Download App
iOS & Android

Telegram's Pavel Durov is wrong about Signal — and has been for years

Validated Media

Telegram founder Pavel Durov put the encrypted messaging application Signal on blast this month, arguing in a May 8 post that its privacy mechanisms amounted to a “circus trick.” His commentary was purpose-built to undermine the rival messaging app, but Durov’s history with Signal and Telegram's own privacy credentials make it hard to take his comments seriously.

Durov has been throwing stones at Signal for years. In 2017, he predicted we'd find a backdoor in their protocol within five years. Seven years later, that prediction has missed the mark. A few years later, Signal founder Moxie Marlinspike posted a thread suggesting we should stop calling Telegram an encrypted messaging app.

Signal and Telegram do not like each other.

Pavel Durov took aim at Signal in a May 8 post. Source: Telegram

In the context of historical beef between the two products, this latest post looks more like an opportunistic potshot at a market competitor than a legitimate PSA about backdoored software.

Malice in the messaging apps

Signal was already under heavy scrutiny after comments made by Signal Foundation Chair Katherine Maher, who said Wikipedia's "free and open" nature promoted a "white male Westernized construct." It was a story that received a lot of traction on social media, and drew comments from Jack Dorsey, Vitalik Buterin, and Elon Musk on X.

As people picked up their pitchforks over Maher's politics, it was all too easy for Durov to redirect the angry mob toward Signal itself.

Signal got to work dispelling the claims about their app and protocol, with President Meredith Whittaker providing important context in the replies to throw some ice on the story.

Signal Foundation President Meredith Whittaker addressed the controversy involving Maher in a May 8 post on X. Source: X

For now, things have settled down. However, this beef isn't over — if anything, it's just getting started. This row has the potential to become cybersecurity's version of Kendrick v. Drake.

The anti-Signal movement

It was easy to whip people into a frenzy about Signal. There's an anti-Signal undercurrent emerging in certain circles — a surprising sensitivity for one of the most respected messaging apps in the world.

Perhaps it started when ex-Fox News anchor Tucker Carlson appeared on Lex Fridman's Podcast earlier this year. Speaking about messaging security, Carlson said, "we all have theories about secure communications channels. Like Signal is secure, Telegraph [sic] isn't, or WhatsApp, [which] is owned by Mark Zuckerberg — you can't trust it."

In the same conversation, Carlson claimed the NSA managed to obtain and Signal messages related to his efforts to interview Russian President Vladimir Putin and subsequently leak them to the media. This may have planted the original seed of doubt, and it certainly feels like the precursor to the latest controversy.

Connecting some dots, Carlson sat down for an interview with Pavel Durov back in April. One month later, Durov's post to Du Rove's Channel said key figures had revealed to him that their "private" Signal messages had been exploited."

In case you aren't a natural Sherlock, Carlson is one of the "important people" Durov is talking about. Building from these claims, Durov says Telegram provides "the only popular method of communication that is verifiably private."

Telegram has always tried to hang with the encrypted messaging crowd, but Telegram is not a suitable Signal alternative. Telegram doesn't have end-to-end encryption by default and it doesn't have end-to-end encrypted group chats at all. Having opt-in privacy features — especially necessities like end-to-end encryption — means the vast majority of users will be left without protection.

But none of this will stop Durov from amplifying people's doubts about Signal to give Telegram a leg-up. Further conflict is likely. (Wouldn't it be nice if we could all just get along?)

As for this round of the bout, it's notable that Signal hasn't backed up Maher's comments. Their line is that Maher's politics don't really matter — you don't need to trust the people running Signal, you just need to trust the code.

It's a good line to take. With highly audited, open source code, Signal has a relatively trustless model. Maher's politics have no bearing on a PQXDH key exchange. But a decentralized model could be more trustless — and it already exists.

The anti-Signal movement 

I work on an end-to-end encrypted messaging app called Session. It runs on a decentralized network operated by ordinary community members who contribute compute resources to route and store messages.

Not only is the client and server code open source, you can verify the open source code is what's actually running on the network — you can join and run it yourself. Session does what it says on the box, no trust required whatsoever.

However, this is not a cure-all. The quirks of a decentralized network make it difficult to pull off the complex key ratcheting involved in the Signal Protocol. This ratcheting provides unique cryptographic properties, but keeping key-states updated doesn't mix with a decentralized network of community nodes which can enter and leave the network at will.

