(Caveat I’m the founder of https://wassist.app - The WhatsApp Agent Platform)
Please be very careful using this tool to automate your WhatsApp - if you send too many messages, too quickly, you are going to get banned.
This is NOT an officially supported api by WhatsApp and the risk of ban is relatively high
batuhanicoz 12 hours ago [-]
The way I would put it as someone who works at Beeper is: only use messaging automations for personal use, and don't use it to spam anyone or do anything you wouldn't do yourself within the app.
As long as you don't abuse and keep your usage within the parameters of any human, you'll be fine.
theoryaway 3 hours ago [-]
Someone who previously helped a project Barista/instagrabber, you should be wary of it.
I (almost) don't use any Meta products, but this just convinces me that I should stay away from it as far as possible.
sigmoid10 12 hours ago [-]
...until Meta decides they want to offer this kind of thing themselves and ban everyone else. Building your SaaS on top of someone else's SaaS is always a gamble, especially if said product is directly sold to users already and not a pure b2b intermediate.
Since recently Meta offers this as per European Union mandate (Digital Markets Act, DMA). For both Whatsapp and Facebook messaging. [0]
Now there are a lot of implementation requirements, basically forcing you to have some kind of messaging provider. Therefore difficult to apply for an open source solution. However there is such an interface.
They don't have one for regular people who want to do regular end-user computation.
kamma4434 1 hours ago [-]
I personally find the almost absence of spam on WhatsApp a big success story for it. Think about how much Spam still hits your email inbox (and nobody knows how much is filtered away before it does).
I totally understand why they try and make it hard for integration to happen. When compared to classic SMS, the fact that you need to start a conversation with a preapproved template means that they have a way to control casual interactions.
pancsta 10 hours ago [-]
Companies in spain use it for legitimate reasons, so its more a lack of usage which makes spam the only usage?
TeMPOraL 10 hours ago [-]
I consider marketing use to be spam, and this is what the API is primarily meant for.
I understand that WhatsApp is kinda special in that it effectively replaced SMS in some parts of the world, but IMO this needs to be looked at through the lens of other Meta effort. The same is the case with Facebook/Messenger, and has been since before WhatsApp has been a (Meta) thing - they offer multiple different official ways to support spamming users and tricking them to buy stuff, but may the Lord have mercy on you should you want to create an auto-responder or "save to calendar" script and hook it up to your personal account.
filcuk 10 hours ago [-]
Who mentioned marketing? It's used for package tracking, order updates, bookings and so on where I live.
TeMPOraL 7 hours ago [-]
Not where I live, presumably not in the US, and it doesn't look like the main use case emphasized in the developer/integration documentation.
c0balt 8 hours ago [-]
That seems a but pessimistic. A few companies use it for customer service, like ime Adidas Germany [0] (they handled an exchange for me once on there). It is effectively just another customer support line like a chat portal on a website.
Personal use is all fun and games until your little beeper goes into a loop.
boxingdog 4 hours ago [-]
[dead]
swyx 4 hours ago [-]
just so we know the consequences - is ban permanent? is there an appeals processes?
pedroslopez 2 hours ago [-]
When banned it'll give you means to reach out to support, you can claim ignorance and get unbanned. I've gone through this, having done some whatsapp automation myself, YMMV though.
swyx 2 hours ago [-]
very helpful, thanks. good on WA for providing actually working support. people will fuck up when testing legitimate stuff, it happens.
faangguyindia 13 hours ago [-]
I just use telegram.
Just yesterday I setup a bot which is easy via botfather
And also, setup an app (claude built it but I had to fiddle with it, it works like pagerduty) but uses cloudflate worker to push downtime/errors (via fcm) in production (from graphana) via webhooks to "full screen, by pass dnd, alerts, with loud music, this one: https://www.youtube.com/watch?v=H0IQBWWabuU )
I named the app "Siren".
It's not straightforward to have durable hard to miss alerts about your production enviornment but good thing is this doesn't cost a cent.
Telegram group alerts are from my teammates (small team 3 members) via bot.
And Siren is for only me as I am responsible for the backend with 10 microservices, centralized logging via graphana, alloy, loki, and for metrics Prometheus.
It's all working reasonably well for me, this makes your life so much better as you fix the issues before they turn into nightmare.
jeanlucas 12 hours ago [-]
I personally don't use whatsapp because I like it, but because all my contacts in my country are over there. It is officially more used than SMS here. It is not optional in my case :/
gsich 11 hours ago [-]
SMS is unsafe anyway.
baq 10 hours ago [-]
zuck can read your whatsapp messages, at this point I think I'd rather criminals and the government read them instead
hikarudo 7 hours ago [-]
WhatsApp is end-to-end encrypted. No one at Meta can read your messages.
1vuio0pswjnm7 1 hours ago [-]
Saw this exact claim on a billboard not too long ago
It's a strangely worded statement. What about data collection, metadata, other third parties
Maybe it's related to the fact that plaintiffs lawyers are now trying to verify what's going on inside Meta with WhatsApp through litigation discovery:
If I can log into whatsapp on a new device and old messages aren’t encrypted then they have a copy of your key and it is not true e2e encryption.
lukebennett 3 hours ago [-]
You can't unless you've chosen to back up your WhatsApp messages to iCloud/Google in which case it's Apple/Google responsible for preserving the messages and subject to their encryption standards, nothing to do with Meta.
