WhatsApp just rolled out a fortress mode for users in the crosshairs of sophisticated cyberattacks. The Meta-owned messaging giant's new "Strict Account Settings" automatically blocks attachments, media, and calls from unknown contacts - targeting journalists, activists, and public figures who've become prime targets for state-sponsored spyware campaigns. It's the latest salvo in WhatsApp's ongoing battle against surveillance tools like NSO Group's Pegasus, which previously infiltrated devices through simple phone calls.
WhatsApp is putting up the barricades for its most vulnerable users. The company's new "Strict Account Settings" represents a fundamental shift in how messaging apps protect people who face real-world consequences from digital surveillance - and it couldn't come at a more critical time.
The feature targets a specific but growing demographic: journalists covering sensitive stories, human rights activists operating in hostile territories, and public figures whose communications have become high-value targets. According to WhatsApp's official announcement, the lockdown mode automatically blocks attachments and media from unknown senders while silencing calls from anyone outside your contact list.
But the protections run deeper than simple filtering. The new setting fundamentally locks down your WhatsApp presence - turning off link previews that could trigger malicious code, restricting who can add you to groups, and hiding your profile photo, status, and "about" information from non-contacts. It's the digital equivalent of going dark, and WhatsApp knows it. "You should only turn this on if you think you may be a target of a sophisticated cyber campaign," the company warns. "Most people are not targeted by such attacks."
The timing reflects hard-won lessons from WhatsApp's frontline battles with surveillance vendors. The platform has long offered end-to-end encryption using the , but encryption alone couldn't stop the NSO Group's Pegasus spyware, which to gain device access through missed calls. That 2019 attack affected roughly 1,400 users across four continents.
