In a recent interview, Telegram’s founder, Pavel Durov, disclosed that the company employs a mere “about 30 engineers.” While Durov framed this as a testament to the company’s efficiency, security experts have raised eyebrows, highlighting potential security concerns for the platform’s vast user base.
This revelation has reignited discussions about Telegram’s security practices, particularly in light of its massive user base and the sensitive nature of communications it facilitates.
Interesting Telegram operating details in this interview with founder Pavel Durov:
— ~1 billion users
— Never ran an ad
— Only 30 full-time employees
— He’s the sole director, equity holder and product manager (works directly with every engineer and designer)
— No HR (he… pic.twitter.com/NvYZBEBC70— Trung Phan (@TrungTPhan) April 18, 2024
A closer look at Telegram’s security
Durov’s statement, shared by Trung Phan on X, has prompted a deeper examination of Telegram’s security infrastructure. Notably, Telegram’s default chat settings lack end-to-end encryption, a standard feature in secure messaging apps like Signal and WhatsApp. While users can activate “Secret Chat” mode to enable this crucial security layer, the absence of default encryption raises concerns about the vulnerability of user data.
Additionally, experts have expressed reservations about Telegram’s proprietary encryption algorithm, developed by Durov’s brother. The efficacy of this algorithm has been questioned in the past, further amplifying security apprehensions.
Telegram was always more than just messaging
Eva Galperin, cybersecurity director at the Electronic Frontier Foundation, emphasizes that Telegram’s role extends beyond messaging. As a social media platform, Telegram amasses a substantial amount of user data. This data includes the contents of all communications that are not one-on-one, end-to-end encrypted messages. With a limited engineering team, Telegram’s capacity to handle legal requests, content moderation, and abuse issues is called into question
A tempting target
Galperin further points out that a small engineering team might be seen as an encouraging sign by malicious actors. A limited workforce could make Telegram a more vulnerable target for hackers, particularly those backed by governments. This vulnerability becomes especially concerning considering Telegram’s popularity among individuals dealing with sensitive information, such as cryptocurrency traders, activists, and journalists.
Recent discussions in the cybersecurity community have underscored the exorbitant cost of maintaining robust security measures. The resources required to effectively combat cyber threats are substantial, involving both financial investment and skilled personnel. Even large corporations grapple with the challenge of allocating sufficient resources to cybersecurity.
Security vs efficiency
Telegram’s situation underscores the complex balancing act between security and efficiency. While a small engineering team might contribute to streamlined operations, it could also expose vulnerabilities in the platform’s security infrastructure. As Telegram continues to attract a diverse range of users, including those engaged in sensitive activities, the importance of robust security measures cannot be overstated.
In light of recent revelations, Telegram faces growing calls for transparency regarding its security practices. Users are seeking reassurance about the company’s commitment to protecting their data and privacy. A clear and comprehensive explanation of Telegram’s security infrastructure, as well as its efforts to address potential vulnerabilities, would go a long way in alleviating user concerns.
So, is Telegram 100% safe?
While Telegram does offer some security features, such as the option for end-to-end encryption in “Secret Chats” and its use of a proprietary encryption algorithm, there are several concerns that have been raised by security experts.
Unlike other messaging apps like Signal and WhatsApp, Telegram does not enable end-to-end encryption by default. This means that regular chats on Telegram are not as secure and could potentially be accessed by third parties.
Telegram uses its own encryption algorithm, which has not been as thoroughly vetted as open-source algorithms used by other messaging apps. This raises concerns about potential vulnerabilities that may not have been discovered yet.
Telegram’s founder has stated that the company has a relatively small engineering team. This raises questions about the company’s ability to effectively address security issues and protect user data, especially given the platform’s large user base.
Featured image credit: Matt Ridley/Unsplash