If you remove encryption entirely, you can have an awesome UX like Telegram's, where messages appear instantly as though they're rabbits out hats.

There's always a trade off. Nobody has it all — and if they say they do, they've probably got something to sell you.


All Comments

Recommended for you

  • Cointime June 22th News Express

    1. 21 million LINK flowed out of the Chainlink non-circulating supply contract 3 hours ago, equivalent to approximately US$295 million

  • Bitcoin’s blockchain bandwidth utilization exceeds 90% for the first time since April halving

    Since the halving event in April, the blockchain bandwidth usage rate of Bitcoin has exceeded 90% for the first time. The increase in bandwidth usage after the halving is mainly attributed to the adoption of new token standards, including Runes and BRC-20. Dune Analytics data shows that the transaction volume involving these two token standards has significantly increased, especially on April 23, when the transaction volume of Runes exceeded 750,000.

  • Rapper 50 Cent claims that his X account was hacked, and the hacker promoted cryptocurrency and defrauded about $300 million

    On June 22nd,famous rapper Curtis James Jackson III (stage name "50 Cent") claimed that his former Twitter account and website were hacked, resulting in hackers promoting a cryptocurrency scam and defrauding victims of $30 million.The hackers created a new cryptocurrency called "GUNIT" and used 50 Cent's large following (approximately 12.9 million fans) to attract more investors and drive up the price, then drained its value, causing the token price to plummet to $0.00016. On June 21st, 50 Cent posted on Instagram to his 32.8 million fans about the hack and admitted that a large amount of funds from victims had been lost from the project. "Twitter quickly locked my account. Whoever did this, got $30 million within 30 minutes," 50 Cent claimed, stating that he had no involvement with this cryptocurrency scam.

  • Trump campaign returns excess donations to Gemini

    Donald Trump's campaign team has returned donations exceeding the legal limit to the United States cryptocurrency exchange Gemini's co-founders Cameron Winklevoss and Tyler Winklevoss. Earlier, Gemini co-founders Cameron Winklevoss and Tyler Winklevoss tweeted that they had each donated 1 million US dollars worth of Bitcoin (15.47 BTC) to the Trump campaign, exceeding the maximum limit of $844,600 per person that the Trump committee can legally accept.

  • Glassnode: Bitcoin miners have not "completely sold off" and may be in the break-even period

    Glassnode Chief Analyst James Check said that Bitcoin miners may be struggling, but they may not have fully entered a bear market level. They mine 10 bitcoins and then sell 10 bitcoins. Miners must adapt and adjust fees to become their main source of income, forcing the industry to further innovate and apply effective capital management.

  • Jupiter Lianchuang: A new PPP mechanism needs to be invented to prove that there is a better alternative than PVP

    Meow, co-founder of Jupiter, posted on social media stating that PPP (Participant-Platform-Protocol) is very important, otherwise they will devour each other before achieving all the dreams of changing the world.Currently, incentive measures strongly favor PVP (Participant-Value-Protocol), but everyone feels worse about our industry than ever before. Now we need to invent new PPP mechanisms and use them to prove that there are better alternatives than PVP, otherwise we will just blame each other all day and say, "Yes, that's how the game is played."

  • What is Tether’s gold-backed stablecoin, ‘Alloy’ (aUSD₮)?

    Tethered assets are a versatile class of digital tokens designed to track the price of various reference assets, such as the United States dollar.

  • How to long and short with margin trading

    How to long and short with margin trading

  • AI needs authentic information at scale, and this is how blockchain can deliver

    Blockchain holds the key to feeding AI with verifiable information, and the Polkadot ecosystem is gearing up to make it happen in the data-driven future.

  • DePIN developer Verida completes $5 million seed round

    Verida, a DePIN network developer, has completed a $5 million seed round of financing with a post-investment valuation of $50 million. Participating investors include O-DE Capital Partners, ChaiTech Ventures, Simurg Labs, Gate Labs, HASH CIB, Bison Capital, Amesten Capital, and Evan Cheng from Mysten Labs. The new funds will be used to develop Verida's personal data storage infrastructure, providing decentralized storage and encryption services for user personal information.