The option The Guardian is describing there is something like this:
When my partner's key changes:
[ ] Show me a notification (y/n)
What I was talking about was an option like this:
When my partner's key changes:
[ ] Wait for my manual confirmation before delivering any messages from my
partner that are dated after the key change (y/n)
To me it's up for debate whether or not the existence of the first option or the fact that it's disabled by default are good ideas, in terms of the behavior of the app matching consumer expectations of security. It'd be safer for it to be permanently enabled, but that's neither here nor there.
But the second option would be fundamentally broken and leak information to the server about how conscientious a user is about security, which is why the author, whatsapp, and everyone in this sub-thread agrees it's a bad idea. Someone else gave an concise example elsewhere in the thread: https://news.ycombinator.com/item?id=13397118
edit
N.B.: Requiring manual verification all the time, from everyone, would not leak any information and would be the most secure. Allowing users to choose whether or not they want to manually verify is the leaky bit.
Well, there are two options: notification option and confirmation option.
Moxie correctly assumes that confirmation option (require manual
confirmation to resend if key changes) should either be enabled for everyone or disabled for everyone, as its state can be determined passively by the server. But it depends on the notification option. His conclusion is that confirmation option should be disabled for everyone because if it is enabled, it is possible to leak notification option state. But it is wrong. More secure solution exists: enable notification option for everyone, and then enable confirmation option for everyone.
I was complaining about why notification should be an option. Even worse, disabled by default.
Wire [0] just shows "resend" button near message when it is not delivered and always shows notifications about key changes if you have verified devices. You can still ignore verification option if you want and get no notifications.
Signal blocks with a message when key changes.
Both solutions are secure, Wire's is more convenient, Signal is less error-prone. WhatsApp solution is simply insecure.
Ahhhh, dependencies. You're right. This is more involved than I originally thought. Here, does the following look like an accurate summary of the situation? (For optional row/cols, "Optional (yes)" with a value of "secure" means "if the feature is optional, it's secure for users who have it enabled.")
If both notification and confirmation are optional and enabled, it is secure.
And I don't think WhatsApp is secure for anyone with its permanently disabled confirmation. Maybe it prevents mass surveillance, but it is still vulnerable to targeted attack. Surely it may cost facebook reputation and the attack will be detected in the end, but it is still possible.
But the second option would be fundamentally broken and leak information to the server about how conscientious a user is about security, which is why the author, whatsapp, and everyone in this sub-thread agrees it's a bad idea. Someone else gave an concise example elsewhere in the thread: https://news.ycombinator.com/item?id=13397118
edit
N.B.: Requiring manual verification all the time, from everyone, would not leak any information and would be the most secure. Allowing users to choose whether or not they want to manually verify is the leaky bit.