[bisby]

> But there are nuances here that are important, and fleshing them out is a big part of what this community is about.

The entire point of the crypto community is to maintain as little trust as possible unless you can be highly certain about things.

The media reaction to "OMG WHATSAPP IS FOR SURE NOT SAFE" is a HUGE over reaction. But in an industry where audits and open source are huge factors in trust... WhatsApp doesn't do a whole lot. Phrased better, the article could have done a great job of explaining how to secure yourself and enable the messages, rather than just fear mongering.

Lets be honest. Facebook doesn't have a great privacy record. Theyre an advertising and data harvesting company. I basically trust them 0. But I trust Moxie a lot (its possible that he's been bought out by facebook/egyptian government for billions of dollars, but Im just gonna keep trusting him).

Honestly, Moxie saying that WhatsApp has a decent implementation of Signal does a lot more for my concerns than Facebook saying the exact same thing (though I too would love to know more about how much Moxie knows about whatsapp). I don't use whatsapp, but Im less prone to go "oh yeah, you def dont want to use that, its a facebook product!" like i would for skype/MS.

Its reassuring to know that if someone tried this, I could be notified of it, which means it seems like no one would really try this unless it was SUPER worth it (I dont think facebook is going to try to MITM and expose themselves so they can hear about my weekend drinking plans). So for common folk, I think it would be pretty safe. And if you are talking about things that require crazy opsec, definitely turn notifications on and verify those numbers.

[tomsmeding]

I think that here you've made a great point. For many users, the level of privacy that Whatsapp gives is unnecessary, but if you are the person that needs to discuss mission-critical matters over Whatsapp, they give you the possibility to do that safely.

The only problem would then be that they can MITM one message, even if they'd be caught that way. I doubt they'd do that for less than world-changing messages, but still that's the only problem if you enabled the notifications and checked the numbers.

[litetime]

> But I trust Moxie a lot

What does trust have to do with this? The trade-off has been clearly explained. As it stands, WhatsApp is great for protecting sexts and low value conversations if you're not famous (99.99% of everyone), but if you're snowden, or hillary, there is no protection - contrary to what has been advertised.

[kobayashi]

>there is no protection

To my understanding, that's simply not true. What you can accurately say is that with key change notifications turned on, any one* message could be exposed without any means of recourse, but subsequent exposures would require user error.

*Question for anyone: could this apply to a "batch" of messages? That is, could servers hold back the delivery of some number of messages and then the attack could be applied to all such undelivered messages? But once the attack took place, the double check would be displayed on the sender's phone and the notification of key change would appear. My understanding is that the answer to the question is 'Yes'.

[FabHK]

Very good question, and I haven't seen a definitive answer to it yet.

The responses by Bob are presumably numbered, and some might be delivery receipts, or contain delivery receipts (e.g. A cumulative ACK as in TCP). Could the server selectively suppress the read receipts, or manipulate the cumulative ACK? If it simultaneously triggered rekeying on Bob's side, presumably yes. But not seen a definitive statement on that.