Link previews: How sharing links on social apps can turn into a security risk

Nwachukwu Glory  - Tech Expert
Last updated: November 15, 2023
link previews security risk
  • Link previews in chat applications can cause security threats if done in the wrong manner.
  • Users could expose their IP addresses and other private data to malware attacks, said researchers.
  • Popular apps like Facebook Messenger, WhatsApp, WeChat, Instagram, and others are part of this vulnerable ecosystem.

In the modern-day, where we have luxuries such as the internet, it also brings many vulnerabilities. People in large numbers use social apps to communicate for personal, business, and other matters.

To much extent, we have compromised our privacy for the sake of using online services to benefit us. Well, it’s not even balanced at all; privacy matters much more than anything else. The online mafia is everywhere, and you can’t hide from the prying eyes. But, by taking sensible measures and being precautious, you can avoid being played at the hands of attackers.

Recently, a group of two researchers revealed another rising privacy concern. Talal Haj Bakry and Tommy Mysk explained how link previews on messaging apps could leak your data.

Those who use chat apps must have gone through the link previews. When you send someone a link via a chat app, the app shows you a preview of what that link contains. Whether it’s a picture, document, or video, you’ll see a brief description along with the image preview—which summarizes what’s inside the link. This happens without tapping on the link.

SEE ALSO: Best secure messaging apps

Now, this isn’t that simple. Things gamble in-between this process, and there are different ways how an application shows you a link preview. There is a mechanism for how a link converts into a preview. This means that the app automatically tracks the link or uses a third party for “link preview” conversion.

The primary mechanism is HTML programming language tags or ad hoc meta tags, through which the app collects the information. If anything goes wrong, or the link is malware, your personal data and IP address would be in the wrong hands.  

There are three ways through which an automated link preview is created. The researchers elaborated that how each way is used and can be harmful.

In the first method, the sender itself generates the preview. Next, the app downloads the link data and turns it into a preview. This means that the sender directly converts the URL into link preview, so potentially there is not much risk at all as the link preview would brief you on what’s inside.

The second method is creating link preview via a third-party server. The app forwards the link data to an external server asking to convert it into a preview. After completion, the server sends back the link preview to both sender and receiver.  

Whereas, in the third method, the receiving app creates the preview. This is quite harmful. Whenever the receiving app gets the link, it would automatically create the preview. For this, the app connects to the server that the link guides to. This means that your app forwards your IP address as part of the GET request. This happens without the user opening the link.

For instance, Facebook Messenger uses server-side link previews—the second method. The researcher told Forbes’ cybersecurity expert that Messenger’s way to link preview could be a security ordeal. Facebook’s messenger doesn’t provide link previews in secret conversations, which are end-to-end encrypted—instead of in regular chats, where all the risk lies.

In this method, we do not know how much information the third-party server collects or for how long that data stays on the external server, said the researchers. 

The researchers also highlighted that chats’ links might contain intense private data only meant for the recipients. This could be anything such as medical records, contracts, official documents, research papers, or any confidential information, which leaves a severe security threat.

While in the third method, if you were to open the link, it’s okay. But, if in case you were not to open the link, it would still have your information leaked. This could leave you vulnerable in case of a malware link.

You can stay safe from link preview threats by using a tool like a virtual private network (VPN), that would hide your IP address and location online. Using VPNs is the best quick privacy safety measure to take today, whether it’s the link preview threat or any other.

Another recommendation to strengthen your security against such threats is to use a quality antivirus.

You might also want to compare VPN with antivirus to see how they both boast distinctive functions that can help you stay secure. Keep in mind that a little ignorance can make you fall victim to link preview threats.

For now, there is nothing more you can do unless the developers work on this and provide a much more secure network. The security threats are there—in one way or another. So, the possible way to prevent yourself from harm’s way is to practice the best security measure.

Share this article

About the Author

Nwachukwu Glory

Nwachukwu Glory

Tech Expert

Nwachukwu Glory is a writer, blogger, and tech nerd. She loves trying new gadgets that make life more fun ( and easier). Glory is passionate about digital security and privacy alongside browsing the World Wide Web without any limitations.

More from Nwachukwu Glory


No comments.