This video shows how you can make sure that your website is optimised for SEO and that all your products and services will have the highest likelihood of being indexed and found properly … all with the few clicks of some buttons … and some handy prompts !

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Need to check a voice note during a meeting or just prefer reading over listening? WhatsApp now lets you transcribe voice messages into text in just a few taps.

How to:

– Go to ‘Settings > Chats > Voice message transcripts’ in WhatsApp.
– Choose your preferred language (e.g. English).
– Then, in any chat, tap and hold the voice message.
– Select ‘Transcribe’ when the option appears.

What it’s for:

Ideal for catching up on messages when you can’t play audio out loud — or for double-checking long or unclear voice notes.

Pro‑Tip: Transcription works offline and on-device for privacy — but always scan the text for errors before forwarding or quoting.

A massive trove of stolen usernames and passwords totalling 16 billion records has been discovered across 30 newly uncovered databases, revealing one of the largest and most dangerous credential breaches ever recorded.

Two Login Credentials for Every Person on Earth

Security researchers at Cybernews have uncovered an unprecedented cache of login data scattered across unsecured web databases. These exposed collections, some open to the internet only briefly, were mostly hosted on misconfigured Elasticsearch instances or cloud object storage services, making them accessible without authentication.

All but one of the 30 datasets involved in the breach had not been reported previously. Combined, they include roughly two login credentials for every person on Earth!

A Blueprint For Mass Exploitation

“This is not just a leak – it’s a blueprint for mass exploitation,” said the Cybernews team, who have been tracking the breach since early 2024. “The structure and recency of these datasets make them particularly dangerous.”

From Apple, Google, Facebook, and More

While large-scale data breaches have become disturbingly common, this incident stands out for the freshness of the data and the scope of what’s included. For example, Cybernews has reported that the breach includes login credentials drawn from a huge range of services including Apple, Google, Facebook, GitHub, Telegram, VPNs, and even government portals.

More Than Just Usernames and Passwords

The datasets primarily consist of credentials stolen by infostealers, i.e. a type of malicious software designed to extract sensitive information from infected computers. Once installed (often via phishing emails, fake software updates, or pirated software), infostealers scan the victim’s device for stored logins, cookies, authentication tokens, and autofill data. These details are then quietly sent back to attackers’ servers.

In most cases, Cybernews reports that the stolen data is structured in a familiar format, i.e. the website URL, the username or email address, and the associated password. Some records are reported to include extra metadata, such as session cookies or two-factor authentication tokens, which can significantly aid attackers in bypassing security protections.

Cybernews estimates that some overlap exists between datasets, but even conservative estimates suggest billions of distinct login records are involved. The largest single collection, linked to a Portuguese-speaking population, holds over 3.5 billion records. Others are named generically (such as “logins” or “credentials”) while some reference specific services like Telegram or locations such as the Russian Federation.

Who’s Behind It and Who’s Affected?

It appears that the origin of these leaked datasets remains murky. Although some may have been compiled by cybercriminals intent on launching mass-scale phishing or credential stuffing attacks, others could belong to grey-hat researchers, aggregating leaked data for academic or threat intelligence purposes. However, it should be noted that the absence of clear attribution makes them no less dangerous.

Cybersecurity experts have warned that even if only a fraction of the 16 billion records are actively exploited, the consequences could be severe. Identity theft, business email compromise (BEC), unauthorised access to cloud services, ransomware attacks, and financial fraud are all plausible next steps.

A significant concern is that many users still reuse the same password across multiple sites (known as ‘password sharing’). Attackers often employ credential stuffing, a tactic that involves testing stolen username/password pairs against a wide range of sites, hoping users have reused credentials elsewhere.

The impact is not likely to be just limited to individual consumers. Businesses, particularly those lacking multi-factor authentication (MFA) or modern password management protocols, are at risk of full-scale account takeovers. These in turn could lead to data theft, service disruption, or reputational damage.

What Tech Companies and Security Experts Are Saying

So far, most affected companies have not issued individual statements, probably because the breach is not tied to a specific platform or service – the leak is an aggregation of credentials siphoned off via malware over time.

