WhatsApp unveils lockdown mode for high-risk users
WhatsApp has introduced a new "Strict Account Settings" mode that locks accounts into more restrictive privacy and security options for people at higher risk of targeted cyber attacks.
The feature adds what WhatsApp describes as a lockdown-style setting. The company said it designed the setting for a small number of users who may face "rare but sophisticated cyber attacks", including journalists and public figures.
WhatsApp said its personal messages and calls already use end-to-end encryption by default. It said the new option adds further account and privacy controls for those who choose to switch it on.
Lockdown controls
WhatsApp said the setting changes how the app behaves by restricting certain interactions and limiting some features. The company said the option can be enabled within the app under Settings, then Privacy, then Advanced.
WhatsApp said Strict Account Settings will automatically block attachments and media from unknown senders. It said the setting also silences calls from people a user does not know. WhatsApp said the feature also "restricts other settings that may limit how the app works".
The company said it plans a rollout in the coming weeks.
Account protection
WhatsApp said Strict Account Settings switches on two-step verification. It also turns on security notifications and locks them on. The company said it encourages end-to-end encrypted backups for users who already have backups enabled.
Those steps sit alongside other changes to reduce contact from unknown accounts. WhatsApp said the setting turns on blocking of high volumes of messages from unknown accounts.
Messaging limits
WhatsApp said the setting turns off link previews. Link previews can fetch information from a website when a user sends or receives a URL, which can expand the information displayed in a chat. The company did not detail the threat scenarios it had in mind for that specific change.
WhatsApp said chats with people outside a user's contacts will have limitations when the setting is enabled. It framed that as a trade-off between functionality and risk reduction.
Presence settings
Strict Account Settings also locks down profile and presence options, according to WhatsApp. The company said a user's Last seen and online status, Profile photo, About details, and links on their profile become restricted.
WhatsApp said these items are locked to contacts only or to a pre-established, more selective list of people. The company did not describe how that list is created, beyond suggesting it would rely on settings a user has already chosen.
Group controls
WhatsApp said the setting changes who can add a user to groups. It said only known contacts or a pre-established, more selective list of people will be able to add the user to groups.
Group adds have been a persistent vector for spam and unwanted contact on messaging platforms. WhatsApp already offers controls for group invitations. The new mode places additional restrictions under a single switch, based on the company's description.
Who it targets
WhatsApp positioned the feature as an advanced option for a small audience. It said most people are not targeted by sophisticated cyber campaigns and should only use Strict Account Settings if they believe they face that type of threat.
The company linked the use case to "highly sophisticated cyber attacks" and said journalists and public figures may find it particularly relevant. WhatsApp did not cite specific recent incidents in its announcement.
How it works
WhatsApp said users cannot turn Strict Account Settings on or off from WhatsApp Web. It said users must use their primary device to change the setting.
The company described the feature as optional. It said enabling it reduces vulnerability by limiting functionality and locking an account to more private settings.
WhatsApp said the rollout will continue in the coming weeks as the setting becomes available to more users.