Why Telegram’s Security Practices Might Not Be as Strong as They Seem
In a recent interview with Tucker Carlson, Telegram’s founder Pavel Durov made some revealing statements about the company’s security practices. While boasting about the efficiency of his company, Durov mentioned that he is the only product manager and that there are only about 30 engineers working at Telegram. However, security experts have raised concerns about these claims.
One of the main issues highlighted by experts is the lack of end-to-end encryption in Telegram’s default chats. Unlike messaging apps like Signal or WhatsApp, Telegram requires users to start a “Secret Chat” to enable end-to-end encryption. This means that by default, users’ messages are not protected from being intercepted or read by Telegram or any other party. Matthew Green, a cryptography expert at Johns Hopkins University, expressed concern over this, stating that it could be a security nightmare for users.
Furthermore, there have been doubts raised about the quality of Telegram’s encryption over the years. The company uses its own proprietary encryption algorithm, designed by Durov’s brother. This has led to skepticism among experts about the effectiveness and reliability of Telegram’s encryption.
However, what sets Telegram apart from other messaging apps is its dual nature as both a messaging app and a social media platform. This means that Telegram stores a significant amount of user data, including non-end-to-end encrypted communications. Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, emphasized that Telegram’s lack of infrastructure for dealing with abuse and content moderation issues is a significant concern.
Galperin also criticized the size and quality of Telegram’s engineering team. With only 30 engineers, there may not be enough resources to effectively combat threats from hackers, particularly those backed by governments. The understaffed and overworked nature of Telegram’s security team could potentially make it an attractive target for threat actors.
When asked about these concerns, Telegram did not respond to requests for comment regarding their security practices, including the presence of a chief security officer and the number of engineers dedicated to securing the platform.
Ultimately, it seems that Telegram’s security practices may not be as robust as they claim. Cybersecurity experts have long warned against viewing Telegram as a truly secure messaging app, and Durov’s recent statements only reinforce these concerns. With nearly one billion users, Telegram is an enticing target for both criminal and government hackers. However, with only a handful of people dedicated to cybersecurity, the company’s ability to effectively protect its users’ data may be in question.
The bottom line is that users should exercise caution when using Telegram and be aware of its limitations in terms of security. It may be wise to consider alternative messaging apps that prioritize end-to-end encryption and have a more substantial focus on cybersecurity.
