Meta’s Data: Meta’s WhatsApp Fix for View Once and its Impact on Metadata

This analysis examines a privacy vulnerability in WhatsApp's "View Once" media feature that allowed modified Web clients or browser extensions to bypass view-once protections; it documents the discovery, proof-of-concept exploitation (including public extensions with ~10k users), the server-side remediation rolled out by Meta in mid-November 2024, and the resulting privacy trade-off of increased unencrypted metadata exposure to WhatsApp servers.