WhatsApp has decided to toughen up.
Not for everyone, not always, but when needed. The decision comes against a backdrop of a now-familiar climate: increasing cyber attacks, espionage that no longer makes headlines but continues to operate under the radar. Under the Meta umbrella, the platform introduces Strict Account Settings, a new mode designed for those who live a little more exposed. Or simply don’t want to take risks.
It’s not a silent revolution, but it’s not a slogan either. It’s a lever.
A single switch that, once activated, changes the app’s behavior. The promise is simple and a little awkward: less convenience, more protection.
There’s not much to romanticize, but maybe that’s the point.
The idea didn’t arise in a vacuum. WhatsApp openly looks to Apple’s Lockdown Mode, the one introduced for journalists, activists, and people under constant pressure. It’s more or less the same spirit. A system that doesn’t seek to be elegant, but robust. A bit like wearing a helmet even when you’re not running.
With a single gesture, the user accepts a series of limitations. Not all of them intuitive, not all of them painless. But they are consistent. The logic is to reduce the attack surface, even if no one says so, and perhaps it’s better.
The global launch is expected in the coming weeks . And yes, the experience becomes more rigid. Less fluid. At times annoying. But it’s a conscious choice. WhatsApp makes it clear: it’s not designed for the average user. Those who use the app for voice messages and family groups can continue as before, without feeling guilty.
Here we’re talking about a different risk category. A different use, or a different threat. Security, in this case, also involves taking away rather than adding.
The first pillar is brutal in its simplicity : no attachments from unrecognized contacts. Images, videos, and documents are automatically blocked. It’s the most common channel for malware, and so it’s closed.
End.
Then there are the links.
No previews, no thumbnails, no automatically generated titles. Both incoming and outgoing. A seemingly small concession, but it’s not. It prevents the simple rendering of a URL from revealing information or triggering vulnerabilities. It’s one of those things you can’t see, but it matters.
There’s also silence. Calls from unknown numbers are blocked by default . Not just to avoid annoyance or harassment, but for something more subtle. Zero-click exploits, those that require no interaction, often come from there. From the calling protocols. It’s better not to let them in at all.
It’s a measure that changes habits, certainly. But it’s also a clear line. Anyone not in the address book is left out. At least while the feature is active.
WhatsApp is keen to point out that for the vast majority of users, end-to-end encryption remains more than sufficient. A fortress, they call it. And indeed, for everyday use, it is. No one is encouraged to live in permanent emergency mode.
This feature exists for those who need something more. Or for those who know they’re being targeted. It’s not a medal, it’s not a status symbol. It’s a tool, and like all tools, it should be used only when necessary.
Behind all this lies a specific, though not new, threat. Extremely complex cyber attacks, as WhatsApp calls them. Specifically, Pegasus , the spyware developed by NSO Group, is known for targeting specific individuals in a targeted, silent manner.
The introduction of Strict Account Settings follows a path already established: Apple in 2022, Android with similar initiatives. It’s not a rush, perhaps. More of an adjustment. The recognition, belated or not, that some people need more protection. Even if that means messaging in a slightly less welcoming environment.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
