Pavel Durov: "You'd have to be braindead to believe WhatsApp is secure in 2026"

https://twitter.com/durov/status/2015854422866469222

21•martinlaz•1w ago

Comments

mnky9800n•1w ago

I suppose he may be correct but he also has a stake in the game since he made telegram. Or maybe his brother made it and he’s the face of it. I dunno. There’s always drama about something on the Russian Internet.

0xy•1w ago

WhatsApp by default exports your private key to Google Drive. If you have not done this, probably your conversation partner did.

If neither of you have done this, don't worry the client side code is so sloppy there will be a zero click RCE that can steal all your chats anyway.

phyrex•1w ago

Wow, good for you, you can make A LOT of money!! https://bugbounty.meta.com/

0xy•1w ago

You can make 10x this amount by handing the exploit to brokers.

ThePowerOfFuet•1w ago

Interesting how exploits already got weaponized instead of being reported to Meta...

kepponen•1w ago

I would be highly skeptical about Telegram as well. If I would need to select either Whatsapp or Telegram, Whatsapp would be really easy choice for me, considering the background of Durov. For some reason, Telegram is extremely popular in Russia and still has managed to avoid goverment bans.

mnky9800n•1w ago

what is wrong with durov?

atmanactive•1w ago

What's worse: Telegram's alleged accessibility to Moscow/FSB, or WhatsApp's proven spying and data selling to anyone?

kepponen•1w ago

Tough choice, but I would choose Whatsapp over FSB.

iberator•1w ago

Why? There is a low chance of FSB successfully prosecuting you as western Citizen doing illegal/silly things in Telegram.

Big Five of other hand (UK, USA, AUSTRALIA etc) spy network are already working with your western government...

So I would rather be compromised in Russia with 0 chance of extradition there than non 0 to USA, UK GERMANY etc

(Let's say you are producing fake Coco Channel perfumes)

microtonal•1w ago

It is well known that secret services of unfriendly countries use material they can get as blackmail. The risk is not getting extradited to Russia, the risk is a Russian agent pressuring someone who works at (say) a defense company to do their bidding.

kepponen•1w ago

I'm not big fan of US politics at the moment, but still easily choose US spying over Russia. There is still some difference between these countries.

BobaFloutist•1w ago

>There is a low chance of FSB successfully prosecuting you as western Citizen doing illegal/silly things in Telegram

I'm more worried about electoral interference and stoking of social tensions than prosecution, personally.

budgefrankly•1w ago

Telegram isn't even encrypted, at least not in the sense of the on-by-default end-to-end encryption used by WhatsApp, iMessage and Signal. In reality its selling point is that your chat records are placed in foreign jurisdictions so your local police can't easily access them.

https://blog.cryptographyengineering.com/2024/08/25/telegram...

Ultimately the only way to be completely sure is to use an open-source app like Signal that you've either built yourself from source you've inspected; or sourced pre-built from someone you trust.

bramhaag•1w ago

This is really funny coming from Durov, CEO of an IM app that doesn't even have E2EE on by default (or even available for group chats). Both WhatsApp and Telegram are terrible choices.

Saris•1w ago

That's an interesting statement coming from the guy who made Telegram that has no e2e encryption at all by default, so is guaranteed insecure.

evan_a_a•1w ago

He offers no proof, just “trust me bro”. If they actually had found flaws, they would’ve reported them. WhatsApp uses the Signal protocol, which is built by actual cryptographers using proper formal proofs. In contrast, MTProto is not designed from a formal cryptographic approach and is described by cryptographers as “brittle”. https://martinralbrecht.wordpress.com/2025/03/16/analysis-of...

Telegram also has no public security or cryptographic assessments, while meanwhile WhatsApp has had numerous components analyzed by cryptographers for security.

https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-meta-wh...

vrighter•1w ago

Telegram is even more insecure than pretty much any other alternative.

There's no such thing as "tech" (Ten years later)

What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work

Ask HN: Anyone orchestrating multiple AI coding agents in parallel?

Show HN: Knowledge-Bank

Show HN: The Codeverse Hub Linux

Take a trip to Japan's Dododo Land, the most irritating place on Earth

British drivers over 70 to face eye tests every three years

BookTalk: A Reading Companion That Captures Your Voice

Is AI "good" yet? – tracking HN's sentiment on AI coding

Show HN: Amdb – Tree-sitter based memory for AI agents (Rust)

OpenClaw Partners with VirusTotal for Skill Security

Show HN: Seedance 2.0 Release

Leisure Suit Larry's Al Lowe on model trains, funny deaths and Disney

Towards Self-Driving Codebases

VCF West: Whirlwind Software Restoration – Guy Fedorkow [video]

Show HN: COGext – A minimalist, open-source system monitor for Chrome (<550KB)

FOSDEM 26 – My Hallway Track Takeaways

Show HN: Env-shelf – Open-source desktop app to manage .env files

Show HN: Almostnode – Run Node.js, Next.js, and Express in the Browser

Dell support (and hardware) is so bad, I almost sued them

Project Pterodactyl: Incremental Architecture

Styling: Search-Text and Other Highlight-Y Pseudo-Elements

Crypto firm accidentally sends $40B in Bitcoin to users

Magnetic fields can change carbon diffusion in steel

Fantasy football that celebrates great games

Show HN: Animalese

StrongDM's AI team build serious software without even looking at the code

John Haugeland on the failure of micro-worlds

Show HN: Velocity - Free/Cheaper Linear Clone but with MCP for agents

Corning Invented a New Fiber-Optic Cable for AI and Landed a $6B Meta Deal [video]

There's no such thing as "tech" (Ten years later)

What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work

Ask HN: Anyone orchestrating multiple AI coding agents in parallel?

Show HN: Knowledge-Bank

Show HN: The Codeverse Hub Linux

Take a trip to Japan's Dododo Land, the most irritating place on Earth

British drivers over 70 to face eye tests every three years

BookTalk: A Reading Companion That Captures Your Voice

Is AI "good" yet? – tracking HN's sentiment on AI coding

Show HN: Amdb – Tree-sitter based memory for AI agents (Rust)

OpenClaw Partners with VirusTotal for Skill Security

Show HN: Seedance 2.0 Release

Leisure Suit Larry's Al Lowe on model trains, funny deaths and Disney

Towards Self-Driving Codebases

VCF West: Whirlwind Software Restoration – Guy Fedorkow [video]

Show HN: COGext – A minimalist, open-source system monitor for Chrome (<550KB)

FOSDEM 26 – My Hallway Track Takeaways

Show HN: Env-shelf – Open-source desktop app to manage .env files

Show HN: Almostnode – Run Node.js, Next.js, and Express in the Browser

Dell support (and hardware) is so bad, I almost sued them

Project Pterodactyl: Incremental Architecture

Styling: Search-Text and Other Highlight-Y Pseudo-Elements

Crypto firm accidentally sends $40B in Bitcoin to users

Magnetic fields can change carbon diffusion in steel

Fantasy football that celebrates great games

Show HN: Animalese

StrongDM's AI team build serious software without even looking at the code

John Haugeland on the failure of micro-worlds

Show HN: Velocity - Free/Cheaper Linear Clone but with MCP for agents

Corning Invented a New Fiber-Optic Cable for AI and Landed a $6B Meta Deal [video]

Pavel Durov: "You'd have to be braindead to believe WhatsApp is secure in 2026"

Comments