Over the weekend, a video from a recent interview with Telegram founder Pavel Durov appeared on X (formerly Twitter). In the video, Durov tells Tucker Carlson that he is the company's only product manager and that he has only "about 30 engineers" working for him.
Security experts say that while Durov boasted about his company being "super-efficient," what he actually said was a red flag for users.
"Without end-to-end encryption, a huge number of vulnerable targets and servers located in the UAE? It seems like it would be a security nightmare," said Matthew Green, a cryptography expert from Johns Hopkins University.
Green meant that by default, chats in Telegram do not have end-to-end encryption like in Signal or WhatsApp. A Telegram user must start a "Secret Chat" to enable end-to-end encryption, making messages unreadable to Telegram or anyone other than the intended recipient. Many people also doubt the quality of Telegram's encryption, considering that the company uses its own encryption algorithm created by Durov's brother.
Lemme guess, none of these 30 staff include privacy or compliance people, and zero third-party audit is ever done to review potential security controls restricting access to users' data. "Please trust us" is not how security works. https://t.co/w7PBkU0TJR
— JP Aumasson (@veorq) June 22, 2024
"Let me guess, none of these 30 employees include privacy or compliance experts, and no third-party audit is conducted to review potential security measures restricting access to user data. "Please trust us" - security doesn't work like that."
At the same time, Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, said it is important to remember that Telegram, unlike Signal, is much more than just a messaging app. It is also a social networking platform based on a huge amount of user data.
"'Thirty engineers' means that there is no one to handle legal requests, no infrastructure to combat abuses and content moderation issues," said Eva Galperin.
"Furthermore, if I were a malicious actor, I would certainly consider this encouraging news. Every attacker loves an opponent with very few staff and exhaustion," she added.
In other words, Telegram is unlikely to be very effective in fighting hackers, especially state ones, with such a small team.
Telegram did not respond to a request about whether the company has a chief security officer and how many engineers work full-time on platform security.
Source: techcrunch
Comments (0)
There are no comments for now