Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background.
“Links shared in chats may contain private information intended only for the recipients,” researchers Talal Haj Bakry and Tommy Mysk said.
“This could be bills, contracts, medical records, or anything that may be confidential.”
“Apps that rely on servers to generate link previews may be violating the privacy of their users by sending links shared in a private chat to their servers.”
Generating Link Previews at the Sender/Receiver Side
Link previews are a common feature in most chat apps, making it easy to display a visual preview and a brief description of the shared link.
Although apps like Signal and Wire give users the option to turn on/off link previews, a few others like Threema, TikTok, and WeChat don’t generate a link preview at all.
The apps that do generate the previews do so either at the sender’s end or the recipient’s end or using an external server that’s then…