Using WhatsApp Web Is Now Safer With The Presence Of This Feature

WhatsApp now offers an official browser extension. (photo: doc. unsplash)

JAKARTA - Users who frequently use WhatsApp Web no longer need to worry about security. This is thanks to the presence of a browser extension that can verify the authenticity of the website being used.

WhatsApp on the Web is an easy way to access the messaging service via desktop, without the hassle of installing an app. However, there is always a risk of malicious actors trying to deceive users.

To combat this, WhatsApp now offers an official browser extension that verifies if users are using the original web version, or if they are on a corrupted page that can steal data and install malware.

The process of using this browser extension-based security system is easy. Just open the Chrome web store and search for Code Verify, hit the blue Add to Chrome button, and then it's ready to go.

According to Meta as WhatsApp's parent company, Code Verify only works on Chrome, Edge, and Mozilla Firefox, but a customized version for Safari is also under development.

Once the browser extension is installed and pinned to the toolbar, it will start doing its code verification work automatically whenever the user visits the WhatsApp Web page.

Code Verify also serves to notify users of activity status, along with a color coded indicator system. A green icon means everything is fine and there is no security risk.

If the Code Verify icon shows an orange circle with a question mark, it is a sign that the network request has timed out. An orange warning means the network connection may be stable or something is interfering with the verification process. To fix this, try reloading the page, changing the Wi-Fi network, or pausing another browser extension.

Meanwhile, a red indicator with an exclamation point is a sign that the source code cannot be verified, and it is a security risk. Users need to disable other extensions and reload WhatsApp Web page to see if the warning signs are gone.

In addition, Meta ensures that the Code Verify extension does not interfere with privacy aspects. The tool will not log any activity data, collect metadata, or access any user information on its own. More importantly, the extension does not allow anyone to peek at the messages because they are end-to-end encrypted, just like in the mobile app.

Created in collaboration with Cloudflare, Code Verify relies on a security feature called sub-resource integrity that checks resources across web pages. At the heart of the browser is the hash-matching system, which is also the backbone of Apple's iCloud photo scanning system for CSAM detection.

"Every time the code for WhatsApp Web is updated, the truth source and cryptographic hash extension will also be updated automatically," said Meta.

The idea is to automate the hash matching process, and then deploy it at scale to hundreds of millions of WhatsApp users. This is quoted from Digital Trends, Monday, March 14.