[lxgr]

> People seem to manage their whatsapp (or signal, etc) keys just fine.

The opposite is the case: WhatsApp and Signal manage the keys for them, mostly in the background (unless you actively verify identities).

You can try it yourself: Turn off your phone, ask a friend to send you a message, throw your phone into a volcano, reactivate your account on a new phone without entering any secret keys. You'll still receive the message.

I personally think that most of Signal's and even WhatsApp's tradeoffs are reasonable for a product with an adaption of hundreds of millions, but it's decidedly not cryptographic self-custody.