Mordisquitos 4 hours ago [-]
Try logging in on a new device and putting your main device into aeroplane mode as soon as the login succeeds. Loading of old messages on the new device will stop.
cute_boi 6 hours ago [-]
How are we sure that it is really end-to-end encrypted?
dTal 1 hours ago [-]
Practically speaking, it isn't secure; no closed app can be. It receives regular compulsory updates (old versions refuse to work) and there's nothing at all stopping Zuck from sneaking in backdoors targeted at you personally.
lossyalgo 6 hours ago [-]
Moxie Marlinspike (founder of Signal) [0]implemented the same E2EE algorithm as Signal (Signal Protocol) into WhatsApp, but that was 10 years ago, so who knows if things have changed since then.
yeah who wants marginally regulated oligarchs -- Give me fully unregulated criminals!
mett36 5 hours ago [-]
+1
TeMPOraL 10 hours ago [-]
Nobody gives a damn. What matters is that it works even on a potato.
SMS security only became a problem due to 2FA, which is just one of many use cases, and the failure isn't even technical here but organizational. I agree it should've prompted more pressure to secure the system against SIM-swapping; alas this is too close to the Real World, so the tech industry instead responded with alternative that side-steps the problem by offering zero customer support. No humans to talk to = no humans to social engineer = secure. So much win.
(I'd also say the 2FA proliferation is itself a problem, but that's an unpopular opinion and for a separate discussion.)
lxgr 9 hours ago [-]
> Nobody gives a damn. What matters is that it works even on a potato.
It doesn't work on my computer, nor does it work on my phone when I'm traveling (different SIM), so I give a damn. WhatsApp, iMessage, Signal etc. do both. I really wish there was an open, federated standard (and no, RCS is neither), but until then, I'll use what actually works for me.
SMS just sucks, and I hate that it's become so ubiquitous an authentication method when it's not even secure.
bluebarbet 8 hours ago [-]
You can rent a virtual mobile number in your home country and consult SMSs on the web or even redirect them to email. I have done this for years, using Twilio for 2€ a month. Can't say the UX is great but it certainly fixes the whole problem.
I've never understood why so many people still chain their identities to physical SIM or even eSIMs. It's so fragile.
simonra 3 hours ago [-]
> I've never understood why so many people still chain their identities to physical SIM or even eSIMs. It's so fragile.
Living in a place where getting a replacement sim is gated behind obtaining an id from the police tied to your national id number, I wish there were other identity systems which were as robust. Much easier to get back to normal operations when the id device becomes damaged or lost with a physical sim you can shove into a cheap replacement device, than relying on backup services you need one of your digital id devices to access in the first place, especially if they're all lost at the same time in a house fire or something. The police will presumably get all my photo backups and savings if they ask nicely anyways, so the big threat to the single point of failure doesn't have a great marginal impact, while I dread the possibility of having to recover the accounts I can't get back through the local legal system given the poor 2fa recovery ecosystem.
bluebarbet 1 hours ago [-]
>Much easier to get back to normal operations when the id device becomes damaged or lost with a physical sim you can shove into a cheap replacement device
If the device can get damaged or lost, then the SIM can too. To buy a physical SIM or rent a virtual number online, in most jurisdictions you need to provide ID docs these days, so nothing is changed there.
lxgr 8 hours ago [-]
Yeah, that's a good workaround. Google Voice can work too.
Unfortunately, more and more services are declining to send to VoIP numbers because of seCurItY, so it's a game of cat and mouse.
Fortunately SMS is so expensive in parts of Europe and it's not allowable anymore to use SMS by itself for online payment authentication, and both issues combined have slowly been pushing companies to explore alternatives.
There unfortunately seems to be no such pressure in the US. Passkeys could solve the issue, but probably increase support request volumes enough for most companies to not bother unless forced.
Marsymars 4 hours ago [-]
If you port a landline number to a VoIP service, services can't really tell that you're using VoIP, as far as I can tell.
lxgr 39 minutes ago [-]
In the US, I belive there are three number categories in the NANP porting database (wireline, cellular, and VoIP), and SMS senders can definitely tell, even though it might take a while (presumably there's a lot of caching going on).
If you're lucky, the service you care about only validates at number registration time, not at text sending time, and you can get away with it indefinitely, I suppose.
wasabi991011 3 hours ago [-]
I thought that too but many carriers around me don't allow porting any VoIP-using number back to cellular. (Not sure if you were making a distinction between landline and cellular)
Unfortunately that means that my cell number which I wanted to temporarily park into VoIP while abroad is now permanently VoIP.
neya 12 hours ago [-]
Second this. Their API is such a breeze and it is so much more automation friendly than any other messenger platform. It has a good adoption % too, otherwise Signal is the real winner if we account for privacy.
tcfhgj 10 hours ago [-]
Even more automation friendly than Matrix?
morphology 22 minutes ago [-]
It's a bit less automation-friendly because the UX is not great when the bot doesn't have its own phone number (which costs money). I think it has better privacy, though. Matrix server operators can read message metadata.
neya 4 hours ago [-]
Unfortunately, I haven't used Matrix personally enough to comment, sorry. But, I've heard only good things about it so far.
BeetleB 3 hours ago [-]
I'll second the "Telegram is great for bots". It's the reason OpenClaw users use it.
I stopped using OpenClaw a while ago, but I did vibe code the very basic automations I had used OpenClaw for. Getting it to work with Telegram was trivial.
