Technology

India challenges WhatsApp username rollout

MeitY warns handles could fuel impersonation and fraud, Meta privacy pitch collides with platform-managed identity

Images

WhatsApp usernames are already raising impersonation red flags | TechCrunch WhatsApp usernames are already raising impersonation red flags | TechCrunch techcrunch.com

WhatsApp began rolling out username reservations this week, letting users be found by handle instead of phone number, according to TechCrunch. In India—WhatsApp’s largest market with more than 500 million users—the change has already triggered a formal notice from the Ministry of Electronics and Information Technology (MeitY), which asked the company to explain why action should not be taken under India’s IT laws and urged WhatsApp not to proceed until consultations are completed.

The username feature is pitched by Meta as a privacy upgrade: users can share a handle rather than expose a phone number that can be exploited for SIM-swap attacks, phishing, or account takeovers. But shifting identity from a number tied to a telecom provider to a platform-managed namespace creates a new set of failure modes, and early testing showed how quickly they appear. TechCrunch reported it could still reserve usernames resembling prominent Indian politicians, celebrities, business figures, and public institutions—examples included handles referencing Prime Minister Narendra Modi, major Bollywood actors, Mukesh Ambani’s telecom brand Jio, and even the Reserve Bank of India.

That is the kind of surface area scammers look for: an official-sounding handle, a convincing profile photo, and a direct message that arrives inside the same app people use for family chats, payments coordination, and workplace groups. MeitY’s notice explicitly linked the feature to fraud patterns already common in India, including phishing and “digital arrest” scams, arguing that usernames could make it easier to impersonate public authorities, financial institutions, and government agencies.

Meta told TechCrunch it reserves usernames for public figures, government entities, and some variations of those names so only legitimate owners can claim them, but it did not explain how it decides which lookalike handles to preempt. That gap matters because the abuse is rarely a perfect match; it is a near-match that survives automated filters and spreads through social trust. The Internet Freedom Foundation, a New Delhi-based digital rights group, criticised the ministry’s notice for lacking a clear legal basis and warned against private, executive-level product design demands—while still leaving open the question of who, in practice, bears the cost when impersonation scales.

For now, the dispute is about a feature that has not fully launched. The first visible artifacts are the handles themselves—available for reservation before the people and institutions they mimic even know they are being imitated.