However, the Cybernews team and other researchers have voiced serious concern. “Credential leaks at this scale are fuel for phishing campaigns, ransomware intrusions, and business email compromise,” the team said in its public briefing. “The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organisations lacking multi-factor authentication or credential hygiene practices.”

Security vendor Malwarebytes described the incident as “a wake-up call” for both users and companies. “This is a stark reminder that infostealer malware remains an enormous threat and that misconfigured cloud services continue to expose sensitive data at scale.”

More of a ‘Combolist’

Some experts have cautioned against treating the breach as a single event, noting that it is better understood as a massive combolist, i.e., a curated aggregation of multiple smaller leaks. Even so, the potential for harm remains high.

Why This Breach Is Different and What Comes Next

Unlike older breaches which often contain outdated or previously exposed data, these records are mostly new. Only one of the 30 datasets had been reported before (a 184 million-entry trove covered by Wired in May). The rest have emerged only recently, some in the last few weeks, suggesting that infostealer activity is ongoing and highly active.

Not Indexed Yet

At the moment (it’s still early days since the discovery), compounding the risk is the lack of visibility. Many of the exposed credentials have not yet been indexed by breach monitoring services or browser alert systems, meaning users aren’t being automatically notified if their details are among those leaked.

Also, because the databases were reportedly only briefly exposed, researchers say they could not determine who held or uploaded the data, nor whether it has already been downloaded or traded on criminal forums.

What Should Users and Businesses Do Now?

For individual users, the recommendations are fairly straightforward but urgent and they probably echo most of the points of security good practice around breaches. For example:

– Immediately change passwords on any accounts using duplicated or weak credentials.

– Use a password manager to generate and store complex, unique passwords for every service.

– Enable multi-factor authentication (MFA) wherever possible.

– Monitor for phishing emails or unusual account activity, especially logins from unfamiliar locations or devices.

– Run antivirus and anti-malware tools to scan for potential infostealers on your system.

For businesses, the stakes are higher. Implementing stronger access controls, requiring MFA across all services, and deploying endpoint detection tools are worthwhile steps. Regular audits of privileged access accounts, secure cloud configurations, and employee training on phishing threats are also essential.

Experts also recommend checking employee and corporate credentials against breach monitoring services such as Have I Been Pwned or Cybernews’ Leaked Database Checker.

Could Big Tech Be Doing More?

Looking at where many of these stolen credentials came from, it’s perhaps not surprising that there is growing pressure on tech platforms to go beyond offering MFA as an optional feature. Some experts are calling for default-on MFA policies, improved session token management, and better user alerts for credential misuse. Others suggest that browser makers could more aggressively warn users about unsafe passwords, even when stored locally.

Cloud service providers also face scrutiny. For example, misconfigured storage services remain a recurring source of data exposure and security researchers have long warned that businesses often fail to understand the shared responsibility model of cloud hosting, which places the burden of securing customer data squarely on the organisation using the service, not the cloud provider itself.

Combined for Weaponisation

This breach essentially demonstrates how aggregated, seemingly disparate data leaks can combine to form a vast, weaponisable archive of credentials. Also, without rapid, coordinated responses from users, businesses, and tech providers alike, the consequences may stretch far beyond compromised passwords.

What Does This Mean For Your Business?

The sheer scale and structure of this breach underline how fragile the global system of digital identity has become. With 16 billion credentials exposed, many of them recent, unrecycled, and complete with cookies and tokens, the barrier to entry for cybercriminals appears to have been lowered dramatically. This isn’t just an escalation in volume, it’s a shift in the quality and usability of stolen data. For attackers, this is a ready-made toolkit for highly convincing phishing, large-scale account takeover attempts, and social engineering operations that could target everyone from individual users to senior staff within high-profile organisations.

For UK businesses, the risks are not theoretical. Any organisation with staff using shared or recycled passwords, without enforced multi-factor authentication, could find themselves an easy target. For example, compromised employee accounts can quickly open doors to sensitive systems, intellectual property, financial accounts or customer data. The consequences are likely to include financial loss, regulatory penalties, and long-term reputational damage. This is especially pressing for sectors handling critical infrastructure or customer data, such as healthcare, education, local government and law firms.

