WhatsApp was already using a custom protocol instead of TLS. We worked with them to transition over to Noise Pipes, which has some advantages over what they were doing before. Also, we've renamed Axolotl to Signal Protocol: https://whispersystems.org/blog/signal-inside-and-out/
Axolotl is cool in a techy/underground sort of way (if your into that) but completely misses the boat on being 1) Easy to spell, 2) easy to pronounce, 3) easy to understand.
Mainstream users would just say "wtf" and move on to whatsapp/telegram/facebook messenger.
"Axolotl" at least has seriously pronunciation issues so I am glad it is not used "user-side".
It's also just a cool name.
In fact, axolotls only metamorphose into salamanders if triggered by the external environment. If you don't stimulate them in the right way, they stay axolotls. For a long time they were thought of as two different types of creature completely.
There's a story of one of the very early researchers looking at his vivarium one day and discovering that it was now full of salamanders rather than the axolotls he was expecting. I would love to have heard the conversation...
They’re distinctively spelled, don’t collide with existing search terms, often have available domains, etc. Most importantly, they anticipated the web 2.0 trend of ending words with two consonants in a row. ;)
Finally, just look at this guy: https://upload.wikimedia.org/wikipedia/commons/f/f6/AxolotlB...
Edit: yes, it's a suffix (for Classical Nahuatl): "Non-possessed nouns take a suffix called the absolutive. This suffix takes the form -tl after vowels (ā-tl, "water") and -tli after consonants [...]" ().
I don't understand what you're thinking of here? Here are some Latin nouns, all in nominative case:
nauta (first declension)
> Most importantly, they anticipated the web 2.0 trend of ending words with two consonants in a row. ;)
But those words (coyote, mesquite, tomato, and avocado, unless I seriously miss my guess) all end in a vowel.
Because they were adopted by Spanish speakers. English products using these names could either adopt the Spanish form, or as the GP suggest follow the 2.0 trend and recover the original form, publishing their webpage in the East Timor .tl domain.
"Signal" in IT usually means UNIX inter-process communication.
Noise starts from a clean state with modern knowledge of cryptography and modern cryptography. Much easier to understand and replicate, much harder to shoot yourself in the foot with.
TLS brings modularity and evolutivity, much needed in a protocol the scale of HTTP. In Whatsapp's case, Whatsapp controls both the server and the client; it is much easier to transition between versions because all bricks are under control. When you don't need what TLS brings anymore it makes sense to discard it.
As another example: Tarsnap (https://www.tarsnap.com/) uses spiped (https://www.tarsnap.com/spiped.html), a very simple yet powerful mechanism to build an encrypted channel. Its protocol and proof fit in ~100 lines (https://github.com/Tarsnap/spiped/blob/master/README). When you don't need all the jazz provided by TLS (and when you're lucky enough to be able to pre-share keys, which helps a lot) then a simple protocol is good.
You're right that it's not a good idea for generalists to pick up Noise and go to town with it. Noise isn't misuse-proof.
Nor is SSL. Couldn't an opinionated SSL library (supporting exactly one protocol version, one cipher only, etc) provide the same simplicity of use while remaining interoperable and reusing an already-validated protocol?
It's not the choice I would have made, but I am not as good as Moxie or Trevor.
The idea is more or less what you want, hardcode some known-good configuration for servers that can't or won't be upgraded every other month.
I would argue it's easier to shoot yourself in the face trying to re-implement/re-design something like TLS.
Maybe not all of WhatsApp's platforms support the latest TLS improvements though, thus it's easier to roll their own?
As an aside, what's with Nietzsche? He seems to crop up in your screenshots quite frequently.
(just a guess)
Is that true? Are the messages decrypted server-side for iOS users?
And for anyone else that hates visiting these social networks, Moxie's reply was, "I'm sure, but it'd be to everyone's benefit for you to verify."