It has, and TextSecure is excellent. But being owned by Facebook, and their previous security record, has massacred WhatsApp's credibility amongst many users I've spoken to it seems.
To the point where friends have been talking to friends on the technical merits of them, and some have chosen to use Telegram, which is… um, not of the same quality of design as TextSecure, I'll say politely. But it's not owned by Facebook, and apparently that counts for a lot because people really do distrust Facebook that much. (Despite saying that on Facebook, I gather. Irony.)
I have the feeling TextSecure/Signal is frustratingly close to perfect. If it gained the ability to do voice and video well, gained a good desktop client (a slim one, without ads!), and could use usernames instead of/as well as phone numbers, it'd be poised to replace most of the common uses of Skype.
Add metadata protection in some form (onion/garlic routing?) and a distributed network (Tox used DHT) and we'd really be onto something. Although metadata protection is a particularly hard set of problems, especially when you want essentially real-time communication and low battery life. Still, we're in interesting times, and we have tools to make a whole new set of interesting design tradeoffs!
But being owned by Facebook, and their previous security record, has massacred WhatsApp's credibility amongst many users I've spoken to it seems.
Which users do you speak to?
I have lots of friends who are not technology-minded and zero of them care that WhatsApp is owned by Facebook. Heck most of them don't even know. It doesn't have the FB logo anywhere. I think this is a non-issue.
What's more, my experience has been that most of my friends (on the rare rare occasions when it comes up) trust WhatsApp a lot more than most tech products, because it doesn't have any ads and asks them for money occasionally. Though lots of us don't actually seem to get charged. I keep being given free extensions.
WhatsApp has huge network effects at this point, it's the de-facto standard outside of the USA. So implementing the TextSecure protocol is a huge deal. Not only does it directly help lots of people but it sets a precedent that PFS is not only for nerds and geek products but can be integrated into consumer products too. It raises the bar for everyone else.
Obviously different users! I'm aware of the network effect, and I massively commend them for such a bold, privacy-oriented approach, particularly given their previous track record. (Well done, Moxie! How'd you talk them into that?)
Everyone I know who was aware WhatsApp was Facebook-owned brought it up as a strong, overriding negative; others who heard that followed suit.
Perhaps that says more about Facebook's perception amongst that demographic than WhatsApp. (The plural of anecdotes is not data, I hasten to add.)
If there's a lesson from this, perhaps it's: something new and better needs to come from, if not trusted people, then at least not mistrusted people.
I'm still wondering where xmpp and otr failed. Because it apparently has - nobody uses or implements them. I have a perfectly fine xmpp client here that supports OTR, but nobody I know can or will use these services, despite them having most of what I would consider important - video chat, file transfer, persistence, logging, emoticons, and my client even downloads linked images and videos and displays them inline.
I use XMPP+OTR where possible, and it can be quite painful.
Support for multiple active endpoints isn't solved, at least for the clients I use, so I have to hope that whoever writes me picks the endpoint I'm actually at or I have to go through a bit of unencrypted back and forth to make them connect to the right one (I think XMPP actually has extensions for mechanisms that could solve this, syncing messages between endpoints, but I've never seen them implemented).
At least some mobile clients only maintain the OTR session while in foreground, leading to massive notification spam on the other end/delays while the session is recreated.
No encrypted offline messages. (Yes, I know, not possible while maintaining the full guarantees of OTR, but it adds complications to the workflow)
All these don't really make for great UX, and many people are not willing to put up with it.
Viber is also huge in the Philippines as a telecom there offers free Facebook + Viber without needing prepaid credit/wifi. They could roll a textsecure layer too
WhatsApp is also owned by facebook, so.. i doubt they cut of ways to get to the communications. I think it might use textsecures encryption but they will also have key.
Sorry but my experience is the opposite. Here in France most mobile phone contracts give you unlimited sms + mms. I never felt the need for whatsapp personally, neither do I know anyone using it. (but Viber over wifi is often used by people traveling/working abroad)
No need to be sorry, data > anecdotes. I use Whatsapp with a group of 20 friends to organize nights out and basically use it as a long-running IRC room. We also have different groups for movies, board games, etc. It's the group functionality that makes it better than SMS.
It's very popular in Europe, even more so (as far as I've heard) in South America, where it's used mainly instead of SMS. Heck, even my father use WhatsApp and I can't make him stop clicking on "You have 1 new message" ads. Though I deleted my WhatsApp as soon as it was acquired by Facebook.