I don't use Telegram for chatting. In fact, I try not to use any IM tools with humans. ;-)
taminka 12 hours ago [-]
it's really unfortunate that telegram doesn't do e2ee, bc it's hands down the best messenger otherwise :(
rafaelmn 11 hours ago [-]
From what I understand you can have secure chats e2ee ? I like that I can login from multiple devices and continue the conversation. This was always annoying with whatsapp and signal. Worst case is mildly embarrassing stuff leaks.
lxgr 9 hours ago [-]
> From what I understand you can have secure chats e2ee ?
Not with bots, though.
> I like that I can login from multiple devices and continue the conversation
This is also not possible with Telegram E2E, while it is with Signal and WhatsApp.
tazjin 12 hours ago [-]
It does, but only for chats between two specific devices. Multi-device support is one of its best features that you lose with E2E.
Key distribution is just too hard. I think we won't get a messenger for non-tech people that works well with multi-device and E2E basically ever.
taminka 11 hours ago [-]
whatsapp, facebook messenger, imessage all support multi-device and it's pretty convenient, in fairness to telegram they launched a bit before double ratched was invented, but still, they've had over a decade to switch to it...
stavros 11 hours ago [-]
WhatsApp doesn't support multi-device. You can't have it installed on two phones at once.
they even have it on fb messenger and instagram (though they recently removed e2ee completely from instagram lol)
stavros 11 hours ago [-]
That's still one device. If you turn the primary phone off, the secondary device stops working. WhatsApp just proxies everything through the primary device, it's like WhatsApp Web.
wisenull 9 hours ago [-]
It used to be like that but not anymore. As siblings suggested you can now use it on up to 4 (I believe) additional devices.
lxgr 9 hours ago [-]
They used to, but that hasn't been true for a few years now.
Now it uses the Signal protocol's native multi-device capabilities, specifically in the "key per device" variant (unlike signal itself, which uses "key per account" if I'm not mistaken).
canpulseword 10 hours ago [-]
This is not true, even if the primary phone is offline you can send messages via secondary device, even whatsapp web
It’s not proxied via primary, otherwise it wouldn’t work if primary were offline
stavros 9 hours ago [-]
> It’s not proxied via primary, otherwise it wouldn’t work if primary were offline
That is correct, it doesn't work.
lxgr 9 hours ago [-]
Please stop spreading misinformation that can trivially be disproved with five minutes of effort.
stavros 9 hours ago [-]
I just tried it. Did you?
akdev1l 9 hours ago [-]
> You can now use the same WhatsApp account on multiple devices at the same time, using your primary phone to link up to four devices. You’ll need to log in to WhatsApp on your primary phone every 14 days to keep linked devices connected to your WhatsApp account.
Yes, and it works, as it has for the past few years.
stavros 9 hours ago [-]
So I don't need my primary device any more? I can just shut that phone down forever?
lxgr 9 hours ago [-]
No, I think you need it to be online once every 30 days or so. That's a much weaker requirement than what you were disputing, though.
taminka 11 hours ago [-]
oh, i see, is it the same for facebook messenger and instagram, imessage, etc?
TeMPOraL 10 hours ago [-]
Messenger seems to be properly multi-device, but you pay for this by some PIN code bullshit (maybe they removed that, I haven't seen a popup about this for over a year now?) and having to sync chat history in the background, through a process that is, of course, broken and unreliable.
I'm actually still jaded about this. Messenger worked fine before they broke it by introducing E2EE; it took years for them to fix the problems this caused (at least the ones that were immediately user-perceptible).
taminka 9 hours ago [-]
yeah messenger still has the pin code thingy, i'm curious why they do it at all that way, can't you just have your keys on fb servers encrypted with another set of keys derived from your password, which is much stronger than a 4-6 digit key?
alex1138 6 hours ago [-]
It's still broken if you're like me and you clear cookies
"Let's take people's years-long history between each other and just utterly break it. Why? 'privacy'" but they've never cared about it, they're opportunistic fucks. It's Zuckerberg's company to do with it "as he wishes" https://news.ycombinator.com/item?id=16770818
stavros 11 hours ago [-]
I don't know, I don't use those. It is for Signal, I don't think so for Instagram, since I don't think that encrypts end to end.
lxgr 9 hours ago [-]
It's not true for Signal either. Why don't you try it for yourself instead of spreading outdated (at best) information? Signal supports native multi-device capabilities without relaying everything through the "primary" device.
ymolodtsov 12 hours ago [-]
It's called iMessage. It's possible, Telegram just doesn't care. All their differentiating features (large groups, channels, device sync) is directly enabled by the lack of encryption.
taminka 11 hours ago [-]
they do have encryption, just not e2ee, and in fairness to them, it doesn't make sense to have e2ee on a channel or a group with 100k ppl in it, also device sync is possible with e2ee, it's just a slower
tcfhgj 9 hours ago [-]
you can have large groups and device sync WITH e2ee, see Matrix.
tcfhgj 10 hours ago [-]
Matrix
lxgr 12 hours ago [-]
What are you talking about? WhatsApp, iMessage, and Signal all have multi-device support and are E2E encrypted, just to name a few very popular options.
PUSH_AX 8 hours ago [-]
> I just use telegram.