The fact that so many of the datasets were discovered in misconfigured online storage shows how easily even vast amounts of sensitive information can be left vulnerable. This again raises questions about internal security practices, not just among cybercriminals, but among businesses and developers failing to properly secure cloud environments. As more breaches emerge from poor cloud hygiene, regulators may well move to demand greater accountability and oversight from cloud service providers and their clients.

For security professionals and digital privacy advocates, this breach reinforces the need to accelerate the move away from passwords altogether. Passkey adoption, hardware-based authentication, and biometric alternatives are already gaining traction, but the pace remains slow. Meanwhile, tools such as credential stuffing bots and AI-enhanced phishing make password-only systems increasingly outdated and risky.

The discovery also points to a deeper issue around breach notification and public awareness. Because these credentials were collected silently through infostealers and surfaced only when aggregated by researchers, the victims (both users and the platforms their data was stolen from) may have no idea they were compromised. With no clear breach event to attribute, many companies are, therefore, unlikely to report or even detect the loss. This leaves users exposed and unprepared, and it puts the onus on breach checkers and independent researchers to close the gap.

This incident serves as a stark reminder that security needs to be proactive, not reactive. Businesses should no longer view breaches as isolated events but as part of an ongoing data extraction economy that thrives on delay, misconfiguration and user complacency. Whether you’re a multinational tech firm, a regional employer, or an individual internet user, the threat landscape has shifted again and this time, the scale is difficult to ignore.

A new survey has revealed that a majority of Windows users still haven’t moved to Windows 11, despite Microsoft’s looming deadline and growing security concerns.

Windows 11 Promised a Leap Forward

When Windows 11 launched in October 2021, Microsoft described it as a fresh start for the world’s most widely used desktop operating system. The company pitched it as more than just a visual refresh, i.e. it was billed as faster, smarter, more secure, and better integrated with new hardware and cloud-powered AI features. Yet nearly four years later, new research by TechRadar has found that only 43 per cent of users say they’ve made the switch.

Most Still on Windows 10 or Older – 14 October Date Looming

This means that the remaining 57 per cent are still on Windows 10 or even older versions, despite the clock ticking down to 14 October 2025, when Microsoft will officially end support for Windows 10. After that date, no more security patches or updates will be issued unless users pay for costly extended support contracts through the new ESU (Extended Security Updates) programme.

What’s Stopping Users From Upgrading?

According to the TechRadar survey, part of the issue is confusion. For example, while 55 per cent of users said they knew “exactly” which version of Windows they were running, the remaining 45 per cent were uncertain to some degree. Also, it seems that over 12 per cent had no idea at all. This uncertainty makes it harder for users to feel urgency around upgrading, particularly when their systems still appear to function normally.

Even more concerning, the results appear to show that a significant number of people don’t understand what their devices are capable of. For example, although 53 per cent of users claimed their PCs or laptops met the minimum requirements for Windows 11, only 40 per cent could say how much RAM they actually had. Of those, around one in four gave wildly inaccurate answers, with some naming specs that don’t exist in consumer devices.

This gap between perception and reality is, therefore, one of the key barriers. To install Windows 11, devices must meet stringent requirements, including Secure Boot, TPM 2.0 (Trusted Platform Module), and at least 4GB of RAM. Older devices (even those still performing well) often fail to meet these specifications. For example, according to a Lansweeper study from 2022, around 42 per cent of business devices tested did not pass Windows 11’s CPU compatibility checks, and 15 per cent lacked TPM 2.0.

Users Say They’re Willing, But Don’t Act

Interestingly, TechRadar’s research also found that many users are optimistic about upgrading. More than half of respondents said they’d be confident doing the upgrade themselves, yet those same respondents often lacked basic knowledge about their systems’ specs. This suggests a large proportion of users are either unaware of what’s actually involved or overestimate their readiness.

The survey also found that 28 per cent of users explicitly stated their devices didn’t meet the system requirements in some way. Another 14 per cent didn’t know what Windows 11 required at all, and 4 per cent didn’t know what specs their devices had.

