Pavel Durov, founder and CEO of Telegram, has sparked controversy and concern among cybersecurity experts with recent revelations about the messaging app’s operational setup. In an interview with Tucker Carlson, Durov disclosed that Telegram operates with a minimal team of “about 30 engineers,” with himself as the sole product manager. While Durov touted this lean structure as a testament to efficiency, security professionals view it as a potential threat to user safety.
Matthew Green, a cryptography expert at Johns Hopkins University, raised alarms about Telegram’s security vulnerabilities. “Without end-to-end encryption, huge numbers of vulnerable targets, and servers located in the UAE? Seems like that would be a security nightmare,” Green commented in an interview with TechCrunch.
Unlike its competitors Signal and WhatsApp, Telegram does not employ end-to-end encryption by default, leaving messages potentially accessible to Telegram or other parties unless users initiate a “Secret Chat.”
Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, highlighted Telegram’s dual role as both a messaging app and a social media platform housing extensive user data. “‘Thirty engineers’ means that there is no one to fight legal requests, there is no infrastructure for dealing with abuse and content moderation issues,” Galperin warned.
Galperin also noted that Telegram’s understaffed security team could attract malicious actors, including government-backed hackers, due to its popularity among cryptocurrency enthusiasts, extremists, and purveyors of disinformation.
Experts are skeptical about Telegram’s ability to effectively combat these threats given its small team. This concern arises at a time when even major tech companies struggle to allocate sufficient resources to cybersecurity, as underscored by cybersecurity analyst SwiftOnSecurity on X (formerly Twitter).
For years, security experts have cautioned against relying on Telegram as a fully secure messaging app. Durov’s recent disclosures have intensified these concerns, suggesting potential vulnerabilities that may compromise user privacy and data security.
As scrutiny mounts, users and observers alike await further developments and responses from Telegram regarding its approach to enhancing security measures in the face of growing cybersecurity challenges.
