As YetAnotherNick said, logout might be the better word to describe the impact here (plus, a fairly aggressive inactivity deletion period).
I agree with you in principle, but I still don’t understand how else to mitigate this: WhatsApp must get a lot of cases of stolen unprotected phones. The victim can ask their operator to lock the SIM card, but their WhatsApp account would still be out in the open.
With the continuous improvements in mobile OS security defaults, I’d expect this scenario to become less and less of a problem, but it must still be accounted for.
The process still goes through support ticketing, so I’d expect a spike to be noticed and stopped.
Whoops, my comment isn't very clear, sorry. I meant: "but their account would still be active and in the hands of the thief, if there is no way to quickly deactivate it, e.g. before receiving a new SIM card from their operator that would enable you to prove your identity to WhatsApp."
Do you mean how long is account recovery by the SIM/number owner possible, or how long can the phone thief continue using the WhatsApp account if the owner doesn't recover?
Maybe I misunderstood the comment you and parent comment were making. I interpreted it as "they can recover it via SIM, so the lockout method isn't needed".
My point to that is that it is true, but the lockout would prevent a thief from using it until the new SIM is received. Versus a thief having access until the new SIM is received.
I use telegram instead of Whatsapp, but I would hate for anyone to have any time at all on my account. I'd prefer to immediately lock the whole thing down and figure it out once I have everything sorted.
Since when logout comes with a "we'll delete your account if you don't log back in in 30 days"?
This is just an atrocious flow. A better approach would be a "temporary emergency block", and then give the user a week to sort it out, otherwise the account is automatically reinstated.
While 30 days sounds extreme, I’ve got plenty of warnings in the past 25 years from sites which wanted, and did delete my account because I didn’t visit their site in a specified timeframe, like half a year, or a year.
I got one from Discord a few days ago. I didn't check if it was real or phishing, and I didn't check my password manager. I can't remember why I would have created a discord account so I'll let it go. Maybe I was self squatting.
>Imagine an automated form of this where you can just mass deactivate antagonistic accounts
I wish I had this power for other social media sites, such as Twitter and Nextdoor. I'd just mass-deactivate ALL accounts. The world would be better off.
I agree with you in principle, but I still don’t understand how else to mitigate this: WhatsApp must get a lot of cases of stolen unprotected phones. The victim can ask their operator to lock the SIM card, but their WhatsApp account would still be out in the open.
With the continuous improvements in mobile OS security defaults, I’d expect this scenario to become less and less of a problem, but it must still be accounted for.
The process still goes through support ticketing, so I’d expect a spike to be noticed and stopped.