And how do you just get everyone you want to speak to use telegram?
aembleton 6 hours ago [-]
Live in a country like Ukraine where everyone uses Telegram
3 hours ago [-]
pawsocks 5 hours ago [-]
Don't worry, it'll auto-spam all of your contacts when you sign up to take care of that.
risyachka 10 hours ago [-]
Be careful though - telegram is heavily compromised.
e.g. their backend just 2 days ago (and since at least start of the year) was replacing referral links to amex (and i bet many other banks etc) with custom referral codes from russian guys (so when I sent my friend my referral link - it showed another referral link in out chat history on both ends).
and their security team says its all good.
so unless you are using it for useless info - better use something else.
pratyahava 9 hours ago [-]
please provide a proof. if this is the case, then telegram is not to be trusted. but it needs to be proven. otherwise a lot of people trust their business and personal data to telegram.
pawsocks 5 hours ago [-]
Was this on a desktop? I'd think it's far more likely malware or a browser extension is hijacking your clipboard
eamag 10 hours ago [-]
Do you have a proof?
chaoz_ 10 hours ago [-]
What even is this claim? Telegram is compromised? Some telegram bot/group got compromised?
Is there any proof of the global telegram issue related to amex links? Sounds like BS
el_io 8 hours ago [-]
Are you using any custom telegram client?
johnpork343 2 hours ago [-]
i say cap
zarzavat 12 hours ago [-]
Beware that if this does not use a real web browser then it's likely to get your whatsapp account suspended. Don't use it with any account you care about, you will lose all your data.
Hell, I got my whatsapp account suspended (appealed and reversed) just for using the official web client too soon after creating a new account.
worldsavior 12 hours ago [-]
Right now I see many bots on WhatsApp.
joshwarwick15 12 hours ago [-]
You can use the official API to create and run bots - though the API itself is pretty bad
iddan 5 hours ago [-]
They use a real browser
adaptit 11 hours ago [-]
[dead]
BoppreH 12 hours ago [-]
I wish it mentioned how safe this is. Some years ago I got banned for just logging in with a third-party client, without sending any messages. Given how critical WhatsApp is for some people, and how permanent the bans are, that's a big risk.
watermelon0 12 hours ago [-]
You should use a separate WhatsApp account for bot purposes.
Recently, I used a separate WhatsApp account to interact with a group chat that I have with my friends. After about a week, they disabled the account, with no way to re-enable it.
BoppreH 12 hours ago [-]
In my case I did, but it's still wasted time and money. And when breaking TOS there's always a chance of getting related accounts also banned, though I don't know if that has already happened with WhatsApp or not.
miroljub 12 hours ago [-]
Since WhatsApp accounts are bound to phone numbers, getting a new phone number is a significant hurdle in many legislations.
An easier solution is to just not use WhatsApp at all and look for the alternatives for bot purposes. Telegram explicitly encourages bot usage with no risk of bans.
uxhacker 12 hours ago [-]
And what ever happened to tools like jabber ? Or any other open source alternatives
jannes 12 hours ago [-]
Jabber/XMPP was designed around persistent TCP connections. Push notification support came too late.
ButlerianJihad 11 hours ago [-]
> in many legislations
Do you mean “jurisdictions”?
miroljub 11 hours ago [-]
I said "legislations" because the word describes the existence of laws, while "jurisdictions" describes the law enforcement.
There are still some European non-EU countries where you can get an anonymous phone number because laws are not fully enforced.
grey-area 10 hours ago [-]
This is incorrect usage in English I'm afraid, and jurisdictions covers areas with different laws, 'legislations' is not used in this context.
ButlerianJihad 11 hours ago [-]
Well, your usage is nonsensical in legal terms. Also, that is not the definition of “jurisdiction”.
Nobody who knows law would use “legislation” in that sense, nor would they recognize it in that context, Humpty Dumpty.
alex-nikitin 6 hours ago [-]
There's a whole cottage industry around WhatsApp that exists to provide tools and services to commodity brokers and traders, primarily for compliance and bulk messaging existing customers. Meta has nerfed bulk forwarding on their desktop app, and the industry moved to third party tools to work around this. The reality is, no-one is spamming, everyone is consenting to this, everyone understands the risks, but a lot of markets live on the WhatsApp network, and despite there being compliant chat solutions, the existing network effects keep the status quo. Prior to WhatsApp, the markets operated on Yahoo Messenger, and the only reason there was a move was because Yahoo shut it down in 2016.
If anyone from Meta is reading this - we've spoken to some of your managers and there's zero appetite from your side to address this market because it's too small. I would go out of my way to help you design this for free to solve the market need.
mediaman 4 hours ago [-]
Meta could turn Whatsapp into the next Slack. I know a lot of businesses (especially international ones) that use it for team communication. It's so much better than Teams.
I guess they think it's a small market, or maybe you can't really monetize enterprise with ads and it's all they know how to do.
4 hours ago [-]
jillesvangurp 11 hours ago [-]
Cool.
I spun up a self hosted matrix server a few days ago using codex, docker compose, and ansible. Stupidly easy to do now. I'm running it in Hetzner on a 3.99 euro/month vm. It backs up every few hours to a bucket and I have a few integrity scripts to monitor the backups actually happen. I did that because I was getting a bit frustrated with the flaky integration with Whatsapp and Slack in openclaw. I had it up and running in half an hour with only minimal prompting.
Whatsapp kind of works but you end up chatting with yourself and then open claw posts messages as you. Not ideal. You can't easily create new users (or bot users) in Whatsapp. It probably has some kind of bot api of course but I did not explore that much.
