WhatsApp Is Reserving High-Profile Usernames to Curb Scams, But Who Is Curbing WhatsApp?
WhatsApp's new username feature is designed to protect privacy, but a closer look at what the platform collects, shares, and is quietly becoming raises questions the green padlock was never built to answer. The latest feature opens a wider conversation about privacy, data, and trust in the Meta-owned platform.There was a time, well, it is still happening, when end-to-end encryption was WhatsApp's entire personality. You opened the app, and the first thing it told you was that your messages were private, that no one else, not even WhatsApp, could read them.
That promise did a lot of heavy lifting for many users who were introduced to the app for the first time. It is why people moved their sensitive conversations there. It is why journalists, activists, and ordinary people who simply valued privacy trusted it over everything else. The green padlock meant something that could be trusted.
Now WhatsApp has more than three billion users and a feature roadmap that looks increasingly like the platforms it was supposed to be different from. The latest addition- a username system that lets users communicate without sharing phone numbers — is genuinely useful and, on the surface, privacy-forward.
But it also arrives at a moment when serious questions about what WhatsApp actually protects, and what it quietly does not, are more pressing than they have ever been. This is worth slowing down for.
Usernames Are Clever, But The Timing Is Suspicious
The username feature is not a small update. For the first time in WhatsApp's history, users will be able to initiate and receive messages without exchanging phone numbers.
High-profile accounts — public figures, celebrities, verified businesses — will have their handles reserved to prevent impersonation. A four-digit PIN will be required before a stranger can message you through a username.
It is a thoughtful design, and the privacy argument is real: phone numbers, once shared, expose users to SIM-swap attacks, phishing, and unsolicited contact in ways that a username does not.
But look at the pattern: usernames mean that WhatsApp is now in the business of identity, managing, reserving, and verifying who you are on its platform. That is how Facebook started, and that is how Twitter evolved into X. The moment a platform owns your identity, it owns something far more valuable than your messages.
Rajeev Mantri, founder and Managing Director of Navam Capital, was not charitable about it. Writing on X, he called the entire rollout "a colossal data harvesting and data pooling scheme," arguing that Meta's real objective is to nudge users into linking their WhatsApp and Instagram accounts to sharpen ad targeting and drive revenue, playing on consumer FOMO to make the username grab feel urgent. The impersonation risk he flagged was not theoretical.
In its early testing, TechCrunch found that usernames resembling the Indian Prime Minister, Bollywood celebrities, a major telecom brand, and the Reserve Bank of India were all still freely available to claim, suggesting that whatever protection Meta promised for high-profile accounts does not yet cover the problem it created
India's Ministry of Electronics and Information Technology has already sent WhatsApp a formal notice, warning that the feature could "materially increase the incidence of online fraud, phishing, digital arrest scams and impersonation attacks."India is WhatsApp's largest market with over 500 million users. When that government pauses a feature rollout, it is not a small regulatory footnote.
The Encryption Is And Was Never the Whole Story
End-to-end encryption protects message content in transit. What it does not protect is everything around the message, and that is where WhatsApp has always had a different relationship with your data than its marketing suggested.
WhatsApp collects extensive metadata: who you talk to, when, how often, the size of your groups, your IP address, your device fingerprint, your usage patterns. Meredith Whittaker, president of Signal, has already done the work of naming what WhatsApp does not advertise.
In a 2022 interview with security researcher Bruce Schneier, one that received far less attention than it deserved, she drew the line clearly: WhatsApp collects your profile information, your profile photo, who is talking to whom, and who belongs to which group.
Latest Tech News
Decode Africa's Digital Transformation
From Startups to Fintech Hubs - We Cover It All.
None of that is protected by end-to-end encryption. None of it has to be, and all of it sits inside a company owned by Meta, which Whittaker described as holding unspeakable volumes of intimate information about billions of people globally. The metadata, she argued, does not need to read your messages to know everything about you; it already does.
There is more to that. As of 2025, Meta integrated its AI assistant directly into WhatsApp. Your personal chats remain encrypted. Your interactions with the Meta AI bot are not, and Meta's own privacy policy confirms the system uses those conversations to improve its AI models.
In April 2026, two WhatsApp users filed a proposed class action lawsuit in the US District Court for the Northern District of California, alleging that Meta, WhatsApp, and consulting firm Accenture secretly allowed employees and outside contractors to intercept, read, and store private messages, the very communications the company has spent a decade assuring users that "not even WhatsApp" can see.
According to the complaint, a Meta engineer can submit an internal request to access any user's full chat history by supplying a user ID, with approval granted with minimal scrutiny.
Meta spokesperson Andy Stone called the lawsuit "a frivolous work of fiction" and said any claim that WhatsApp messages are not encrypted is "categorically false and absurd." What he did not address is the part that matters most: WhatsApp's source code is proprietary, meaning no independent party can reverse-engineer it to confirm that no backdoor exists.
The public, as the lawsuit itself puts it, can only take Meta's word for it, and for a company that generates virtually all of its revenue from knowing things about people, that word is doing a lot of work.
And then there is the backup problem. If your WhatsApp chats are backed up to Google Drive or iCloud without end-to-end encryption manually enabled, the encryption protecting your messages in transit means nothing. Governments can, and do, bypass WhatsApp entirely and request chat histories from Google or Apple directly, with a warrant. The padlock protects the pipe, but it does not protect the storage.
A Platform Becoming Something Else, Quietly
When Meta acquired WhatsApp in 2014 for $19 billion, early policy promised that user data would remain strictly confidential and entirely free. Subsequent policy updates enabled the sharing of metadata across the corporate ecosystem.
The username feature accelerates this trajectory, linking WhatsApp identity to Instagram and Facebook handles, deepening cross-platform profiling, and moving the app further from the private messenger it was originally built to be.
Think through the progression. Phone number-based communication gave way to business accounts. Business accounts gave way to in-app payments. In-app payments gave way to the AI assistant. The AI assistant gave way to usernames and identity management. Each step is individually defensible.
Collectively, they describe a platform that started as a private messaging tool and is becoming a Meta-integrated communication ecosystem with advertising infrastructure underneath it.
None of this means WhatsApp is unusable or that the encryption is worthless, the Signal Protocol it runs on is mathematically sound, and the message content protection is real for personal chats.
What it means is that the version of WhatsApp people trusted in 2016 and the version rolling out usernames in 2026 are not the same product, even if they share a name and an icon. The green padlock is still there. What it covers might have quietly changed without our notice.
Because WhatsApp did not actually lie about end-to-end encryption, it just never told the whole truth about everything else, and by the time most people noticed the difference, they were already too deep in the ecosystem to leave.
