WhatsApp this week started rolling out username reservations forward of the broader launch deliberate later this 12 months. The characteristic — which lets folks discover and message one another by deal with as an alternative of cellphone quantity — is already elevating impersonation considerations, drawing scrutiny from safety specialists and regulators in India, the app’s largest market, with greater than 500 million customers.
The rollout marks a shift in how folks establish each other on WhatsApp. As an alternative of counting on cellphone numbers as the first identifier, customers will more and more work together via platform-managed usernames, a change that Meta says improves privateness however that critics argue might create new alternatives for impersonation.
In early testing, TechCrunch discovered usernames resembling distinguished politicians, celebrities, enterprise figures, and public establishments — together with “indiamodi,” “shahrukh.actor,” “teamamitabh,” “ambanijio,” and “rbi_verify” — have been nonetheless obtainable to order. These reference Indian Prime Minister Narendra Modi, Bollywood actors Shah Rukh Khan, and Amitabh Bachchan, billionaire Mukesh Ambani’s telecom firm Jio, and the Reserve Financial institution of India, respectively. Individually, Binance founder Changpeng Zhao said on X that he couldn’t reserve “cz_binance,” the deal with he already makes use of on that platform.
Requested about the way it protects towards impersonation, Meta informed TechCrunch it reserves usernames for public figures, authorities entities, and “some variations” of these names so solely the official proprietor can declare them. The corporate didn’t clarify, nevertheless, the way it decides which lookalike usernames get proactively reserved and which don’t.
The considerations have already reached regulators in India, the place cyber fraud schemes frequently exploit messaging platforms to impersonate police, banks, and authorities officers.
In a discover despatched to WhatsApp on Wednesday and reviewed by TechCrunch, the Ministry of Electronics and Info Know-how (MeitY) stated the characteristic might “materially improve the incidence of on-line fraud, phishing, digital arrest scams and impersonation assaults” by enabling dangerous actors to contact customers with out exposing their cellphone numbers.
The ministry additionally warned that usernames might facilitate impersonation of “people, public authorities, monetary establishments, and authorities businesses” by permitting usernames intently resembling these of real folks or organizations. It directed WhatsApp to elucidate why regulatory motion shouldn’t be initiated beneath India’s IT legal guidelines and requested the corporate to not roll out the characteristic till consultations have been accomplished.
A senior authorities official individually informed TechCrunch that the Indian IT ministry is cognizant of the problem and is participating with WhatsApp over the characteristic.
That intervention has drawn its personal pushback from New Delhi-based digital rights group Web Freedom Basis (IFF), which said the discover lacked a transparent authorized foundation and risked giving the chief broad powers to dictate product design. (It’s a dilemma that operators constructing in regulated markets know nicely: Guidelines made case-by-case, by letter, are more durable to plan round than guidelines made within the open.)
“Impersonation and fraud are actual dangers, however they’re met by imposing the legal regulation towards those that commit them,” the group stated in a press release. “They don’t seem to be met by MeitY deciding, in personal and by letter, what options Indians could use.”
The controversy echoes a similar observation the Delhi Excessive Courtroom made in a case involving Telegram, the place the courtroom stated that utilizing usernames as an alternative of cellphone numbers might make it simpler to hide person id and unfold illicit content material sooner. That case wasn’t about WhatsApp, however the parallel has been resurfacing in public dialogue as WhatsApp prepares its personal launch.
Privateness, belief, and platform energy
Rachel Tobac, chief government of SocialProof Safety, referred to as usernames a internet privateness acquire as a result of they cut back the necessity to share cellphone numbers, which may expose customers to SIM-swap assaults, phishing, and account takeovers. Nonetheless, she stated, lookalike usernames nonetheless create alternatives for impersonation.
“Finally, usernames are a terrific concept to keep away from leaking your cellphone quantity to of us you don’t know, nevertheless it’s essential to confirm id with the username perform too,” Tobac informed TechCrunch.
Her recommendation for many customers: Choose a username that isn’t simply guessable, so it’s more durable for attackers to seek out you, message you chilly, or harass and spam you.
Even WhatsApp acknowledges usernames gained’t be one-size-fits-all. In an FAQ posted on X on Wednesday, the corporate stated most customers ought to select a username distinctive to WhatsApp. Nevertheless, it additionally lets customers declare their present Instagram or Fb usernames by linking their accounts, saying the choice is meant to assist creators, companies, and organizations keep a constant id throughout Meta’s platforms whereas lowering impersonation.
The Mozilla Basis stated the introduction of usernames is more likely to carry new tradeoffs. “Elevated scams and impersonation from faux handles are probably a giant one,” it informed TechCrunch. “Checking a cellphone quantity could be a helpful verification instrument, however these harms are additionally permitted by the platform’s basic design decisions.”
Mozilla additionally flagged a broader interoperability query — one price logging when you’re constructing on prime of, or competing with, Meta’s ecosystem. Whereas letting customers declare their present Fb and Instagram usernames could minimize down on impersonation, it additionally reveals how simply Meta can sew id collectively throughout its personal apps, whilst customers nonetheless can’t take that id, or their contacts, to a rival platform.
For now, WhatsApp says it’s taking a gradual strategy to the rollout. “We’re taking our time and listening to suggestions in order that when it rolls out later this 12 months we get it proper,” the corporate stated in its FAQ.
Whenever you buy via hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.

