said concerns surrounding usernames are "valid and worth watching."

However, he added that WhatsApp appears to have incorporated safeguards to minimise those risks.

"WhatsApp seems to have introduced usernames with clear constraints to reduce that risk. Officially, the company has said there will be no searchable directory, no username suggestions, and users will need to know the exact username to initiate contact. There is also an optional username key for added control," he said.

Mukul Kumar, cybersecurity expert and managing partner at Claracon AI, believes the feature could even help reduce certain forms of cybercrime, particularly SIM swap fraud.

"SIM swap fraud is one of the most damaging cybercrimes in India right now. It works by convincing a telecom operator to transfer someone's number to a new SIM, which then intercepts OTPs and gives the attacker access to bank accounts, UPI, everything tied to that number," Kumar said.

He added that such attacks depend heavily on mobile numbers serving as a person's primary digital identity.

"The attack depends entirely on the phone number being the master key to someone's digital identity. If people start using usernames as their primary WhatsApp identity and sharing their number less freely, over time the phone number becomes a less attractive attack vector."

At the time of writing, Meta had not formally responded to the government's notice. While the username feature is expected to roll out globally, it remains uncertain whether or when Indian users will receive access, pending the outcome of the government's review.


 

buttons=(Accept !) days=(20)

Our website uses cookies to enhance your experience. Learn More
Accept !