I never quite managed to get Slack working with open claw. I tried for a few hours. I think the Slack team is asleep at the wheel snoozing through this whole AI thing. If somebody there is still paying attention to things like this, maybe make some noise internally. Anyway, they made it stupidly hard to do anything productive via their APIs. The UI for managing permissions is a disgraceful hell of complexity. Add permission. UI freezes for fifteen seconds. Reloads automatically. Unfreezes. Add the next. And whatever you do, there's always one more permission you forgot. *end rant*
Relative to Whatsapp and Slack, Matrix is stupidly easy to integrate with open claw, codex, or whatever. We're retiring Slack now as I see uses for agent driven chat bots everywhere now and I want to get rid of any kind of friction around bot related plumbing. I have no use for platforms that intentionally cripple that or treat as a toll booth.
With Matrix, you just create a bot user manually or via an API. Set a password, get an access token and do whatever. No API limits. No faff with QR codes. No permission hell (Slack). It just works. Well documented API. End to end encryption. Etc. Create as many bot users as you need. Nobody is bean counting API calls, numbers of users, etc. Refreshingly easy.
Other OSS messaging platforms are available of course. I do not have a strong opinion as to which is better yet. But now I want a Matrix cli that can do admin, message sending, and all the rest. Probably already exists. But if it doesn't I might end up generating one. Macli might be a good name.
recsv-heredoc 13 hours ago [-]
This is such a sorely needed point of integration. Cool to see Peter still shipping tools. It’s such a pity meta refuses to play ball like Telegram.
Either they’ll double-down and make this even harder -or- hopefully realise that WhatsApp is likely to be a really common control plane for AI systems in the next few years. Let’s hope the Llama energy strikes and it’s the latter.
How does WhatsMeow compare with Baileys?
batuhanicoz 12 hours ago [-]
whatsmeow is built and maintained by Beeper's bridge architect, Tulir Asokan, and is used by many Beeper users every day with no issues. It's at the core of our WhatsApp bridge: https://github.com/mautrix/whatsapp
Baileys is also a great library with a big community and one of the primary maintainers of that is also helping us with the bridge/whatsmeow. WhatsApp integration in our old app, Texts, was built with it: https://github.com/textshq/platform-whatsapp
I would recommend whatsmeow over Baileys just because we are actively involved and incentivized to keep that working perfectly, and have a lot of data points to detect any issues with it at scale.
oulipo2 11 hours ago [-]
So whatsmeow requires a browser, and Baileys not right? So it's a bit more lightweight in terms of RAM?
batuhanicoz 11 hours ago [-]
Neither of them require a browser. We run whatsmeow inside iOS and Android apps, with no browser whatsoever.
kandros 9 hours ago [-]
Interesting use case, mind explaining more?
3form 13 hours ago [-]
Don't they ban people using custom clients when discovered? I feel like I've read something on that note.
recsv-heredoc 13 hours ago [-]
They do - but the utility is so high vs the risk (for a new number) that it’s worth doing anyway for many users and even organizations.
Just yesterday we spoke with a $50-100m ARR org org using baileys for internal messaging!
blitzar 12 hours ago [-]
> a $50-100m ARR org org using baileys for internal messaging
Couldnt they just use post-it notes internally and still be a $50-100m ARR org?
recsv-heredoc 12 hours ago [-]
Yes - the interesting part is the decision that the “risk of losing internal comms to a ban is worth it” - even at that size.
According to one of the founders there’s no better way for them to reach a lot of low-skill part-time employees reliably.
It shows the need to bring AI to where people already are and onto the platforms they already use.
dinakars777 13 hours ago [-]
WhatsMeow is stable unlike Baileys which faces challenges with maintainability.
TZubiri 12 hours ago [-]
The thing is that their tight control is precisely what makes whatsapp a spam free environment. You can't have a libre federated protocol AND have it be spam free.
As soon as you open up the api floodgate, you'll start to see nigerian prince agents on openclaw speed.
whilenot-dev 12 hours ago [-]
OT#1, but I don't endorse the editorial choice to put the name of the "original" author in the submission title.
OT#2: Is it typical to put a package.json in a go project as replacement for a {Make,Just}file?
sixhobbits 11 hours ago [-]
I'd be curious to know how many numbers were burned/banned during the development of this library
nkzd 12 hours ago [-]
What is the best way to get a throwaway phone number to try this? Is it possible to get one online?
mawax 9 hours ago [-]
You can get a prepaid eSIM online, depending on your country. It's cheap and you don't have a monthly fee
Chloride8387 12 hours ago [-]
I've used textverified in the past, maybe you could check it out (small cost per verification)
miroljub 12 hours ago [-]
In most of the EU dictatorships, there's no legal way to obtain a phone number without registering with your real identity.
8593376393 10 hours ago [-]
[dead]
mentalgear 9 hours ago [-]
Reading a lot about people getting banned here for not using the official client, but doesn't Whatsapp have to be interoperable now (at least in the EU due to new legislation) ?
At least Whatsapp itself shows ad banners that you can now connect other messaging clients into Whatsapp, so it should be normal that other clients can equally access Whatsapp.
lxgr 9 hours ago [-]
Officially interoperating with them is extremely onerous, to the point where their mechanism borders malicious compliance, as far as I remember.
In any case, official interoperability is only for third-party messengers communicating with WhatsApp users, not for automation or bots, as I understand, so it's not a replacement for things like this project.
It seems Meta is able to set some rules about the interoperability making it very difficult for an FOSS implementation to emerge. Additionally organizations like Signal though technically interested in this interoperability have stated they won't lower their security standards for this.
acedTrex 55 minutes ago [-]
Ya im totally sure its a good idea to use a tool written by the creator of openclaw with a sensitive account that is closely tied to day to day needs.
