==========

Journee is a technology startup founded in 2020. Our in-house low-latency streaming technology and GPU fleet orchestration systems are the engines behind our award-winning work with brands such as BMW, H&M, and Siemens.

We are now building and launching Ojin (https://ojin.ai/), a real-time generative AI platform for developers. Ojin provides the APIs and inference infrastructure for developers to build and scale interactive applications and AI agents. For this new venture, we are building a small, ambitious team of highly talented individuals and are hiring for the following position:

* Senior Product Engineer

* VP of Technology

Our tech stack: TypeScript, React, Python, PostgreSQL, WebRTC, AWS, Infrastructure as Code, Unreal Engine

Apply here: https://job-boards.eu.greenhouse.io/journee

Comments URL: https://news.ycombinator.com/item?id=42392362

Points: 2

# Comments: 0

> "[They] placed too much weight on the introspections that they generated at that moment in time, and thus lost sight of their more enduring attitudes.” [1]

The quote refers to this study [2] in which subjects had to chose a poster to take home. The group who was instructed to think about their reasons for their initial choice, and had the option to change it, were less satisfied with it three weeks later. As the abstract says:

> When people think about reasons, they appear to focus on attributes of the stimulus that are easy to verbalize and seem like plausible reasons but may not be important causes of their initial evaluations.

This suggests that satisfaction is more correlated with initial gut feeling than reasoning, at least for aesthetic choices, but I think in many other cases as well.

[1] https://sci-hub.st/10.1016/S0065-2601(08)00401-2

[2] https://journals.sagepub.com/doi/abs/10.1177/014616729319301...

Individualkex also has a couple videos on the high level ideas: https://youtu.be/GQXDjzNWuPc?si=zlAN7dO9STGATKad

With your suggested approach, the attacker is free to use the account to impersonate the victim until they get a new SIM card, which could easily take days or weeks.

This seems like a degredation compared to the current abuse potential which is mostly limited to logging you out.

On top of that, if a specific account is targeted at the rate-limit, a flag could be put in place to let support disable the automation for that account.

I agree with you in principle, but I still don’t understand how else to mitigate this: WhatsApp must get a lot of cases of stolen unprotected phones. The victim can ask their operator to lock the SIM card, but their WhatsApp account would still be out in the open.

With the continuous improvements in mobile OS security defaults, I’d expect this scenario to become less and less of a problem, but it must still be accounted for.

The process still goes through support ticketing, so I’d expect a spike to be noticed and stopped.

- The inconvenience to the deactivated account is minor: one SMS verification code and the account is back, queued messages get received, etc.

- Persons who lost their phones probably don't have a good fast way of proving their identity, as their identity is tied to their phone number in WhatsApp's model.

- Needing to quickly lock out spammers, thiefs or hackers is probably far more frequent than abuse of this feature.

- If abuse of this feature becomes a recurring problem, I'd expect WhatsApp to react and adjust the flow to place more burden on its user.

The auto-delete part is slightly more worrying, but if you don't use WhatsApp during 30 days, your account and group membership probably isn't very precious. Backups are automated and separate. You can still easily re-create an account with the same number then.

The story might be "Apps should stop using SMS and phones numbers as the source of identity", and while I generally agree, most comments don't seem to be about this and WhatsApp is maybe _the_ one app whose success was based on this very idea.