Upload Error

[frankgilcrest]

Hi,

I get an error saying that the text file is invalid whenever I upload to your service. I hope I did not get scammed by sending my files :/

[frankgilcrest]

I am becoming paranoid about my submission as the conversation had personal information. What assurances are there that uploads are being deleted and not falling into the hands of bad people?

[frankgilcrest]

If chats are deleted, why are there so many here: http://prabhakargupta.com/projects/whatsapp-reader/conversations/ ????

Are you keeping people's chats? What proof is there that you are deleting them?

http://prabhakargupta.com/projects/whatsapp-reader/inc/function.inc.php Has the code where you delete the files but it is empty according to the above link.

[frankgilcrest]

You are dishonest! You ARE keeping logs of all chats. You better hope that nobody gets extorted out of this because all fingers will point to you!

[prabhakar267]

Hi @frankgilcrest First of all, thanks a lot for pointing out to a big security flaw which was out there and I was not able to recognise it before today.

1. You got the "Invalid text file error" because the regex rules were not able to detect a time pattern your text files or if you would have uploaded a non-WhatsApp text file.
2. I made this project as a source of easily reading my own personal chats so the aim was never to get people's information be it personal or of any sorts. Had it been my intention, I don't I would have open sourced my code for anyone to see it. (I hope this assures you)
3. I saw that few of the chats were not getting deleted automatically. All the chats have been removed from the server and I have rectified the mistake, it was due to some server error, as I verified from my PHP error logs (http://php.net/manual/en/function.error-log.php). No chats are stored on the server
4. The reason for this page (http://prabhakargupta.com/projects/whatsapp-reader/inc/function.inc.php) not showing anything is you cannot see the server side code on your browser. Had this file been actually empty the complete WhatsApp Reader app would have stopped working, including the error logging thing. There are people whom I know use this app and are happily using it.

You call me dishonest, which is a bit harsh on your side. I built this project on my own without asking for any donations or advertisements. I am just a sole developer and I accept there can occur mistakes, that's why I open sourced this project so it could improve overtime. But calling me dishonest is something I don't I can accept. I didn't phish you to upload your chat. You did that willingly, now if you are not satisfied with the service, you can issue your complaint, but calling the developer dishonest, I think you should be apologising. Yet I accept the security flaw and I have corrected it for which I apologise.

[frankgilcrest]

Thank you for replying and I appreciate your hard work. I apologize if I came off as rude. The reason I trusted your service was because you said nothing got stored on the server which was inacccurate; security flaw or not. I am glad you have remedied the breach but it is hard for me to be at ease knowing that someone else may have access to personal information about me and potentially use it against me And ruin my life. This should be a learning lesson for both of us. It's just that I will pay the greatest price.

[frankgilcrest]

I am still confused. How is it that you did not notice that many chat logs in the conversations folder that spanned many years up until now?

[frankgilcrest]

BTW the chat logs are still in the conversations folder. You have just taken away access to it from the public. If you know the name of the log file you can access it. This is further proof that you are keeping chat logs.

I am reporting you for potentially running a scam.

[frankgilcrest]

So now you FINALLY "deleted" the files. You said that you did but all you did was hide the folder. For all people know, you have just saved them elsewhere. Why did you lie?

[prabhakar267]

WhatsApp Reader started off as a personal project and I never anticipated such a humble response. Also, all the files were deleted and no backups were taken. Moreover you might be seeing your file, because of your browser cache.

I would recommend you to setup the app on your local machine and run it accordingly since you don't trust the online version. The whole point of open-sourcing the code was anyone could setup the app on their own machine and run it with 100% safety. The online version is for people who don't want to setup the app on their own or are using it for view some not-so-important chat pieces.

With this, I am closing this issue as I think I have already resolved the issue and if you have any more queries, you can reach out to me via email. Peace!

[frankgilcrest]

There was no caching as I was using my cell phone to check if you had deleted the files. Everything prior to that was on my PC so don't say it was cached data. You simply blocked public access to the folder and kept all the chats in it. There were chats there from a free years ago it seems and I don't believe that it was a "bug." Like I said, you are suspicious and I am reporting this service as a potential extortion setup.