What could possibly go wrong with that.
andberx 12 hours ago [-]
The offline search with FTS5 is really nice. I have years of WhatsApp history and searching for anything in the app is painfully slow. Being able to just grep through everything locally would be a huge upgrade.
How far back does the backfill actually go? Does it pull your full history from the primary device or is there some limit?
If AI agents can proficiently use whatsapp I would assume that two-thirds of the people chatting with me in my contacts are actually just bots messaging me.
psychoslave 12 hours ago [-]
People are just a device that LLMs use to interact with the physical world now. That's far more safe for them, staying in the sweet datacenter while the meat puppets take all the risk of dirty jobs out there. Why create terminators or even use them as battery à la Matrix when all you need to do to make them work for you is to inject the right prompts in their phone. They will pay to be thus treated.
exitb 12 hours ago [-]
It strikes me as odd that we've got so many agent harnesses, orchestrators, sandboxes, yet no one made a communicator for AIs yet.
asim 12 hours ago [-]
I don't know why in 2026 I'm still surprised CLIs are taking off. But here's the difference today. It's for real world end user platforms like WhatsApp and Claude. That's the difference. Previously it was only Dev and infrastructure focused. Today we're saying you know what, I need programmatic access to this real world thing. It's fascinating because I rarely open my laptop now or try not to.
Who are these people using the cli?
psychoslave 12 hours ago [-]
People that prefer to use CLI I guess.
Obviously it helps that one can pipe as it might see fit in the flow of an ad hoc filled need, and so leverage on mastered composable tools.
That will never be for everyone, but it will be for no one only the day it becomes logistically unsustainable to reach some endpoint though a CLI.
pmxi 11 hours ago [-]
These CLIs are for AI agents. If I have a CLI to WhatsApp, then I can direct an agent (such as OpenClaw) to manage my messages for me.
duskdozer 11 hours ago [-]
Devs are often also users. cli is nice because
- automation
- sometimes avoid enshittified, privacy-invading services
- fast, responsive, keyboard-friendly, debloated but non-minimized, stabler interface
13 hours ago [-]
eisbaw 12 hours ago [-]
Matrix
JimmaDaRustla 7 hours ago [-]
I tried creating a whatsapp "bot" which would just send notifications for my Jellyfin server. It was a bureaucratic nightmare - creating dev accounts, creating some sort of "project", then it was requiring I register it as a business as though the only valid use case for creating an app for WhatsApp is a business, then it required me to verify my identify and upload documents.
I just switched to Signal.
saberience 7 hours ago [-]
As someone that's written some apps using official WA for Business accounts, I would strongly advise against any 3rd party tools for automating WA.
Whatsapp has some really stringent requirements on any kind of automation. E.g. Not messaging anyone automatically unless they messaged you with 24 hours, in fact, this is explicitly blocked if you use Meta's API. You have to use message templates in this case.
Also, any bots need to be verified with Meta etc.
And the TOS has gotten more strict recently, not less strict. So buyer beware here, Meta is really protective over reverse engineering WA protocol or automating it, so you can easily get yourself blocked or banned here.
e7h4nz 12 hours ago [-]
[dead]
superfa 12 hours ago [-]
[dead]
m00dy 12 hours ago [-]
for some reason, I don't like this guy.
mechazawa 12 hours ago [-]
For some reason vibe coders with no development background consider him a god. But all he is is a charlitan at best
batuhanicoz 12 hours ago [-]
Peter is also the creator of PSPDFKit, and people have considered him an incredible engineer way before transformers were even invented.
hathym 12 hours ago [-]
for context, he is the openclaw creator
blitzar 12 hours ago [-]
browsing through the details etc, i genuinely thought they were another twitter vibe coding grifter
recsv-heredoc 12 hours ago [-]
The world’s most successful one!
blitzar 12 hours ago [-]
Every twitter grifter awards themselves that honorific
Rendered at 20:10:18 GMT+0000 (Coordinated Universal Time) with Vercel.
Please be very careful using this tool to automate your WhatsApp - if you send too many messages, too quickly, you are going to get banned.
This is NOT an officially supported api by WhatsApp and the risk of ban is relatively high
As long as you don't abuse and keep your usage within the parameters of any human, you'll be fine.
https://web.archive.org/web/20240527132615/https://austinhua...
I (almost) don't use any Meta products, but this just convinces me that I should stay away from it as far as possible.
Now there are a lot of implementation requirements, basically forcing you to have some kind of messaging provider. Therefore difficult to apply for an open source solution. However there is such an interface.
[0] https://developers.facebook.com/m/messaging-interoperability...
They don't have one for regular people who want to do regular end-user computation.
I totally understand why they try and make it hard for integration to happen. When compared to classic SMS, the fact that you need to start a conversation with a preapproved template means that they have a way to control casual interactions.
I understand that WhatsApp is kinda special in that it effectively replaced SMS in some parts of the world, but IMO this needs to be looked at through the lens of other Meta effort. The same is the case with Facebook/Messenger, and has been since before WhatsApp has been a (Meta) thing - they offer multiple different official ways to support spamming users and tricking them to buy stuff, but may the Lord have mercy on you should you want to create an auto-responder or "save to calendar" script and hook it up to your personal account.
