Concerns Rise Over Telegram’s Small Engineering Team and Security Practices
Over the weekend, a video clip from an interview with Telegram founder Pavel Durov gained attention on social media. In the interview, Durov told Tucker Carlson that he is the only product manager at Telegram and that the company employs “about 30 engineers.”
While Durov portrayed this as a testament to the company’s efficiency, security experts view it as a significant concern for users.
Matthew Green, a cryptography expert at Johns Hopkins University, expressed alarm over Telegram’s staffing and security measures. He pointed out that Telegram’s default chats are not end-to-end encrypted, unlike those on Signal or WhatsApp. Users must initiate a “Secret Chat” to enable end-to-end encryption, which ensures that only the intended recipient can read the messages.
Telegram’s use of a proprietary encryption algorithm, developed by Durov’s brother, has also raised doubts about its reliability.
Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, emphasized the broader implications of Telegram’s approach. She highlighted that Telegram functions not just as a messaging app but also as a social media platform, thereby holding vast amounts of user data.
This includes all non-encrypted communications, which could be vulnerable without robust security infrastructure. Galperin noted that a team of 30 engineers is insufficient to handle legal requests, abuse issues, and content moderation effectively.
Galperin also questioned the quality of Telegram’s engineering team and suggested that the company’s small staff might be appealing to malicious actors. “Every attacker loves a profoundly understaffed and overworked opponent,” she remarked.
The potential vulnerabilities of Telegram are further compounded by its server locations in the UAE, which some experts believe could pose additional security risks. Telegram’s lack of response to queries about its security practices, including whether it has a chief security officer or dedicated cybersecurity personnel, has only fueled these concerns.
Renowned cybersecurity expert SwiftOnSecurity recently commented on the high costs and extensive resources required to maintain robust cybersecurity. They noted that even large companies struggle to allocate sufficient funds and personnel for security.
This raises questions about Telegram’s capacity to protect its nearly one billion users, especially given its popularity among individuals in high-risk sectors such as cryptocurrency, extremism, and hacking.
For years, security experts have cautioned users against viewing Telegram as a fully secure messaging app. Durov’s recent revelations suggest that the platform’s security may be even more compromised than previously thought.
As Telegram continues to grow, addressing these security concerns will be crucial to maintaining user trust and safeguarding sensitive information.
