A short video clip from a recent conversation with Pavel Durov, the founder of Telegram, went somewhat viral on X (formerly Twitter) over the weekend. Durov tells Tucker Carlson, a right-wing talk show host, in the video that he is the only product manager at the company and that he only works with “about 30 engineers.”
When Durov bragged that his company in Dubai was “super efficient,” security experts say that what he said should have raised red flags for users.
“Without end-to-end encryption, there are a lot of targets that are easy to attack, and the servers are in the UAE.” TechCrunch talked to Matthew Green, a cryptography expert at Johns Hopkins University, about how that would be terrible for security.
Green was talking about the fact that Telegram talks are not end-to-end encrypted by default like Signal or WhatsApp chats are. End-to-end encryption can only be turned on in a “Secret Chat” between two Telegram users. This means that only the intended receiver can read the messages. The company uses its own encryption algorithm, which was created by Durov’s brother, as he said in an extended version of the Carlson interview. This has led many people to question the quality of Telegram’s encryption over the years.
An expert on the safety of high-risk users for a long time, Eva Galperin, is the head of cybersecurity at the Electronic Frontier Foundation. She said it’s important to remember that Telegram is more than just a messaging app, unlike Signal.
Telegram isn’t just a chat app; it’s also a social media site, which makes it different (and much worse!). As a social networking site, it has a huge amount of information about its users. “In fact, it has all the contents of all communications that aren’t one-on-one messages that have been specifically [end-to-end] encrypted,” Galperin told TechCrunch. “Thirty engineers” means that there is no one to fight court requests and no way to handle problems with abuse and content moderation.
Galperin went on, “And I would even argue that the quality of those 30 engineers isn’t that great.” “Also, if I were a threat actor, this would definitely make me feel better.” Every attacker loves an opponent who is severely understaffed and stressed.
That is, Telegram probably won’t be able to fight hackers very well with such a small staff, especially hackers backed by the government.
Let me guess: none of these 30 employees work in privacy or compliance, and there is never a third-party audit of any security rules that might limit access to users’ data. Not really, “Please trust us” doesn’t work as protection.
A request for comment was sent to Telegram, asking if the company has a chief security officer and how many engineers work full time to keep the platform safe. Telegram did not reply.
The famous cybersecurity expert SwiftOnSecurity wrote on X last week, “It costs a fortune to run a business with all the right cybersecurity tools and staff.”
“The numbers I’ve seen are hard to explain.” We could even say that this is a gray area. “But it’s an unbelievable number of people and money,” SwiftOnSecurity wrote.
To sum up, even the world’s biggest businesses probably don’t protect themselves enough with money, time, and effort. Durov says that Telegram has almost a billion users. People who work in crypto (and move millions of dollars around) as well as extremists, hackers, and people who spread false information love it.
Hackers from both the government and crime groups find it very interesting. At most, only a few people work there full-time on protection.
Also Read: Users Can Now Change Their Telegram Accounts From Personal to Business Ones
For many years, security experts have told people not to think of Telegram as a truly safe chat app. Based on what Durov said not long ago, it might be even worse than experts thought.
What do you say about this story? Visit Parhlo World For more.
