What's up with WhatsApp’s cyberstalking problem?

Security attack
(Image credit: Shutterstock / ozrimoz)

Cyberstalking is the specific use of electronics (usually the internet) to control, track, and spy on another person, group of people or even companies. Whilst it may seem like a relatively recent phenomenon the term can be traced back to the nineties. Cyberstalking is hugely prevalent, with a study in the United States from 2009 showing that one in four stalking victims had also been cyberstalked as well. 

Increase in online presence 

For many of us, social media is a way to keep up to date with family and friends. And as time goes on social media usage continues to rise. From stalwarts such as Facebook and Twitter to newer players such as TikTok and Snapchat. All of these avenues mean an increase in the average digital footprint for each of us -  a veritable goldmine for a Whatsapp cyberstalker. For those not as well versed in the privacy tools available from many social media platforms, they leave themselves open to outsiders consuming and gleaning information from them. Thankfully, many platforms are now moving to a more “opt-in” approach to sharing social media profiles publicly.

The Covid-19 pandemic has also led to a rise in cyberstalking, at least in the UK. According to numerous police forces throughout the country, there had been a near doubling in stalking reports during the first lockdown in 2020 in the country. Social media isn’t the only place where we communicate with people online. Messengers are hugely popular as well. The Likes of Whatsapp for example, is used by 2 billion people every month according to Statista. And whilst Whatsapp likes to boast about its end-to-end encryption, it has several fundamental issues that make it an awful choice as a messenger when it comes to privacy - perhaps a VPN might be a better choice?

Facebook (who own WhatsApp) has been pushing its tendrils deeper and deeper into Whatsapp in an attempt to squeeze as much money as possible from it. And come the 15th of May, Whatsapp will be able to share your usage data with Facebook companies and some other third parties. Much of this data isn’t going to be visible to your average Whatsapp cyberstalker but what is currently being abused is the presence system. Using Whatsapp, if you are actively interfacing with the app, you will show it as “online” to the whole world. There is no way to disable this or change visibility settings. The extent of control you get over this is the ability to restrict “Last Seen” times being visible to nobody. The former is set in stone.

Cyberstalking tools 

A cyberstalker wants to keep tabs on everything their victim is doing. And being able to know when they are online, thanks to Whatsapp, is a very simple and easy way to do this. By using specialized tools, a cyberstalker can learn so much just from a couple of telephone numbers and this Whatsapp presence indicator. There are Whatsapp tools available that can look at two different numbers and cross-reference them. Finally, it will calculate the possibility that these two Whatsapp users have been communicating with one another. This sort of tool is aimed more towards an individual that is perhaps cyberstalking their partner due to suspected infidelity. But these services are numerous and simple to use for just about anyone. Traditional stalkerware normally needs to be installed on the target’s device physically. However, with these tools, you can obtain this information from your web browser.

The marketing for these cyberstalking services often tries to maintain a friendly guise. You will find that the vast majority are for keeping tabs on your kid. Giving you access to all of the most popular messaging and social media available on the device. Taking a look at reviews will often show many of the users’ real intent. Some (often bots) are even leaving tips to other spying services in reviews on places like Trustpilot. Whilst it is understandable that parents might want to track their kids’ whereabouts and activities, it is inevitable that these apps be used for cyberstalking. And for many of these spying tools, the marketing is simply a way to cover their backs. It’s pretty clear the audience many of these tools are aiming for.


Whatsapp’s online status is there for everyone to see - there isn’t a whole lot you can do to protect yourself if you regularly use Whatsapp. As mentioned, you can make sure that no one can see your “Last Seen”, but your Online status is there for everyone to see. If a cyberstalker was to use one of the services that track this status, there isn’t much you can do apart from changing your number (inconvenient) or trying a “privacy friendly” messenger such as Signal (a free and open-source messenger with a heavy focus on privacy).

When it comes to the more invasive stalkerware that sits on your phone and tracks your every move, you must keep your device as secure as possible. Nowadays, phones come with many different authentication methods to keep your device locked. Biometric options are fantastic. Fingerprint scanners are probably the most common on phones, and you should make use of it when possible. Facial recognition (such as that found on Apple devices with FaceID) is also a good option. Though not all facial recognition technology is created equal, so be cautious depending on your device. It may be worth looking into your specific model to see how reliable it is. Ideally, you set both a biometric authentication method and a passcode, pin, or pattern. It isn’t convenient, but a combination of these two methods will significantly improve your device security

Create a complex password - at least 12 characters with a mixture of upper- and lower-case letters, numbers, and special characters. A password manager is a good idea, you can even host your own with something like Bitwarden. LastPass is another popular option. These will often even suggest complex passwords for you and keep everything easy for you. In addition to a good password, is Two-factor authentication (2FA). Where possible, make sure it is enabled. 

Even more secure is using a security key. This is a physical device that is usually plugged in via USB or works via Bluetooth/NFC and much like a 2FA code, needs to be present before you can log in. It could be possible that a cyberstalker is tracking you via your public IP address.  By using a VPN, you can help hide your public IP address making it nigh on impossible to track you this way thanks to heavy encryption and a change of IP address.

Whatsapp needs to do more to protect its users. If you haven’t reviewed your device security in a while or are one of those that just use a simple pin or pattern, it’s time to fix this. Enable biometric security along with a secure pin or pattern to make sure nobody can get into your device. It’s always good as well to keep your device in sight and not lend it to anybody you don’t trust.

Sebastian Schaub, CEO, hide.me VPN

Sebastian Schaub

Sebastian is the founder of hide.me VPN and he has been working in the internet security industry for over a decade. He started hide.me VPN to make internet security and privacy accessible to everybody.