[shmerl]

This puzzles me. Let's compare one time action of registration for secure XMPP service (where you have an option of choosing your own ID (JID) and password which you can change later), as well as an option of using a client with extra security like OTR for text messages and ZRTP for audio/video conferencing, with the client which lets you skipping one time step of registration, but gives it for the price of broken insecure approach of using predefined IDs and passwords based on the device ID?

I'd say constant security risk outweighs the "burden" of one time registration step which is a pretty familiar for any user on the web and takes just a few seconds to complete. It's not a decent thing to do for Whatsapp developers to play on users ignorance.

[incision]

>This puzzles me.

It really shouldn't.

Seems to me you're grossly over-thinking what's important and/or understood by any majority of the tens of millions using WhatsApp.

[shmerl]

I understand the psychology involved, so my remark was rhetoric. One time comfort of avoiding registration lures users who are unaware of resulting security risks. In essence such tradeoff doesn't worth it. It's just unfortunate that such tricks are used by developers of Whatsapp - it's really indecent in my opinion.

Also, instead of promoting federated XMPP (which idea is exactly one time registration and communication with all other federated services), Whatsapp promotes its own walled service. Double failure the way I see it.