This echoes a broader trend identified by other studies. For example, a Canalys report from late 2023 showed that enterprises were “reluctant to refresh hardware” unless absolutely necessary, with many still clinging to fleets of Windows 10 devices because of cost constraints, particularly in the public sector and small business environments.

How Users Can Check If Their Device Is Ready for Windows 11

As noted earlier, one of the reasons why users may not be upgrading to Windows 11 is that they simply don’t know whether their current device meets the system requirements for Windows 11. Fortunately, Microsoft has provided tools to help users check their eligibility and plan accordingly.

The most straightforward option is the PC Health Check app, a free utility from Microsoft that runs a full compatibility check. Once downloaded and installed, the app scans the device’s hardware to confirm whether it meets Windows 11’s key requirements, including CPU model, RAM, storage space, Secure Boot, and TPM 2.0 support. If the user’s device is compatible, the tool will confirm this clearly. If not, it will list which components fall short.

For those managing multiple devices, particularly in a business setting, more advanced tools are available. Microsoft’s Endpoint Analytics within Intune allows IT teams to assess upgrade readiness across their estate, while other third-party platforms such as Lansweeper and PDQ Inventory offer detailed Windows 11 compatibility reporting.

As mentioned earlier, the minimum requirements for Windows 11 include a 64-bit processor with at least 1GHz clock speed and 2 or more cores, 4GB of RAM, and 64GB of storage, alongside UEFI firmware with Secure Boot and TPM 2.0. Microsoft maintains a full list of compatible processors and guidance on how to check for TPM using the Windows Security settings or command prompt.

If users are unsure about their device’s hardware, they can access system information by typing “System Information” in the Start menu or using “dxdiag” via the Run command. These tools reveal processor type, memory size, and other key details. Alternatively, third-party tools like Speccy or CPU-Z can offer a clearer breakdown.

Crucially, checking compatibility now gives users time to prepare whether that means freeing up space, enabling TPM in the BIOS, or budgeting for new equipment. For businesses, it provides the insight needed to build a phased upgrade plan, avoiding the cost and disruption of last-minute decisions.

The Business Risk Is Growing

For business users, the stakes are actually high. For example, once Windows 10 support ends in October this year, organisations that haven’t upgraded will be exposed to security vulnerabilities, compliance risks, and potential loss of functionality. Cybercriminals often target unsupported systems because they’re easier to exploit.

As Chris Morrissey, a senior analyst at Forrester recently pointed out in a webinar, “Windows 10 reaching end-of-support in 2025 is not just a technical milestone—it’s a business continuity issue,” and that “We’re already seeing a rise in ransomware attacks on legacy systems, and unpatched endpoints are a key vector.”

Pay for Windows 10 Security Updates for 3 Years After 2025

The upcoming Microsoft Extended Security Updates (ESU) programme, aimed at organisations that need more time, will, however, offer security updates for up to three years after 2025, but at a significant cost. For businesses with hundreds or thousands of endpoints, this could quickly become expensive.

Features Alone Aren’t Driving Migration

Despite Microsoft’s emphasis on new features, e.g. integrated Copilot AI tools, improved virtual desktops, enhanced gaming performance, and faster boot times, these haven’t been enough to convince the majority of users to make the leap.

Critics have pointed out that many of Windows 11’s enhancements feel incremental, not essential. Also, some power users and IT administrators have raised concerns about changes to the Start menu and taskbar, which have removed or restructured functionality found in Windows 10. For example, in a widely shared Reddit thread among sysadmins, one commenter described the Windows 11 interface as “a step forward in looks but a step backwards in control.”

Even Microsoft has acknowledged that uptake has been slower than expected. In a blog post from April 2024, the company said it was “continuing to invest in helping users transition” and hinted at further incentives, including possible discount offers for Windows 11-compatible hardware bundles.

Larger Devices, Longer Lifecycles

There also appears to be a practical reason why many users are waiting, i.e. PC lifecycles have lengthened. Where once businesses refreshed desktops every three to four years, it’s now common to extend that to six or more. The pandemic’s remote work boom saw a spike in PC sales in 2020–2021, meaning many organisations feel they’ve only recently upgraded, even if those machines aren’t compatible with Windows 11.

