These days they are spreading guides that theoretically allow find out the location of a person through whatsapp without that person sharing it and without them knowing that you have found it out.
The method, theoretically applicable if both ends use the WhatsApp web client on Windows, makes use of the ‘netstat’ command with which the other person’s IP would be detected. However, what we get It is not the IP address of that person, but of one of the Facebook data centers through which that conversation is managed.
The method captures IPs, but not from people, but from data centers
WhatsApp long allowed location sharing, whether it is on a one-off basis or even if we want to share that location in real time so that other people can know where we are at all times.
This monitoring is enabled by the person interested in us knowing their location, but depending on the text that is being shared on the internet, it is possible to know the location of our interlocutor without him having shared it and, furthermore, without his knowing that we are getting that information.
The method explains that both users must be chatting on WhatsApp through the web client and under Windows. That theoretically makes Windows record the IP address with which we are chatting.
To be able to consult that IP, it is necessary to open the Windows command console and run the command “netstat -an”, which causes active connections to the source and destination IP addresses to be displayed. The IP of our interlocutor would appear among them, although the guides do not specify how to detect which one corresponds to the WhatsApp conversation.
In Xataka we have carried out several tests in which we have tried to follow the process, but without any success. After deactivating as far as possible all the services that could maintain an internet connection (Dropbox, OneDrive, and of course keeping only the WhatsApp Web tab open in the browser) we checked the list of IPs shown in ‘netstat’, but there was no sign that one of them belonged to the WhatsApp conversation.
Even so, after checking the possible IPs, information about the location of our interlocutor did not appear in any case. To verify it is possible enter those IP addresses into a locator like this and check that destination with location and coordinates.
As we said, none of the tested IPs had information about a location close to the location of our test partners. What appeared?
So what we expected: IP addresses belonging to data centers and servers of large corporations. The same ones that offer internet services and those large infrastructures in the cloud that we usually take advantage of in our computer sessions, and that correspond to Google, Amazon, Microsoft, or, of course, Facebook data centers.
Precisely one of the open connections pointed to a Facebook data center located —according to the IP address locator— in the Plaza de la Lealtad, in Madrid. That’s all we could find out from our connections, but one of our interlocutors was in Córdoba, for example.
Even in this case we ask our partner provide us with your real public IP address (the one assigned to us by our broadband provider), something easy to find out with services such as Whatismyip.com. When entering that IP in the IP locator, a somewhat more approximate location was shown, but it was not even remotely precise: was about 3 km from his actual location, and that having the exact data of the IP that our partner had shared with us.
WhatsApp and its “store and forward” mechanism
At Xataka we contacted two security experts to validate these discoveries. So much Roman Ramirez (@patowc), cybersecurity expert and creator of the conversations Rooted CON, What Paul Saint Emeterio (@psaneme), cybersecurity expert and co-director of Cyberfterwork, confirmed that achieving something like this is not feasible with the current operation of WhatsApp.
Although theoretically it might be possible to do something like this Due to the P2P nature of WhatsApp messaging, the system used by this company is not strictly “end-to-end”, since it ends up using an intermediate server.
on whatsapp use is made of a “store and forward” mechanism in which when a user sends a message, this is first sent to a WhatsApp server where it is stored.
The server forwards that message to the receiver and repeatedly asks him to confirm receipt, after which the message is removed from the server database. Only if the message has not been forwarded it keeps on the server for 30 days.
So what we see in the list of addresses displayed by the ‘netstat’ command is the intermediate server that stores and forwards the message, but we do not see the real and final destination of that shipment, which is the IP address of our interlocutor.
All this makes it clear that being able to detect the location of a user on WhatsApp without that user voluntarily sharing it with the mechanisms offered by the application it’s not possible.