I do not want to start arguing here, but as most users "donated" a lot of $, especially when developer said he would need those in order to develop(so I'm not sure how is it donations). It would be more than fair that such developer would at least publish code if he suddenly decided to stop support because "3rd party and user banning", as it would be something new and was not known before he asked for those donations ._.

Maybe, but...

https://talk.maemo.org/showpost.php?...&postcount=314

Well, if you don't want to switch every now and than, you have to choose the way to communicate very carefully. To choose a solution with a closed source protocoll isn't very clever, if you want the freedom of choice, which platform you use.
If you don't care, than you have to eat what your provider offers you and all is fine.

I for myself decided, that I don't want to be dependent on the big players, so I'm very old school in my choice:
vis-a-vis, phonecalls, mail, irc and somtimes SMS.
No whatsthat, no skype, still alive, still friends.

Well it's interesting that you are willing to accept that. Have you asked everybody in your address book if they want their personal data on facebooks servers and using them for who knows what? In fact that's the biggest point for me in criticizing WhatsApp.

Or what do you think, would the customers of a pornsite or a panama bank think, if the site/bank decides to publish their "address books".

It's a no go for me, that WhatsApp collects data from persons, who haven't agreed with that. And I wouldn't call that the right direction.

Well, that is IF you believe them...
I am a bit suspicious about it, and too bad you cannot verify it as the specification is closed.

Besides how do you implement group chats with end-to-end ciphering? By distributing separate keypairs for each member on the group maybe? wouldn't that multiple the possibility of leaking a lot of keys?

All in all I'd take their claims with a largish grain of salt...

I'm with you on this, you can't really trust they they've done anything properly if community experts can't audit the code.

Isn't it more like PGP with multiple recipients? The private key is stored on the handset ad the public keys are stored on the server so you don't have to add them manually, if you're talking to multiple people you just need more public keys, the private keys aren't distributed.

@wicket yes they are BANNING users of 3rd part clients.
@juiceme they are actually using libsignal from textsecure for text messaging. it's almost same as own textsecure clients, but working via whatsapp servers using xmpp protocol encrypted packets with Noise protocol. It's all already reversed and hacked by other peoples in php Chat-API project
@ZogG i developed a lot for WA1.5 protocol support, then they switched to WA1.6 protocol, and now switched to WA2.0 protocol. Fully working qt libs for libaxolotl and libwa are ready. But since december i have a full time job and cant support such big project. I will think about publishing sources some day, and you will see i did not spent your donations for drugs and whores, but for code

What! My donation was for drugs and whores, I want a refund

Don't get me wrong, if I eventually choose to use WhatsApp (I still have not decided 100%), like with any proprietary solution, it would be with great reluctance.

I too share your concerns, I'm also a victim of this, nobody ever asked me if I wanted my name and phone number to be submitted to WhatsApp servers but I'm sure it's happened many times already. Telegram which also uses a centralised, closed server, is not better in this regard. Likewise, my telephone operator knows everybody I call and what I say to them. If I eventually decide to use WhatsApp, the way I see it is that I'm coming so late to the game that I'm pretty sure that everyone in my address book is already on their servers. It doesn't make it right, sure, but in this case, resistance is futile. In any case, I would be using a 3rd party open source client so it would be possible modify it so that it only exposes the contacts that I want to expose.

Customers of a porn site or a Panamá bank would obviously not be impressed if their data was published but I fail to see the relevance of that point. WhatsApp aren't publishing address books as such. A data leak would expose the information but that's no different from any other service that one may use in life. There's always a risk when giving personal data to another entity.

All I'm saying is that guaranteed end-to-end encryption from WhatsApp makes it a better choice over other proprietary solutions such as Skype, Google Hangouts, Facebook Messenger and even Telegram which some have suggested moving to. I've tried moving people to SIP calls and XMPP in the past but either they're just not interested or when they are willing to give it a try, it's caused no end in headaches. I've accepted that we live in a far from perfect world and either I use proprietary communications or I become a hermit and only communicate with people in FSF circles. This very forum, vBulletin, is proprietary software.

You raise some good points. How are the public keys being transferred?

I hadn't thought about group chat. I guess it's a common problem with any implementation of group chat encryption. One of the users could act as a host or each user could push messages to all members of the group. I've no idea how they are doing it.

juiceme, check out OMEMO, it's based on libsignal but made to work with XMPP, and it also works in group chats (well, MUCs, but the new kind of 'real' group chats, 'MIX', is on the horizon). Works very well with the Android application Conversations and the desktop application Gajim. Waiting for more clients to implement it, but it's definitely the way forward. Finally we can leave behind OTR and GPG without sacrificing privacy, and there's actually a choice involved, whether you want to use Signal, an XMPP server or become part of WhatsApp.