This mismatch is a challenge for Microsoft, which relies on regular upgrade cycles to keep its ecosystem secure and standardised. But for IT departments already stretched for budget and time, replacing functioning machines purely for compliance is a hard sell.

What Happens Next?

Microsoft is expected to step up its messaging later this year, particularly as the October 2025 deadline approaches. Experts believe we’ll see more nudges built into Windows 10 itself, with system tray notifications and update prompts likely to become more persistent.

The pressure is also likely to increase on IT providers, MSPs and corporate procurement teams. As the deadline nears, demand for Windows 11-compatible hardware will rise, and possibly outstrip supply, particularly in niche sectors. Businesses that wait until 2025 to start planning may face disruption, higher costs, or difficulty securing replacement devices in time.

For now, the message from Microsoft is to check compatibility, and don’t assume your device is ready just because it runs smoothly. It could, therefore, be said that for both individuals and organisations, the real risk is waiting too long to begin, rather than the upgrade itself.

What Does This Mean for Your Business?

The message from all the available evidence is that time is running out, and the level of readiness among users, particularly within SMEs and the public sector, is not where it needs to be. While many may believe they are prepared to make the switch to Windows 11, a large proportion either misunderstand the system requirements or are using devices that are simply not capable of upgrading. Optimism alone will not prevent a security breach once Windows 10 support ends.

For UK businesses, the stakes are especially high. For example, operating unsupported systems after October 2025 introduces real risks such as those from cyberattacks, regulatory penalties, and operational downtime. Even for those considering Microsoft’s Extended Security Updates, the cost of delay could add up quickly. Replacing hardware on short notice, under pressure, and potentially amid supply chain constraints could impact budgets and business continuity plans. Those with critical dependencies on specific Windows-based applications will also need time to test, validate, and train staff on new systems.

This could be regarded, therefore, as not so much a technical migration, but more of a strategic operational shift with implications for cybersecurity, procurement, compliance, and long-term planning. If the research is anything to go by, it seems that many stakeholders across IT, finance, and leadership teams need to coordinate now, rather than waiting until the upgrade becomes unavoidable. Otherwise, organisations risk finding themselves caught between rising security threats, stretched resources, and avoidable costs.

For Microsoft, the slow uptake also presents challenges. For example, delays in user migration hold back the rollout of its AI-led desktop vision and extend the support burden for legacy systems. Unless adoption improves, the company may have to offer new incentives, extend transition periods, or risk reputational damage if a large number of users are left behind.

The choice for users and organisations is, therefore, becoming clearer, i.e., start planning for Windows 11 or prepare to pay a premium to stay where you are. The longer the delay, the fewer options will remain.

It’s been reported that Meta-owned WhatsApp has formally backed Apple in its legal challenge against the UK government over secret demands to weaken end-to-end encryption, in a case that could have global repercussions for user privacy and national security policy.

Secret UK Orders to Access Encrypted Data

The dispute stems from a Technical Capability Notice (TCN) reportedly issued to Apple by the UK Home Office under the Investigatory Powers Act 2016, i.e., legislation that allows UK authorities to compel technology firms to provide access to communications and stored data where necessary for law enforcement and national security.

This particular TCN is believed to have required Apple to create a way for UK authorities to access encrypted content held in users’ iCloud accounts, including personal files, messages, and notes. Apple’s Advanced Data Protection (ADP) system, introduced globally in late 2022, uses end-to-end encryption (E2EE) to protect this data, meaning only the user, not even Apple, has access to it.

When Apple received the notice, it pulled the ADP feature from the UK in February 2025 and launched a legal appeal through the Investigatory Powers Tribunal, the specialist court that handles intelligence and surveillance disputes. The case was initially held behind closed doors, but following pressure from media organisations, a judge ruled in April that certain details should be made public due to the significance of the case.

WhatsApp Warns of Global Implications if Encryption Is Weakened

Now, WhatsApp has reportedly stepped in to support Apple, applying to submit evidence in the case and voicing serious concerns about the precedent such government powers could set. According to a recent report from the BBC, WhatsApp head Will Cathcart said the platform “would challenge any law or government request that seeks to weaken the encryption of our services and will continue to stand up for people’s right to a private conversation online.”

