Over the weekend, a clip of a recent interview with Telegram founder Pavel Durov went viral on X (formerly Twitter). in the videoDurov tells right-wing personality Tucker Carlson that he is the company’s only product manager, and that he only employs “about 30 engineers.”
Security experts say that while Durov boasted that his Dubai-based company was “super efficient,” what he said was actually a red flag for users.
“Without end-to-end encryption, huge numbers of vulnerable targets, and servers located in the UAE? This looks like it would be a security nightmare,” Matthew Green, a cryptographer at Johns Hopkins University, told TechCrunch.
Green was referring to the fact that chats on Telegram – by default – are not end-to-end encrypted as they are on Signal or WhatsApp. A Telegram user has to start a “secret chat” to turn on end-to-end encryption, making messages unreadable to Telegram or anyone other than the intended recipient. Also, over the years, many people have questioned the quality of Telegram’s encryption, given that the company uses its own encryption algorithm, which was created by Durov’s brother, he said in an extended version of Carlson’s interview.
Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation and a longtime expert on the security of vulnerable users, said it’s important to remember that Telegram, unlike Signal, is much more than just a messaging app.
“What makes Telegram different (and much worse!) is that Telegram is not just a messaging app, it is also a social media platform. As a social media platform, it sits on a huge amount of user data. In fact, it sits on the contents of all communications that are not Individual messages have been identified [end-to-end] “Encrypted,” Galperin told TechCrunch. “Thirty engineers means there is no one to fight legal requests, and no infrastructure to deal with abuse and content moderation issues.”
“And I would argue that the quality of these 30 engineers is not that good,” Galperin continued. “Also, if I were a threat, I would definitely consider this to be encouraging news. Every striker likes an opponent who is severely understaffed and overwhelmed.
In other words, Telegram is unlikely to be very effective at fighting hackers, especially government-backed ones, with such a small staff.
Telegram did not respond to a request for comment, which included questions about whether the company has a chief security officer and how many of its engineers work full-time on securing the platform.
Last week, well-known cybersecurity expert SwiftOnSecurity said Written on X “The cost of running a company with all the cybersecurity tools and the right staff is absolutely obscene.”
“It is difficult to describe the numbers I saw. And even to say that this is a gray area. But it is [an] “The headcount and spending is incredible,” SwiftOnSecurity wrote.
The bottom line is that even the largest companies on the planet probably don’t spend enough money, time, and energy on insuring themselves. Telegram has nearly 1 billion users, according to Durov. It is one of the most popular platforms for crypto people (who move millions of dollars), extremists, hackers, and misinformation sellers.
This makes it an incredibly interesting target for both criminal and government hackers. It has – at most – a few people dedicated to cybersecurity.
For years, protection Experts Owns to caution That people should not see Telegram as a truly secure messaging app. And given what Durov said recently, it may be worse than experts think.