You cannot create an account or sign up via web app. But let's put that aside.
You can ONLY sign up / register / add one device.
Not "at a time", even. At all.
You use your tablet, your phone disconnects.
You use your computer, your laptop disconnects.
You switch from laptop to desktop a few times, and now it's suspicious and gives you additional difficulties or bans you outright (that may or may not still be the case, but was when I tried this nightmare of an app a year ago or so).
You can only have ONE mobile and ONE computer device, at best, if you're lucky, and stars align, and it's second Tuesday of the month and the moon is full and you sing praises to Garmunklee the demon of impractical communication methods. Trying to access it on work and personal laptop; work and personal phone; or on phone and tablet; all is completely outside the supported use case and is for all intents and purposes impossible.
Compare to old-school ICQ, AIM, any XMPP, or Hangouts or indeed email etc, where you can seamlessly transition communication from device to device - and even check your messages on trusted public or 3rd party device such as friend's computer - and it's like waking up in a twilight zone.
It is pretty much the most architecturally user-hostile system I've encountered in my life, but again - I'm clearly in 2,000,000,000 vs 1 minority here :D
I feel like this is a very long way of saying that in WhatsApp there is a single private key which is stored on the device that you register.
You're not supposed to be switching between devices like that. You're supposed to be proxying your messages through your primary device (i.e. cell phone) using the web interface.
Like the UX is bad for people with two phones and the mobile experience of WhatsApp web is nonexistent so that kinda sucks but "having one phone, and sometimes a tablet/laptop with the web interface" covers a lot of people.
E2E is hard when you have to route messages to multiple devices, aren't storing messages in a central server, and those devices can be unavailable for indeterminate amounts of time and no guarantee that a subset of devices having the complete chat history will ever be on at the same time to sync.
>E2E is hard when you have to route messages to multiple devices, ...
OpenPGP has been dealing with multiple recipients since forever with no back channel even.
> ...aren't storing messages in a central server,...
Who cares if we are doing E2E?
> ...and those devices can be unavailable for indeterminate amounts of time and no guarantee that a subset of devices having the complete chat history will ever be on at the same time to sync.
You only have to store the encrypted messages for each individual client until they connect again. If you are doing perfect forward secrecy then the client has to keep the decryption key around until the next connection so the server stored messages can be decoded. Then the key is destroyed.
>>You're not supposed to be switching between devices like that.
That's the Apple "You're not supposed to use our device that way" approach, and again, while it works for a huge swath of users and I am completely cognizant I'm in a tiny contrarian minority, it still and nevertheless feels like a hostile user experience.
Note that "Switching devices like that" is ever so tiny a misnomer; I am "Using multiple devices" (not replacing my phones permanently etc, which I get is a more difficult scenario... and one that Whatsapp historically deals with in the most insecure fashion imaginable; until recently their FAQ held explanations that you may get somebody else's messages if you get their phone number; or that if you switch your own phone number you need to email support and wait; it really feels they focused on the E2E encryption, important to tiny proportion of their userbase, over any other security consideration; but again... I get I'm alone in this perception :)
My problems with WhatsApp desktop isn't that I can't use multiple phones, it's the various issues that don't affect Signal desktop. (Can only have one desktop/laptop, no iPadOS, messages randomly won't send/receive if phone is in too deep a sleep mode.)
You can ONLY sign up / register / add one device.
Not "at a time", even. At all.
You use your tablet, your phone disconnects.
You use your computer, your laptop disconnects.
You switch from laptop to desktop a few times, and now it's suspicious and gives you additional difficulties or bans you outright (that may or may not still be the case, but was when I tried this nightmare of an app a year ago or so).
You can only have ONE mobile and ONE computer device, at best, if you're lucky, and stars align, and it's second Tuesday of the month and the moon is full and you sing praises to Garmunklee the demon of impractical communication methods. Trying to access it on work and personal laptop; work and personal phone; or on phone and tablet; all is completely outside the supported use case and is for all intents and purposes impossible.
Compare to old-school ICQ, AIM, any XMPP, or Hangouts or indeed email etc, where you can seamlessly transition communication from device to device - and even check your messages on trusted public or 3rd party device such as friend's computer - and it's like waking up in a twilight zone.
It is pretty much the most architecturally user-hostile system I've encountered in my life, but again - I'm clearly in 2,000,000,000 vs 1 minority here :D