WhatsApp Usernames
WhatsApp Usernames Feature Could Break India's Fraud Investigation System, Warns Expert (Image credit: AI-generated) WhatsApp is one of the most popular messaging platforms in India with more than 500 million users. The Meta-owned platform is preparing to roll out its Username feature, which allows users to connect without sharing their mobile numbers. While many have already started applying to reserve their favourite usernames in advance, it is raising concerns that scammers may create similar-looking usernames to impersonate celebrities, public figures, banks, brands and government agencies. Reportedly, the government has also issued a notice to Meta over the feature in India. According to digital rights body Internet Freedom Foundation (IFF), the Ministry of Electronics and Information Technology (MeitY) has issued a notice to Meta over the feature to explain, within three days, why regulatory action should not be taken against it "for launching a feature that may increase cybercrimes." IFF has questioned the legal basis of the government's move, arguing that no law allows the executive to decide which product features a company can launch. We at Times Now Tech spoke to technology lawyer Shweta Bansal to understand how the feature may impact the users and whether it could pose any challenges for the law enforcement agencies to investigate digital scams. According to the tech lawyer, the public discussion has largely been focused on fake usernames and impersonation, but she believes the bigger concern is how the feature may affect India’s cybercrime investigation system. She stressed, “The public debate around WhatsApp usernames is fixated on impersonation, fake 'awarikoo' accounts soliciting money. That concern is real but solvable. The deeper architectural problem is what this feature does to India's existing fraud investigation chain, and that problem is far more serious.” Bansal explains that India’s existing digital fraud investigation process starts with a victim reporting the scammer’s phone number. Authorities then trace the telecom subscriber, verify KYC records and identify the individual before registering an FR and taking legal action. She said, “India's entire digital fraud infrastructure works like this: victim reports a number ? police trace the telecom subscriber ? KYC documents yield a physical identity ? FIR and arrest follow. Usernames break Step One. When a victim receives a scam message from "@sbibank_official," there is no phone number to report. The TRAI complaint system, cybercrime.gov.in, and every police FIR template in India are built around phone numbers, not alphanumeric strings. The investigation infrastructure collapses before it begins.” Bansal noted that India already has legal provisions to deal with identity theft and online cheating. However, she asserted that these laws become difficult to enforce if investigators cannot identify the person operating a username. “The law already creates the offences clearly. Section 66C and 66D of the IT Act, 2000 cover identity theft and cheating by personation through computer resources. Section 318 of the Bharatiya Nyaya Sanhita covers cheating. But substantive offences without investigative infrastructure are unenforceable. You cannot prosecute someone you cannot identify. This feature also arrives at the worst possible moment for WhatsApp. With Civil Appeal 301/2026 pending before the Supreme Court, where the bench has already described WhatsApp's data practices as "a decent way of committing theft of private information”, rolling out architecture that further reduces account traceability will almost certainly be cited against WhatsApp in those proceedings,” added Bansal. Bansal suggests that WhatsApp can preserve user privacy while ensuring law enforcement agencies can investigate crimes by maintaining a confidential data base linking usernames with verified phone numbers. She stated, “The solution is technically straightforward and already has a global precedent: WhatsApp must maintain a confidential backend mapping of every username to its linked verified phone number, accessible only through court-ordered judicial disclosure, never publicly visible. This is architecturally identical to the WHOIS registry model for domain names. It preserves user privacy completely while restoring law enforcement accountability entirely.” The lawyer added that the instant messaging app already collects users’ phone numbers during account registration, making such a system technically feasible. “WhatsApp already holds the phone number at account creation. Maintaining this mapping costs them nothing architecturally. The question is whether they proactively offer it to MeitY before launch or wait for a government direction and fight it, which is the strategy that produced the Rs 213 crore CCI penalty. The regulatory history of WhatsApp in India suggests the lesson has not yet been learned.” WhatsApp has positioned Usernames as a privacy-focused f





