WhatsApp this week started rolling out username reservations ahead of the broader launch planned later this year. The feature, which lets people find and message each other by handle instead of phone number, is already raising impersonation concerns and drawing scrutiny from security experts and regulators in India, the app's largest market with over 500 million users.
How usernames change WhatsApp's privacy dynamics
The rollout marks a shift in how people identify one another on WhatsApp. Instead of relying on phone numbers as the primary identifier, users will increasingly interact through platform-managed usernames. Meta says this improves privacy by reducing phone number sharing, but critics argue it creates new opportunities for impersonation of public figures, institutions, and businesses.
Test reveals sensitive usernames still up for grabs
In early testing, TechCrunch found usernames resembling prominent Indian politicians, celebrities, and institutions still available. Names like indiamodi, shahrukh.actor, teamamitabh, ambanijio, and rbi_verify could be reserved by anyone. Binance founder Changpeng Zhao complained on X that he could not get cz_binance, the handle he uses elsewhere. Meta said it reserves usernames for public figures and government entities but did not clarify how it decides which variations to protect.
Sponsored Protocol
Indian ministry intervenes with formal notice
The concerns have reached India's Ministry of Electronics and Information Technology (MeitY), which sent a notice to WhatsApp stating the feature could materially increase online fraud, phishing, digital arrest scams, and impersonation attacks. The ministry directed WhatsApp not to roll out the feature until consultations are completed, threatening regulatory action. A senior government official confirmed ongoing engagement with the company.
Sponsored Protocol
Digital rights groups push back
The Internet Freedom Foundation (IFF) criticized the notice as lacking a clear legal basis and risking executive overreach. IFF argued that impersonation risks should be addressed through criminal law enforcement, not by blocking product features. The debate echoes a Delhi High Court ruling on Telegram, which noted that usernames can conceal user identity and facilitate illicit content spread.
Security experts weigh privacy gains against risks
Rachel Tobac, CEO of SocialProof Security, sees usernames as a net privacy gain because they reduce phone number sharing, which can lead to SIM-swap attacks and phishing. However, she warned that lookalike usernames still enable impersonation. Her advice: choose a hard-to-guess username to reduce attack surface. Mozilla Foundation highlighted tradeoffs, noting that while usernames may increase scams, phone number verification remains a useful tool.
Sponsored Protocol
Gradual rollout and cross-platform integration
WhatsApp says it is taking a gradual approach, listening to feedback. The feature also allows linking Facebook and Instagram accounts to maintain consistent identity across Meta's platforms. As reported in a related article on Anthropic restoring access to Claude Fable 5, tech companies globally face regulatory hurdles. The messaging evolution demands careful balancing of privacy and security, as the WhatsApp case shows. For more background, see the Wikipedia page on WhatsApp.
Source: https://techcrunch.com/2026/07/01/whatsapp-usernames-are-already-raising-impersonation-red-flags