WebWhatsApp?

[shirioko]

Dear users and contributors,

today I received a spam message from some random number: __GrammarNaziNote: it's spelled "Sent by", dipshits*

When I visited the website I was stunned. Some idiots figured that it would be a GREAT idea to allow people to send anonymous messages to any WhatsApp user in the world. No registration. No traces.

They also decided to monetize the thing by providing an API and basically base their business model on an exploit of a free service.

They did not specify whether or not they are using WhatsApi or any other Api on GitHub.

I already had conflicted feeling when syncing the BroadcastMessage() method into my repository last night, knowing that it would extend functionality for most users, but would also create new opportunities for spammers.

For now, I've decided to continue development based off of the DLL files I extracted, but to keep all changes local until I've decided how to go about this.

Thank you for your understanding, Max

[ramonv]

website and the service is around for a while, we tried to contact them a few weeks ago to see what kinda api they use and if we could buy it. But haven't heard a thing.

[jonnywilliamson]

@shirioko Grrrr. Why do the few always spoil it.

Think your decision is the right way to go for next while.

[shirioko]

their whole website is a fucking joke, like any of that will ever happen:

Q: How many messages can I send? A: Feel free to use our service in a decent and normal way (fair use).

Q: What happens if I abuse your service? A: We hold you responsable for anything that harms our business. So most likely you will meet one of our lawyers.

Q: Can I use WebWhatsApp to automatically spam people? A: Don't do that! We do not promote spam, we love WhatsApp!

[kingofcracking]

DOS attack NOW !!!!!!!!!!!

[kingofcracking]

hahah no joking but what they are doing is really unfair and I'm sure they used one of github's api!

[kingofcracking]

best website for spammers... fu**

[kingofcracking]

but u have to admit that the website features are nice :p

[kingofcracking]

Hahahah "We love Whatsapp!" it seems u don't

[jonnywilliamson]

@kingofcracking

Any chance you could put all your lines into one comment next time please. No need to reply just to say yes.

[kingofcracking]

Ok sry bro :p

[shirioko]

[kingofcracking]

[WebWhatsApp]

Interesting dicussion...

Who is really helping spammers?

1) The people distributing source code, so that anyone who is able to write a for loop can do a spamrun. 2) WebWhatsApp.com that offers a service to people that is closely monitored for spam abuse

WebWhatsApp code is for at least 80% on preventing abuse from spammers. How about this website? How does WhatsApi prevent their code being used by spammers? Everything needed is already posted and documented. No need to add anything anymore.

I personally think that spam is not caused by any kind of service (neither WhatsApi, nor WebWhatsApp) but by people. Like: "Guns don't kill people".

Anyhow, WebWhatsApp services costs money, depending on the volume. So spammers are not interested at all. It's a hell of a lott cheaper to spam by e-mail.

WebWhatsApp was build on own code. Good to know that! Do you really think that what you guys are doing, nobody else can do? Because WhatsApi may become a competitor to WebWhatsApp in the future (when you guys get it all working perfectly), we are monitoring these channels. So far we are happy that it is not working very well, and hey, you maybe better stop posting updates indeed.

Final thing: It's extremely easy for a WhatsApp receiver to ban a number. So spamming on WhatsApp is not an issue untill soneone finds a way to spoof phonenumbers from the sender.

[brittson]

Challenge Accepted :D @WebWhatsApp , @shirioko they think they are better than us ...

[kingofcracking]

LOL

[kingofcracking]

i have a question to @WebWhatsApp :P... how did u find this issue? ;)

[kingofcracking]

hahahha joking

[jonnywilliamson]

@kingofcracking Stop being an idiot.

@WebWhatsApp Welcome. It's good to see a "human" behind the website. Do you not feel that as it stands your site is fairly open to abuse? It's good to know that you have at least stated that you're monitoring it. More than some of the other idiots who have been on this project over the past while.

Have you any interest, or could you be persuaded to add anything to this project that doesn't run directly as a competitor to your own "business".

[shirioko]

Guns don't kill people, but it gets a lot easier to if you put a gun in someone's hand rather than having him find one. "Closely monitored for abuse" Yeah that's a good one. You don't have any form of user identification other than their IP addresses, and your message page is a simple POST form. So which one is easier to exploit?

• An API where the user needs to provide his own WhatsApp credentials, his own server (revealing his IP to WhatsApp) and his own application to implement WhatsApi
• Or an insecure HTML form which can easily and anonymously be exploited using a basic REST or CURL

@brittson they are a long way from being better than us, with features like media sending, number checking and message broadcasts. They're mentioning that they have image sending capabilities, but I guess they removed it when it broke after the last WhatsApp update?

[shirioko]

Just to be clear: I am not bashing on your company, I'm just concerned that the only thing between WhatsApp and a random user is your public HTTP form. If you required users to register an account and log in before sending a message you would have a far greater measure of control over it.

[WebWhatsApp]

Great amount of reactions and very quick. It seems to be a hot topic.

I am not going to contribute to a flamewar on who is better and why. I don't see it as a competition either. I respond merely because it was said that WebWhatsApp promotes spam. The truth is that we fight spam and put a lott of time in that.

If 'easiest to abuse' is a subject then we first need to agree on the skills of a spammer.... A really do not agree with shirioko's arguments. In my opinion spammers know how to php. IP adres known to WhatsApp or known to WebWhatsApp makes no difference. User credentials?? I guess you are all using unregistred sim cards, right? Also login accounts with fake names and disposable email adresses to not make much of a diference.

I think we can agree that in both cases, a potential spammer needs some technical skills. okay?

To compare it with the 'availability of guns'. We are selling guns with a license that we can withdraw at any moment whereas WhatsApi is giving the guns away to anybody without any registration.... But even real guns nowadays can be printed at home...

We don't believe in security on the client side. So a simple POST form is good enough. Anything else is security by obscurity. Any kind of security on the client side can be exploited. I am not going to talk about details on our system. A captcha is still a debate but so far it is working fairly good without.

I think its important to understand that we are focussing on (decent) companies that want customer interaction through whatsapp. The anonymous web interface is just a demonstrator. We can turn it off at any moment if we want to.

@kingofcracking, we are monitoring several projects, just to see what is available to the general public.

@jonnywilliamson, I have been thinking about that. Maybe in the future. It depends on some things. I see both risks as opportunities in it.

To conclude with a one liner: We all seem to have the same hobby.... ;-)

[kingofcracking]

@jonnywilliamson who told joking was stupid?:p "A joke is a very serious thing"(Churchill)

@WebWhatsApp If i want to be serious I liked ur service and if u need help I can join ur project ... Btw shirioko is right u should do a login system

@shirioko I understand ur point of view but anw u can block webwhatsapp number so it isnt valuable for spammers...

[shirioko]

@WebWhatsApp Thanks for clearing that up. Yep I know who that is :)

[jonnywilliamson]

@kingofcracking

"The difference between stupidity and genius is that genius has its limits." Albert Einstein

[kingofcracking]

Ok lets stop this comment war that you started :p

[kingk110]

@WebWhatsApp it's not working!!! and how i can download the zip file that contain the php files that you mentioned in ur website??