• ForgottenFlux@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    3
    ·
    5 months ago

    Summary:

    • Telegram founder Pavel Durov claimed in an interview that the company only employs “about 30 engineers.”
    • Security experts say this is a major red flag for Telegram’s cybersecurity, as it suggests the company lacks the resources to effectively secure its platform and fight off hackers.
    • Telegram’s chats are not end-to-end encrypted by default, unlike more secure messaging apps like Signal or WhatsApp. Users have to manually enable the “Secret Chat” feature to get end-to-end encryption.
    • Telegram also uses its own proprietary encryption algorithm, which has raised concerns about its security.
    • As a social media platform with nearly 1 billion users, Telegram is an attractive target for both criminal and government hackers, but it seems to have very limited staff dedicated to cybersecurity.
    • Security experts have long warned that Telegram should not be considered a truly secure messaging app, and Durov’s recent statement may indicate that the situation is worse than previously thought.
      • mozz@mbin.grits.dev
        link
        fedilink
        arrow-up
        24
        ·
        5 months ago

        The quote leaves out the best part.

        people have cast doubt over the quality of Telegram’s encryption, given that the company uses its own proprietary encryption algorithm, created by Durov’s brother

      • catastrophicblues@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        5 months ago

        To be fair: someone somewhere has to make algorithms that we use. I honestly don’t know if Telegram’s encryption is strong or how strong based on their white paper, but I’m interested in an unbiased evaluation.

        • henfredemars@infosec.pub
          link
          fedilink
          English
          arrow-up
          5
          ·
          5 months ago

          Developers should not design encryption algorithms. They should instead implement algorithms that were designed by a mathematician.