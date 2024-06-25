Last weekend, X (formerly Twitter) posted a video of a recent interview with Telegram founder Pavel Durov. In the video, Durov tells Tucker Carlson that he is the only product manager in the company and that he only employs «about 30 engineers».

Security experts say that while Durov was bragging about his company being «super-efficient», what he said was actually a red flag for users.

«Without end-to-end encryption, a huge number of vulnerable targets and servers located in the UAE? That seems like it would be a security nightmare»,” said Matthew Green, a cryptography expert at Johns Hopkins University.

Green was referring to the fact that Telegram chats do not have end-to-end encryption by default, like Signal or WhatsApp. A Telegram user has to start a «Secret Chat» to enable end-to-end encryption, which will make messages unreadable to Telegram or anyone other than the intended recipient. Many people also question the quality of Telegram’s encryption, given that the company uses a proprietary encryption algorithm created by Durov’s brother.

Lemme guess, none of these 30 staff include privacy or compliance people, and zero third-party audit is ever done to review potential security controls restricting access to users' data. "Please trust us" is not how security works. https://t.co/w7PBkU0TJR — JP Aumasson (@veorq) June 22, 2024

“Let me assume that none of these 30 employees include privacy or compliance specialists, and no third-party audits are conducted to verify potential security measures that limit access to user data. «Please trust us» — security doesn’t work that way.”

At the same time, Eva Halperin, Director of Cybersecurity at the Electronic Frontier Foundation, said that it is important to remember that Telegram, unlike Signal, is much more than just a messaging app. It is also a social media platform, and it is based on a huge amount of user data.

«Thirty engineers» means that there is no one to deal with legal requests, no infrastructure to deal with abuse and content moderation problems»,” says Eva Halperin. «Besides, if I were a threatening actor, I would definitely consider this encouraging news. Every attacker loves an opponent who is very short-staffed and overworked,» she added.

In other words, it is unlikely that Telegram will be very effective in fighting hackers, especially state hackers, with such a small staff.

Telegram did not respond to a request for information on whether the company has a chief security officer and how many of its engineers work full time to ensure the platform’s security.