[0]: https://www.adidas.de/en/help/contact-us
Just yesterday I setup a bot which is easy via botfather
And also, setup an app (claude built it but I had to fiddle with it, it works like pagerduty) but uses cloudflate worker to push downtime/errors (via fcm) in production (from graphana) via webhooks to "full screen, by pass dnd, alerts, with loud music, this one: https://www.youtube.com/watch?v=H0IQBWWabuU )
I named the app "Siren".
It's not straightforward to have durable hard to miss alerts about your production enviornment but good thing is this doesn't cost a cent.
Telegram group alerts are from my teammates (small team 3 members) via bot.
And Siren is for only me as I am responsible for the backend with 10 microservices, centralized logging via graphana, alloy, loki, and for metrics Prometheus.
It's all working reasonably well for me, this makes your life so much better as you fix the issues before they turn into nightmare.
It's a strangely worded statement. What about data collection, metadata, other third parties
Maybe it's related to the fact that plaintiffs lawyers are now trying to verify what's going on inside Meta with WhatsApp through litigation discovery:
https://ia801607.us.archive.org/10/items/gov.uscourts.cand.4...
Meta's motion to dismiss seemed a little weak. Time will tell
https://ia801607.us.archive.org/10/items/gov.uscourts.cand.4...
Hearing will likely be sometime this summer
[0] https://en.wikipedia.org/wiki/Moxie_Marlinspike
SMS security only became a problem due to 2FA, which is just one of many use cases, and the failure isn't even technical here but organizational. I agree it should've prompted more pressure to secure the system against SIM-swapping; alas this is too close to the Real World, so the tech industry instead responded with alternative that side-steps the problem by offering zero customer support. No humans to talk to = no humans to social engineer = secure. So much win.
(I'd also say the 2FA proliferation is itself a problem, but that's an unpopular opinion and for a separate discussion.)
It doesn't work on my computer, nor does it work on my phone when I'm traveling (different SIM), so I give a damn. WhatsApp, iMessage, Signal etc. do both. I really wish there was an open, federated standard (and no, RCS is neither), but until then, I'll use what actually works for me.
SMS just sucks, and I hate that it's become so ubiquitous an authentication method when it's not even secure.
I've never understood why so many people still chain their identities to physical SIM or even eSIMs. It's so fragile.
Living in a place where getting a replacement sim is gated behind obtaining an id from the police tied to your national id number, I wish there were other identity systems which were as robust. Much easier to get back to normal operations when the id device becomes damaged or lost with a physical sim you can shove into a cheap replacement device, than relying on backup services you need one of your digital id devices to access in the first place, especially if they're all lost at the same time in a house fire or something. The police will presumably get all my photo backups and savings if they ask nicely anyways, so the big threat to the single point of failure doesn't have a great marginal impact, while I dread the possibility of having to recover the accounts I can't get back through the local legal system given the poor 2fa recovery ecosystem.
If the device can get damaged or lost, then the SIM can too. To buy a physical SIM or rent a virtual number online, in most jurisdictions you need to provide ID docs these days, so nothing is changed there.
Unfortunately, more and more services are declining to send to VoIP numbers because of seCurItY, so it's a game of cat and mouse.
Fortunately SMS is so expensive in parts of Europe and it's not allowable anymore to use SMS by itself for online payment authentication, and both issues combined have slowly been pushing companies to explore alternatives.
There unfortunately seems to be no such pressure in the US. Passkeys could solve the issue, but probably increase support request volumes enough for most companies to not bother unless forced.
If you're lucky, the service you care about only validates at number registration time, not at text sending time, and you can get away with it indefinitely, I suppose.
Unfortunately that means that my cell number which I wanted to temporarily park into VoIP while abroad is now permanently VoIP.
I stopped using OpenClaw a while ago, but I did vibe code the very basic automations I had used OpenClaw for. Getting it to work with Telegram was trivial.
I don't use Telegram for chatting. In fact, I try not to use any IM tools with humans. ;-)
Not with bots, though.
> I like that I can login from multiple devices and continue the conversation
This is also not possible with Telegram E2E, while it is with Signal and WhatsApp.
Key distribution is just too hard. I think we won't get a messenger for non-tech people that works well with multi-device and E2E basically ever.
they even have it on fb messenger and instagram (though they recently removed e2ee completely from instagram lol)
Now it uses the Signal protocol's native multi-device capabilities, specifically in the "key per device" variant (unlike signal itself, which uses "key per account" if I'm not mistaken).
It’s not proxied via primary, otherwise it wouldn’t work if primary were offline
That is correct, it doesn't work.
ref: https://faq.whatsapp.com/1317564962315842/?cms_platform=ipho...
> Use WhatsApp on your computer even when your phone is off.
ref: https://faq.whatsapp.com/378279804439436/?helpref=faq_conten...
I'm actually still jaded about this. Messenger worked fine before they broke it by introducing E2EE; it took years for them to fix the problems this caused (at least the ones that were immediately user-perceptible).
"Let's take people's years-long history between each other and just utterly break it. Why? 'privacy'" but they've never cared about it, they're opportunistic fucks. It's Zuckerberg's company to do with it "as he wishes" https://news.ycombinator.com/item?id=16770818
And how do you just get everyone you want to speak to use telegram?
e.g. their backend just 2 days ago (and since at least start of the year) was replacing referral links to amex (and i bet many other banks etc) with custom referral codes from russian guys (so when I sent my friend my referral link - it showed another referral link in out chat history on both ends). and their security team says its all good.
so unless you are using it for useless info - better use something else.
