Moxie Marlinspike, founder of encrypted communication app Signal, warned on Twitter that Telegram is posing as a secure app, when in fact all communications and contacts are stored in a database that Russia can easily access..
Likewise, he warned that Moscow could target Telegram employees in Russia to gain access to this database. Marlinspike added: “If Russia doesn’t want to bother with hacking, they can take advantage of family security to access”.
Tesla billionaire founder Elon Musk jumped in to ask Marlinspike, “Are you sure Signal is secure?”
Marlinspike responded: “Signal is designed very differently. All communication is e2ee (end-to-end encrypted), so there is no cloud database with everyone’s entire plain text message history. Groups are encrypted by default, so the only people who know the details of the group are the people who are in it. The same with contacts, calls, social graphs, etc.”
A Telegram spokesperson said: “This type of FUD (fear, uncertainty and doubt) is not surprising, coming from a small (and typical) competitor. That said, they do. I can confirm that we are not developers or servers in Russia and we do not see any mentioned risks. For those who want to use the app, Telegram has a secret message feature that promises more security.”
The Telegram app was founded by the Russian billionaire, Pavel Durov. However, Alan Woodward, a cryptography expert at the University of Surrey, said he “would not trust Telegram”.
“The crypto is homegrown and has never been held for public scrutiny. Quite the opposite for Signal and WhatsApp. The other thing you can see about Telegram is the amount of metadata it generates.” That metadata includes logs of “who is talking to whom, when and for how long, plus some other ancillary data that can easily track and identify users. Signal does not do this. WhatsApp does some of that, which is why I prefer Signal,” Woodward added.