Nothing new, its disingenuous to claim to have found a vulnerability, when its a long known fact, that whatsapps metadata is not secure/deleted. Whatsapp never claimed anything otherwise.

But government agencies, the engineers wrote, were “bypassing our encryption” to figure out which users communicate with each other, the membership of private groups, and perhaps even their locations.

The vulnerability is based on “traffic analysis,” a decades-old network-monitoring technique, and relies on surveying internet traffic at a massive national scale. The document makes clear that WhatsApp isn’t the only messaging platform susceptible.

Not really a vulnerability. Metadata and traffic analysis is not something that whatsapp claims to defend against. Things like who/when you message are exposed. Your E2EE messages are still secure (as long as you trust whatsapps implementation, security researchers have found nothing of concern there so far).

Tldr: if your threat model requires protection against the government knowing who you message, use something else like signal.

Side-note: Do not use telegram as an alternative, as it’s even less secure than whatsapp (no e2ee by default and in groups) and stores metadata (which is the “vulnerability” that the article talks about.)