The hidden downsides of link previews, including privacy intrusion

Sam Richards
Authored by Sam Richards
Posted Friday, November 6, 2020 - 10:15pm

Link previews are standard for most messaging and chat apps nowadays. They give users an idea about the links they’re about to open and make online conversations easier by providing images and brief descriptions associated with the sent file. But according to a recent study, link previews, although convenient, have their share of issues. They can leak sensitive data, drain your battery, consume bandwidth, and compromise end-to-end encrypted links. And what’s even more disturbing is that popular social media platforms Facebook and Instagram have the worst messenger services, in addition to LinkedIn and Line.

We’ve all seen link previews before. You share a video or post with your friends via any messenger or, alternatively, copy-paste the link. The chat application won’t just showcase the URL; it will display a box containing a headline or other text along with an image. To do that, the app you’re using must open the link and see what’s in it, which isn’t always the safest course of action, especially if the link contains malware. Furthermore, link previews force the app to download the file and store it indefinitely on its servers, even sensitive documents like tax returns. Downloading large files results in bandwidth consumption and battery drainage and may ultimately cause the application to crash.

Talal Haj Bakry and Tommy Mysk, the researchers behind the study, tested Facebook Messenger and Instagram and found that both apps download and copy entire link files, even if they’re gigabytes in size. This is concerning because it could gobble up your mobile data, and most importantly, invade your privacy. LinkedIn was guilty of the same practices, with the only difference being that it only copies the first 50 megabytes of the file. As for Line, it can even expose end-to-end encryption by sending the encrypted link to its servers to generate a preview. “We believe that this defeats the purpose of end-to-end encryption, since LINE servers know all about the links that are being sent through the app, and who’s sharing which links to whom,” the researchers wrote in their report.

The best course of action is to disable link previews, thus, preventing chat apps from doing anything with the link unless you click it. Unfortunately, not all applications give you control over link previews. Signal, Threema, TikTok, and WeChat follow this approach, while Instagram and Facebook Messenger don’t allow disabling previews.

Furthermore, several online sources offer tips on how to enhance your online security and privacy. TheVPN.Guru has an extensive selection of VPN reviews and how-to guides, in addition to the latest cybersecurity news.

Share this