There's no reason to tell folks to abandon whatsapp just yet. It's a loss leader and the thing that has gotten more people to use E2E encryption than anything else!
I wish I could recommend people switch to signal, but the network effects mean that even the people who listen to me would probably just end up SMSing their friends that are only on whatsapp :(
For starters, Closed-source crypto is not crypto. Closed source privacy is not privacy.
For seconds, no corporation, least of all Facebook, pays literally billions for access to people's private thoughts and then generously locks itself out. It's a scam, like every other promise Facebook have ever made. To dream otherwise isn't optimism, it's dangerous self-delusion.
I have no doubt there's all sorts of nasty stuff hidden in the WhatsApp sources, but at least they're claiming to use free-software crypto and protocol libraries, unlike GSM carriers who are just openly evil.
And that's the alternative --- at least until someone teach my 80 year old grandmother and all her friends how to use Signal in a language that I can maybe string together three words in.
Until then, it has to be Signal for friends and acquaintances, WhatsApp for family :(
@cathal re:money though, I think the trick is that whatsapp users tend to consume so little that their data isn't worth the disks you'd store it in. the economics of privacy get real different in the third world
Even if they were using a version personally signed by Moxie it wouldn't matter a damn. The surrounding code is in the same PID as the library handling the keys and can freely access the variables, scopes, RAM containing key material. Exfiltrating a key in normal traffic is so trivial and so easy to hide it's laughable.
Sixteen Billion Dollars, right? That was the price of WhatsApp?
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!