Have you ever thought about what happens the instant you share a link in a messaging app? A preview card appears — title, image, blurb — which means something just fetched that URL. The only question is who. There are two answers, and each has a cost.[1]
Client-side — WhatsApp, iMessage, Signal, Viber. Your own phone fetches the link, so the site on the other end sees your IP address and rough location. The messaging platform may never see the link; the destination does.
Server-side — Messenger, Instagram, Slack, X. The platform's servers fetch the link. Your IP stays hidden from the destination — but the platform now sees every link you send.
Either way, the link gets fetched. That is the part security teams forget.
During an incident, it becomes a trap. Paste an attacker-controlled link into a messaging app to discuss it, and something — your phone or the platform — pings the attacker's server. They see the hit, realize they have been found, and start erasing: rotate infrastructure, wipe logs, pull payloads. One message can burn your whole investigation.
Before you share a suspicious link, know where it will be fetched from — and who is waiting on the other end.
When you share a link, who is watching the other end?
References
- Mysk, "Link Previews: How a Simple Feature Can Have Privacy and Security Risks" — https://mysk.blog/2020/10/25/link-previews/
Instagram