Cathcart added that if the UK’s approach were allowed to stand, it could “embolden other nations” to demand similar access, undermining encryption standards and threatening users’ privacy worldwide.

WhatsApp, which provides E2EE by default for all messages and calls, has long warned that creating any “backdoor” access mechanism, even for a single government, would jeopardise the security of all users. For example, back in 2023, the platform said it would rather be banned in the UK than comply with demands to compromise its encryption under the Online Safety Act.

A Broader Tech Industry Pushback

Apple itself has said little publicly beyond its legal filings but has previously stated that building such backdoors would expose users to risks from “bad actors” and hostile states. “There is no way to provide access to encrypted data for some without making it vulnerable to others,” Apple argued in a 2024 statement responding to proposed changes in UK surveillance law.

The wider tech industry has reacted with unease. Civil liberties campaigners, including Open Rights Group and Liberty, have welcomed WhatsApp’s intervention. “It’s important that the court hears from as many companies and organisations as possible,” said Jim Killock, executive director of Open Rights Group. “The Home Office is trying to establish powers that would affect the safety and privacy of billions of people.”

What the UK Government Says

The Home Office has declined to comment on the ongoing legal case. However, in a broader statement reported recently by the BBC, it said the UK has “a longstanding position of protecting our citizens from the very worst crimes, such as child sex abuse and terrorism, at the same time as protecting people’s privacy.”

The government maintains that such powers are only used “on an exceptional basis” and subject to independent oversight, but critics argue that the secrecy surrounding TCNs makes scrutiny difficult. Under UK law, recipients of TCNs are not allowed to confirm they’ve received one, adding to the opacity of the process.

What Happens if Apple Loses?

If Apple’s legal challenge fails, it could be forced to re-engineer iCloud systems to allow for selective access to encrypted user data. Privacy advocates warn that even if intended for legitimate UK investigations, the mere existence of such a capability could be exploited by other governments, including authoritarian regimes.

That would represent a major change in the international norms around encryption, long considered a vital defence against cybercrime, identity theft, and state surveillance. Tech companies may also face rising pressure to comply with similar orders from other jurisdictions, effectively weakening global data security.

Apple, whose products are used by millions of businesses worldwide, including SMEs and regulated sectors such as law and healthcare, could face reputational and operational risks if seen to compromise its security guarantees. Likewise, any weakening of encryption on WhatsApp would create immediate concerns for its 2 billion users, many of whom rely on it for confidential client communications.

Concerns for Business and International Relations

The political and diplomatic fallout has already begun. For example, in the US, two members of Congress wrote to Director of National Intelligence Tulsi Gabbard demanding the UK order be retracted, citing it as a “dangerous attack on US cybersecurity.” Gabbard later confirmed the order had not been disclosed in advance and is now being investigated by US intelligence agencies.

Some US officials have also reportedly warned that if the UK proceeds with such unilateral data access powers, it could damage intelligence-sharing arrangements within the Five Eyes alliance, a cornerstone of post-war Western security cooperation between the UK, US, Canada, Australia, and New Zealand.

For UK businesses, especially those handling sensitive data or operating internationally, any weakening of encryption by major providers could raise compliance questions, particularly under GDPR and other global privacy regimes.

A Fight Over Principles, Technology, and Power

At the heart of the legal fight is a clash between national security objectives and digital privacy rights, one that is shaping the future of how encrypted technologies are governed. While the UK government argues it needs the tools to investigate the most serious crimes, tech firms warn that any mechanism to bypass encryption inherently undermines its effectiveness.

The case also illustrates how laws written in 2016 are now being applied in a more technologically advanced and politically volatile world, where global tech platforms often sit at odds with national authorities. As WhatsApp’s Cathcart noted (as reported by the BBC), what happens in this case “will set the tone for the future of privacy and encryption around the world.”

What Does This Mean For Your Business?

If the tribunal ultimately sides with the UK government, the immediate consequence would be the normalisation of secret orders compelling companies to undermine their own security architecture. This would not only damage the trust users place in services like iCloud and WhatsApp, but could expose everyday business communications, customer records, and proprietary information to new vulnerabilities. For UK businesses, especially those in sectors such as finance, law, and healthcare where confidentiality is critical, the legal uncertainty and technical risk of weakened encryption could prove costly. Questions around compliance with global data protection rules would also increase, with firms forced to consider whether UK-hosted services still meet international privacy standards.

