The WhatsApp vulnerability debate got quite heated up and polarized people. I wish I could have had this debate with the Facebook Security Team in Whitehat Report #1008534892515816. In private, without the public listening and judging our opinions, agreeing on a solution and giving a joint statement at the end.
Starting to resolve this issue in the media came with a big price tag attached: The ordinary people following the news and reading headlines do not understand or do not bother to understand the details and nuances we are discussing now. Leaving them with wrong impressions leading to wrong and dangerous decisions: If they think WhatsApp is 'backdoored' and insecure, they will start using other means of communication. Likely much more insecure ones. The truth is that most other messengers who claim to have "end-to-end encryption" have the same vulnerability or have other flaws. On the other hand, if they now think all claims about a backdoor were wrong, high-risk users might continue trusting WhatsApp with their most sensitive information.
The Guardian's initial story headlined 'WhatsApp backdoor allows snooping on encrypted messages'. It's appearance surprised me just like everyone else at 3:30am when my phone started buzzing. Calling it a 'backdoor' might've not been the best choice there, but I can also see that there are arguments for calling it a 'backdoor'. The folks at Facebook of course, accused of malicious intent, were furious and issued a blank denial. This polarized sides.
When I have read about WhatsApp's implementation of the Signal end-to-end encryption protocol, I though that when I activate the security notifications and verify keys, WhatsApp is as secure as Signal. I couldn't read about any security tradeoffs that WhatsApp has made. And this is what I told my friends with my “expert” opinion. Many other security experts did. Discovering the vulnerability and Facebook not addressing it as a serious concern was disappointing for me and many others.
If WhatsApp can convince me of their statements that 1) too many messages get send to old keys, don't get delivered, and need to be resend later and 2) it would be too dangerous to make blocking an option (moxie and I had a discussion on this), and only then, I could actually live with the current implementation, except for voice calls of course. But then WhatsApp has to be transparent about this decision. E.g. in the app there could be a notice “key change notifications may be delayed in some cases, for more information click here” right in the menu where you can enable security notifications. And then WhatsApp should market itself as what it is: A very good messenger for the masses, but not one that can protect against advanced adversaries.
If, on the other hand, we find a way to safely give users the option of opting in to blocking behavior, and I am optimistic this is possible, this is the preferred path to take.