Pavel Durov: "You'd have to be braindead to believe WhatsApp is secure in 2026" (opens in new tab)

(twitter.com)

21 pointsmartinlaz1mo ago18 comments

18 comments

I would be highly skeptical about Telegram as well. If I would need to select either Whatsapp or Telegram, Whatsapp would be really easy choice for me, considering the background of Durov. For some reason, Telegram is extremely popular in Russia and still has managed to avoid goverment bans.

budgefrankly1mo ago

Telegram isn't even encrypted, at least not in the sense of the on-by-default end-to-end encryption used by WhatsApp, iMessage and Signal. In reality its selling point is that your chat records are placed in foreign jurisdictions so your local police can't easily access them.

https://blog.cryptographyengineering.com/2024/08/25/telegram...

Ultimately the only way to be completely sure is to use an open-source app like Signal that you've either built yourself from source you've inspected; or sourced pre-built from someone you trust.

atmanactive1mo ago

What's worse: Telegram's alleged accessibility to Moscow/FSB, or WhatsApp's proven spying and data selling to anyone?

kepponen1mo ago

Tough choice, but I would choose Whatsapp over FSB.

1 more reply

mnky9800n1mo ago

what is wrong with durov?

mnky9800n1mo ago

I suppose he may be correct but he also has a stake in the game since he made telegram. Or maybe his brother made it and he’s the face of it. I dunno. There’s always drama about something on the Russian Internet.

0xy1mo ago

WhatsApp by default exports your private key to Google Drive. If you have not done this, probably your conversation partner did.

If neither of you have done this, don't worry the client side code is so sloppy there will be a zero click RCE that can steal all your chats anyway.

phyrex1mo ago

Wow, good for you, you can make A LOT of money!! https://bugbounty.meta.com/

ThePowerOfFuet1mo ago

Interesting how exploits already got weaponized instead of being reported to Meta...

0xy1mo ago

You can make 10x this amount by handing the exploit to brokers.

Saris1mo ago

That's an interesting statement coming from the guy who made Telegram that has no e2e encryption at all by default, so is guaranteed insecure.

vrighter1mo ago

Telegram is even more insecure than pretty much any other alternative.

evan_a_a1mo ago

He offers no proof, just “trust me bro”. If they actually had found flaws, they would’ve reported them. WhatsApp uses the Signal protocol, which is built by actual cryptographers using proper formal proofs. In contrast, MTProto is not designed from a formal cryptographic approach and is described by cryptographers as “brittle”. https://martinralbrecht.wordpress.com/2025/03/16/analysis-of...

Telegram also has no public security or cryptographic assessments, while meanwhile WhatsApp has had numerous components analyzed by cryptographers for security.

https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-meta-wh...

bramhaag1mo ago

This is really funny coming from Durov, CEO of an IM app that doesn't even have E2EE on by default (or even available for group chats). Both WhatsApp and Telegram are terrible choices.

j / k navigate · click thread line to collapse

18 comments

kepponen1mo ago

budgefrankly1mo ago

https://blog.cryptographyengineering.com/2024/08/25/telegram...

Ultimately the only way to be completely sure is to use an open-source app like Signal that you've either built yourself from source you've inspected; or sourced pre-built from someone you trust.

atmanactive1mo ago

What's worse: Telegram's alleged accessibility to Moscow/FSB, or WhatsApp's proven spying and data selling to anyone?

kepponen1mo ago

Tough choice, but I would choose Whatsapp over FSB.

1 more reply

mnky9800n1mo ago

what is wrong with durov?

mnky9800n1mo ago

0xy1mo ago

WhatsApp by default exports your private key to Google Drive. If you have not done this, probably your conversation partner did.

If neither of you have done this, don't worry the client side code is so sloppy there will be a zero click RCE that can steal all your chats anyway.

phyrex1mo ago

Wow, good for you, you can make A LOT of money!! https://bugbounty.meta.com/

ThePowerOfFuet1mo ago

Interesting how exploits already got weaponized instead of being reported to Meta...

0xy1mo ago

You can make 10x this amount by handing the exploit to brokers.

Saris1mo ago

That's an interesting statement coming from the guy who made Telegram that has no e2e encryption at all by default, so is guaranteed insecure.

vrighter1mo ago

Telegram is even more insecure than pretty much any other alternative.

evan_a_a1mo ago

Telegram also has no public security or cryptographic assessments, while meanwhile WhatsApp has had numerous components analyzed by cryptographers for security.

bramhaag1mo ago

This is really funny coming from Durov, CEO of an IM app that doesn't even have E2EE on by default (or even available for group chats). Both WhatsApp and Telegram are terrible choices.

j / k navigate · click thread line to collapse