[StavrosK]

Unfortunately, if WhatsApp did defend against this, it would be such a big hassle that users would disable it. How many people do you know that wouldn't just click "accept" on "this user's keys changed", or wouldn't just ask the attacker "hey did you get a new phone?" "yes" "oh okay"?

People love to blame WhatsApp, but what can anyone realistically do?

[aylons]

It does not need to be a modal form - a notification message, embedded in the the chat log, just before a "Hey, could you send me some money", could make some people think twice before transferring:

"Wow, he is asking me in excess of USD500 just after WhatsApp warned me his cell phone has changed. Weird".

The simple alert shown in moxie's own blog post [1], perhaps less cryptically written, would probably do the job.

Heck, if this happened between me and girlfriend last week, I would most probably fall, as I did not know this was disabled in WhatsApp. Now, at least, I have turned the notification on.

[1] https://whispersystems.org/blog/images/whatsapp-keychange.pn...

[eridius]

For the overwhelming majority of people, it would just lead to alert fatigue, where users start ignoring the alerts because 99% of the time they're not actually indicative of a problem.

[eitland]

As much as I agree that alert fatigue is a problem this shouldn't trigger it.

[stouset]

[citation needed]

[eitland]

I wrote shouldn't instead of won't.

That said, my reasoning went along the lines of:

Where I live at least people rarely switch phone numbers and I have yet to hear about a single person that I know or have worked with who have had their phone number hijacked.

So, lets say that other people are less lucky than me and this warning will pop up twice a year, -will that be enough to trigger warning fatigue?

IMO, probably not.

Will we still have a problem with warning fatigue? Yes. Why? Because of the sticker and warning requirements created by American lawsuits and EU cookie law. (Oh, and IIRC my country isn't much better in this regard, just smaller so less of a problem.)

While not a citation I hope this explains my reasoning.

[stouset]

> Where I live at least people rarely switch phone numbers…

First, it's not about people switching phone numbers. It's about switching devices. This can be something as innocuous as uninstalling/reinstalling the WhatsApp app. Or upgrading their phone on a one or two year cycle. Or because they broke their phone and are using a friend's old phone for a few weeks. Or wanting to send and read messages on their laptop too. And their work laptop. Except they also had their work laptop reinstalled because of a virus, or because IT needed to do an upgrade, or whatever.

This shit happens all the time.

> …and I have yet to hear about a single person that I know or have worked with who have had their phone number hijacked.

I think this proves my point. The signal-to-noise ratio for this type of message is precisely zero for greater than 99.999% of WhatsApp users who are not being singled out by a nation-state for surveillance. And he number of these users who actually bothers to confirm keys out-of-band is, while not precisely zero, near enough as to make no difference.

For users who do anticipate being singled out, there are two plausible options: they are savvy enough to look into the settings and ensure the toggle is enabled, or they're not savvy enough to look for this type of option, and they're probably screwed anyway because actually achieving practical privacy against a highly-funded and highly-motivated governmental adversary is brutally hard and requires significantly more active involvement than merely toggling a switch on a messaging app.

> So, lets say that other people are less lucky than me and this warning will pop up twice a year

Twice a year times fifty contacts adds up to seeing this message frequently enough that you learn to subconsciously ignore it. People still try to bypass virtually every TLS warning browsers throw at them even though that number for most people is less than once per year, and even though browsers have made it painfully difficult to do so.

[WhitneyLand]

No, this is why I disagree with Moxie, the right UI design wouldn't have to create fatigue. It could just block by default, and then allow you to change the default with an appropriate warning.

At least that way, everyone will become aware at least once and make their choice.

[Spare_account]

Everyone (talking about non-technical users here) won't understand why they can't message a particular person any more and will blame WhatsApp "It's broken again". Block by default would kill growth and they don't want that.

[eridius]

It also absolutely would create fatigue, I don't know why WhitneyLand thinks it wouldn't.

[WhitneyLand]

Because you only have to block once, explain the consequences, and then allow them to unblock by default.

[eridius]

At which point 99% of people would immediately unblock by default and the supposed security would be lost.

[WhitneyLand]

Maybe a lot would it turn it off, but its better than the current situation because everyone would know exactly what they're getting themselves into. Most importantly, the people who are most at risk would get a chance to understand the issue and leave it on for their protection.

[kombucha2]

>How many people do you know that wouldn't just click "accept" on "this user's keys changed"

Literally everyone not tech savvy, this what happens on signal.