Is there any proof of the global telegram issue related to amex links? Sounds like BS
Hell, I got my whatsapp account suspended (appealed and reversed) just for using the official web client too soon after creating a new account.
Recently, I used a separate WhatsApp account to interact with a group chat that I have with my friends. After about a week, they disabled the account, with no way to re-enable it.
An easier solution is to just not use WhatsApp at all and look for the alternatives for bot purposes. Telegram explicitly encourages bot usage with no risk of bans.
Do you mean “jurisdictions”?
There are still some European non-EU countries where you can get an anonymous phone number because laws are not fully enforced.
Nobody who knows law would use “legislation” in that sense, nor would they recognize it in that context, Humpty Dumpty.
If anyone from Meta is reading this - we've spoken to some of your managers and there's zero appetite from your side to address this market because it's too small. I would go out of my way to help you design this for free to solve the market need.
I guess they think it's a small market, or maybe you can't really monetize enterprise with ads and it's all they know how to do.
I spun up a self hosted matrix server a few days ago using codex, docker compose, and ansible. Stupidly easy to do now. I'm running it in Hetzner on a 3.99 euro/month vm. It backs up every few hours to a bucket and I have a few integrity scripts to monitor the backups actually happen. I did that because I was getting a bit frustrated with the flaky integration with Whatsapp and Slack in openclaw. I had it up and running in half an hour with only minimal prompting.
Whatsapp kind of works but you end up chatting with yourself and then open claw posts messages as you. Not ideal. You can't easily create new users (or bot users) in Whatsapp. It probably has some kind of bot api of course but I did not explore that much.
I never quite managed to get Slack working with open claw. I tried for a few hours. I think the Slack team is asleep at the wheel snoozing through this whole AI thing. If somebody there is still paying attention to things like this, maybe make some noise internally. Anyway, they made it stupidly hard to do anything productive via their APIs. The UI for managing permissions is a disgraceful hell of complexity. Add permission. UI freezes for fifteen seconds. Reloads automatically. Unfreezes. Add the next. And whatever you do, there's always one more permission you forgot. *end rant*
Relative to Whatsapp and Slack, Matrix is stupidly easy to integrate with open claw, codex, or whatever. We're retiring Slack now as I see uses for agent driven chat bots everywhere now and I want to get rid of any kind of friction around bot related plumbing. I have no use for platforms that intentionally cripple that or treat as a toll booth.
With Matrix, you just create a bot user manually or via an API. Set a password, get an access token and do whatever. No API limits. No faff with QR codes. No permission hell (Slack). It just works. Well documented API. End to end encryption. Etc. Create as many bot users as you need. Nobody is bean counting API calls, numbers of users, etc. Refreshingly easy.
Other OSS messaging platforms are available of course. I do not have a strong opinion as to which is better yet. But now I want a Matrix cli that can do admin, message sending, and all the rest. Probably already exists. But if it doesn't I might end up generating one. Macli might be a good name.
Either they’ll double-down and make this even harder -or- hopefully realise that WhatsApp is likely to be a really common control plane for AI systems in the next few years. Let’s hope the Llama energy strikes and it’s the latter.
How does WhatsMeow compare with Baileys?
Baileys is also a great library with a big community and one of the primary maintainers of that is also helping us with the bridge/whatsmeow. WhatsApp integration in our old app, Texts, was built with it: https://github.com/textshq/platform-whatsapp
I would recommend whatsmeow over Baileys just because we are actively involved and incentivized to keep that working perfectly, and have a lot of data points to detect any issues with it at scale.
Just yesterday we spoke with a $50-100m ARR org org using baileys for internal messaging!
Couldnt they just use post-it notes internally and still be a $50-100m ARR org?
According to one of the founders there’s no better way for them to reach a lot of low-skill part-time employees reliably.
It shows the need to bring AI to where people already are and onto the platforms they already use.
As soon as you open up the api floodgate, you'll start to see nigerian prince agents on openclaw speed.
OT#2: Is it typical to put a package.json in a go project as replacement for a {Make,Just}file?
At least Whatsapp itself shows ad banners that you can now connect other messaging clients into Whatsapp, so it should be normal that other clients can equally access Whatsapp.
In any case, official interoperability is only for third-party messengers communicating with WhatsApp users, not for automation or bots, as I understand, so it's not a replacement for things like this project.
It seems Meta is able to set some rules about the interoperability making it very difficult for an FOSS implementation to emerge. Additionally organizations like Signal though technically interested in this interoperability have stated they won't lower their security standards for this.
What could possibly go wrong with that.
How far back does the backfill actually go? Does it pull your full history from the primary device or is there some limit?
Who are these people using the cli?
Obviously it helps that one can pipe as it might see fit in the flow of an ad hoc filled need, and so leverage on mastered composable tools.
That will never be for everyone, but it will be for no one only the day it becomes logistically unsustainable to reach some endpoint though a CLI.
- automation - sometimes avoid enshittified, privacy-invading services - fast, responsive, keyboard-friendly, debloated but non-minimized, stabler interface
I just switched to Signal.
Whatsapp has some really stringent requirements on any kind of automation. E.g. Not messaging anyone automatically unless they messaged you with 24 hours, in fact, this is explicitly blocked if you use Meta's API. You have to use message templates in this case.
Also, any bots need to be verified with Meta etc.
And the TOS has gotten more strict recently, not less strict. So buyer beware here, Meta is really protective over reverse engineering WA protocol or automating it, so you can easily get yourself blocked or banned here.