For tech companies, the case highlights an escalating pattern of legislative tension between national governments and global platforms. A ruling in favour of the Home Office could embolden other countries to issue similar demands, gradually eroding the integrity of end-to-end encryption across borders. Smaller or newer service providers without the legal resources of Apple or Meta may find it harder to resist such pressures, creating an uneven playing field and amplifying risks for users across the board.

On the other hand, for law enforcement and intelligence services, the case reflects long-standing frustrations with encrypted platforms that make it harder to investigate serious crimes. The Home Office maintains that the powers in question are only used where strictly necessary, and subject to independent oversight. However, the lack of transparency, particularly around the existence and use of Technical Capability Notices, remains a sticking point for civil liberties groups and privacy advocates.

Ultimately, the outcome of Apple’s legal challenge will shape more than just the UK’s approach to digital surveillance. It will set a precedent for how democratic societies balance the competing demands of public safety, privacy, and technological progress. With major platforms now formally aligning against the government’s position, the case has become a defining test of both legal authority and digital ethics. Whatever the ruling, its impact is likely to resonate well beyond the UK courtroom.

WhatsApp has announced it will begin showing adverts on its platform for the first time, with new features designed to monetise its Updates tab while keeping personal messages private.

Ads Appear Only in the Updates Tab

In a major shift for the Meta-owned app, WhatsApp will now allow businesses to promote content in two key areas of the Updates tab, i.e., Status and Channels. These features are separate from private chats and have been used by more than 1.5 billion people daily, according to Meta.

The new monetisation rollout includes three core features, which are:

1. Ads in Status – short-lived posts similar to Instagram Stories, where businesses can now place adverts that link directly to a chat.

2. Promoted Channels – businesses and creators will be able to pay to have their Channels suggested to users browsing the directory.

3. Channel Subscriptions – a new paid model allowing followers to access exclusive content for a monthly fee. WhatsApp will take a 10% commission.

“Today we’re introducing new features in WhatsApp’s Updates tab, which is home to both Channels and Status,” the company said. “We believe the Updates tab is the right place to introduce this, in a way that doesn’t interrupt personal chats.”

Targeting and Privacy

Meta says it has designed the new advertising features with “privacy as the core principle”. The company is keen to stress that end-to-end encryption still applies to all messages, calls and personal Status posts, meaning they cannot be accessed or used for ad targeting.

Instead, WhatsApp says it will use a limited set of data to decide which ads to show. This includes:

– The user’s country or city.

– App language settings.

– Channels followed.

– Interaction with other ads.

Those who have linked WhatsApp to Meta’s Accounts Centre (used to manage connected services like Facebook and Instagram) may also see more tailored ads, based on preferences or activity from across those platforms. But Meta insists phone numbers and private content will not be shared.

“We will never sell or share your phone number to advertisers,” WhatsApp stated. “Your personal messages, calls and groups you are in will not be used to determine the ads you may see.”

A Strategic Move Towards Business Monetisation

While this is WhatsApp’s first foray into advertising, the move aligns with Meta’s wider strategy to turn the messaging app into a multi-purpose business platform. With public social media engagement falling and users spending more time in private messages and small group updates, WhatsApp’s Status and Channels features represent prime digital real estate.

“We’ve been talking for years about how to build a business on WhatsApp in a way that doesn’t interrupt personal chats,” Meta said. “Now the Updates tab is going to be able to help Channel admins, organisations and businesses build and grow.”

WhatsApp’s Status feature is already used by millions of individuals and companies to post 24-hour content. Channels, meanwhile, offer a one-way broadcast model, popular with news outlets, influencers and service providers—that is now gaining commercial functionality.

By adding adverts and subscription models, Meta is following a monetisation blueprint more common in Asia, where super-apps like WeChat have long blurred the line between messaging, content, and e-commerce.

