Pavel Durov: "You'd have to be braindead to believe WhatsApp is secure in 2026"
twitter.comI would be highly skeptical about Telegram as well. If I would need to select either Whatsapp or Telegram, Whatsapp would be really easy choice for me, considering the background of Durov. For some reason, Telegram is extremely popular in Russia and still has managed to avoid goverment bans.
Telegram isn't even encrypted, at least not in the sense of the on-by-default end-to-end encryption used by WhatsApp, iMessage and Signal. In reality its selling point is that your chat records are placed in foreign jurisdictions so your local police can't easily access them.
https://blog.cryptographyengineering.com/2024/08/25/telegram...
Ultimately the only way to be completely sure is to use an open-source app like Signal that you've either built yourself from source you've inspected; or sourced pre-built from someone you trust.
What's worse: Telegram's alleged accessibility to Moscow/FSB, or WhatsApp's proven spying and data selling to anyone?
Tough choice, but I would choose Whatsapp over FSB.
Why? There is a low chance of FSB successfully prosecuting you as western Citizen doing illegal/silly things in Telegram.
Big Five of other hand (UK, USA, AUSTRALIA etc) spy network are already working with your western government...
So I would rather be compromised in Russia with 0 chance of extradition there than non 0 to USA, UK GERMANY etc
(Let's say you are producing fake Coco Channel perfumes)
It is well known that secret services of unfriendly countries use material they can get as blackmail. The risk is not getting extradited to Russia, the risk is a Russian agent pressuring someone who works at (say) a defense company to do their bidding.
I'm not big fan of US politics at the moment, but still easily choose US spying over Russia. There is still some difference between these countries.
>There is a low chance of FSB successfully prosecuting you as western Citizen doing illegal/silly things in Telegram
I'm more worried about electoral interference and stoking of social tensions than prosecution, personally.
what is wrong with durov?
I suppose he may be correct but he also has a stake in the game since he made telegram. Or maybe his brother made it and he’s the face of it. I dunno. There’s always drama about something on the Russian Internet.
WhatsApp by default exports your private key to Google Drive. If you have not done this, probably your conversation partner did.
If neither of you have done this, don't worry the client side code is so sloppy there will be a zero click RCE that can steal all your chats anyway.
Wow, good for you, you can make A LOT of money!! https://bugbounty.meta.com/
Interesting how exploits already got weaponized instead of being reported to Meta...
You can make 10x this amount by handing the exploit to brokers.
That's an interesting statement coming from the guy who made Telegram that has no e2e encryption at all by default, so is guaranteed insecure.
Telegram is even more insecure than pretty much any other alternative.
He offers no proof, just “trust me bro”. If they actually had found flaws, they would’ve reported them. WhatsApp uses the Signal protocol, which is built by actual cryptographers using proper formal proofs. In contrast, MTProto is not designed from a formal cryptographic approach and is described by cryptographers as “brittle”. https://martinralbrecht.wordpress.com/2025/03/16/analysis-of...
Telegram also has no public security or cryptographic assessments, while meanwhile WhatsApp has had numerous components analyzed by cryptographers for security.
https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-meta-wh...
This is really funny coming from Durov, CEO of an IM app that doesn't even have E2EE on by default (or even available for group chats). Both WhatsApp and Telegram are terrible choices.