Businesses and Advertisers

For UK businesses using WhatsApp to communicate with customers, the change brings new opportunities to drive engagement and visibility directly within the app.

Ads in Status updates could, for example, allow a local retailer to post a promotion with a “click to chat” button that starts a WhatsApp conversation. Promoted Channels will enable brands to push their content to new audiences, while paid subscriptions may appeal to creators and media companies offering exclusive updates.

“By showing ads in Status, you can help your business get discovered by new customers and make it easy for them to start a conversation with you, all within WhatsApp,” the company explained.

Although detailed campaign tools are still limited compared to Facebook or Instagram, early reports suggest that WhatsApp will offer businesses insights into click-through rates and some performance data.

Meta says it will gradually roll out the new advertising features over the coming months, starting with select markets. It has not confirmed which countries will be first, but WhatsApp’s Updates tab is known to be more popular in Latin America, India, and Southeast Asia than in the UK or Europe, where adoption of Channels and Status has been slower.

A Careful Balancing Act for WhatsApp

While WhatsApp says personal chats will remain untouched, the introduction of adverts may be seen by some as a departure from the app’s original ethos. For example, WhatsApp was once strongly anti-ads, famously stating in a 2012 blog: “Advertising isn’t just the disruption of aesthetics… at every company that sells ads, the user becomes the product.”

That stance softened after Meta’s acquisition in 2014. With WhatsApp now home to billions of users but little direct revenue, monetisation has become a priority. For example, back in 2023, Meta introduced tools such as WhatsApp Business API, click-to-chat ads from Facebook, and shopping catalogues, but this is the first time that on-platform adverts will be shown within the app itself.

Optional

Meta has also confirmed that the new advertising and subscription options are optional for users. For example, if someone chooses not to follow Channels or browse Status updates, they won’t see any ads. “If you only use WhatsApp to chat with friends and loved ones, there is no change to your experience at all,” the company said.

Even so, some privacy experts have warned that the move could set a precedent. Marijus Briedis, CTO at NordVPN, has noted: “Ads in WhatsApp aren’t just a distraction—they’re a signal of what may come next. Meta’s so-called ‘optional’ data-sharing is rarely as optional as it sounds.”

Regulation

Regulators in the EU are also likely to take a close look at the rollout, especially in light of GDPR requirements and Meta’s ongoing legal challenges over data processing and consent.

More changes are expected as the advertising features evolve. For now, it seems that WhatsApp is just focusing on “ads in the right place”, limiting the impact on its core messaging service. “We also don’t want to have a service that has lots of settings… that’s complexity too,” the company said, confirming that core app tabs like Updates and Channels will remain fixed.

What Does This Mean For Your Business?

It has to be said that this first step into advertising marks a real turning point for WhatsApp and the direction of Meta’s wider messaging strategy. By ringfencing adverts within the Updates tab, the company is attempting to walk a careful line between unlocking new revenue streams and preserving user trust. Whether that balance holds will depend on how the rollout is received across different markets, particularly in Europe, where expectations around privacy and digital intrusiveness remain high.

For UK businesses, the changes bring a new channel for visibility, especially for those already using WhatsApp to handle customer enquiries or share updates. The ability to promote Status content or gain traction through sponsored Channels could offer low-friction ways to reach engaged users, with a direct path into conversation. It may also help smaller firms compete more easily with larger brands in a messaging-first environment. However, uptake will likely depend on how seamlessly these features integrate with the current business tools and how effective the targeting proves in practice.

Advertisers and creators also now have a fresh route into an app with over a billion daily users, but one that has historically resisted the very concept of commercialisation. Meta’s challenge is to prove that these new ad formats deliver value without compromising the simplicity and privacy that have long defined WhatsApp’s appeal. Meanwhile, competitors like Signal and Telegram are likely to be watching very closely and may well seize on any missteps to reinforce their own positioning as ad-free alternatives.

For users, the WhatsApp experience remains largely unchanged for now, provided they steer clear of Channels and Status. However, questions about long-term data use, the permanence of ad features, and the possible expansion of monetisation elsewhere in the app are unlikely to fade. WhatsApp’s keen to promote the message that ads will stay away from personal chats. However, the test will be whether that promise still feels true a year from now.