Pavel Durov: "You'd have to be braindead to believe WhatsApp is secure in 2026"

https://twitter.com/durov/status/2015854422866469222

21•martinlaz•1w ago

Comments

mnky9800n•1w ago

I suppose he may be correct but he also has a stake in the game since he made telegram. Or maybe his brother made it and he’s the face of it. I dunno. There’s always drama about something on the Russian Internet.

0xy•1w ago

WhatsApp by default exports your private key to Google Drive. If you have not done this, probably your conversation partner did.

If neither of you have done this, don't worry the client side code is so sloppy there will be a zero click RCE that can steal all your chats anyway.

phyrex•1w ago

Wow, good for you, you can make A LOT of money!! https://bugbounty.meta.com/

0xy•1w ago

You can make 10x this amount by handing the exploit to brokers.

ThePowerOfFuet•1w ago

Interesting how exploits already got weaponized instead of being reported to Meta...

kepponen•1w ago

I would be highly skeptical about Telegram as well. If I would need to select either Whatsapp or Telegram, Whatsapp would be really easy choice for me, considering the background of Durov. For some reason, Telegram is extremely popular in Russia and still has managed to avoid goverment bans.

mnky9800n•1w ago

what is wrong with durov?

atmanactive•1w ago

What's worse: Telegram's alleged accessibility to Moscow/FSB, or WhatsApp's proven spying and data selling to anyone?

kepponen•1w ago

Tough choice, but I would choose Whatsapp over FSB.

iberator•1w ago

Why? There is a low chance of FSB successfully prosecuting you as western Citizen doing illegal/silly things in Telegram.

Big Five of other hand (UK, USA, AUSTRALIA etc) spy network are already working with your western government...

So I would rather be compromised in Russia with 0 chance of extradition there than non 0 to USA, UK GERMANY etc

(Let's say you are producing fake Coco Channel perfumes)

microtonal•1w ago

It is well known that secret services of unfriendly countries use material they can get as blackmail. The risk is not getting extradited to Russia, the risk is a Russian agent pressuring someone who works at (say) a defense company to do their bidding.

kepponen•1w ago

I'm not big fan of US politics at the moment, but still easily choose US spying over Russia. There is still some difference between these countries.

BobaFloutist•1w ago

>There is a low chance of FSB successfully prosecuting you as western Citizen doing illegal/silly things in Telegram

I'm more worried about electoral interference and stoking of social tensions than prosecution, personally.

budgefrankly•1w ago

Telegram isn't even encrypted, at least not in the sense of the on-by-default end-to-end encryption used by WhatsApp, iMessage and Signal. In reality its selling point is that your chat records are placed in foreign jurisdictions so your local police can't easily access them.

https://blog.cryptographyengineering.com/2024/08/25/telegram...

Ultimately the only way to be completely sure is to use an open-source app like Signal that you've either built yourself from source you've inspected; or sourced pre-built from someone you trust.

bramhaag•1w ago

This is really funny coming from Durov, CEO of an IM app that doesn't even have E2EE on by default (or even available for group chats). Both WhatsApp and Telegram are terrible choices.

Saris•1w ago

That's an interesting statement coming from the guy who made Telegram that has no e2e encryption at all by default, so is guaranteed insecure.

evan_a_a•1w ago

He offers no proof, just “trust me bro”. If they actually had found flaws, they would’ve reported them. WhatsApp uses the Signal protocol, which is built by actual cryptographers using proper formal proofs. In contrast, MTProto is not designed from a formal cryptographic approach and is described by cryptographers as “brittle”. https://martinralbrecht.wordpress.com/2025/03/16/analysis-of...

Telegram also has no public security or cryptographic assessments, while meanwhile WhatsApp has had numerous components analyzed by cryptographers for security.

https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-meta-wh...

vrighter•1w ago

Telegram is even more insecure than pretty much any other alternative.

Reputation Scores for GitHub Accounts

A BSOD for All Seasons – Send Bad News via a Kernel Panic

Show HN: I got tired of copy-pasting between Claude windows, so I built Orcha

Omarchy First Impressions

Reinforcement Learning from Human Feedback

Show HN: Versor – The "Unbending" Paradigm for Geometric Deep Learning

Show HN: HypothesisHub – An open API where AI agents collaborate on medical res

Big Tech vs. OpenClaw

Anofox Forecast

Ask HN: How do you figure out where data lives across 100 microservices?

Motus: A Unified Latent Action World Model

Rotten Tomatoes Desperately Claims 'Impossible' Rating for 'Melania' Is Real

The protein denitrosylase SCoR2 regulates lipogenesis and fat storage [pdf]

Los Alamos Primer

NewASM Virtual Machine

Terminal-Bench 2.0 Leaderboard

I vibe coded a BBS bank with a real working ledger

The Path to Mojo 1.0

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

Show HN: I built Divvy to split restaurant bills from a photo

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

Skim – vibe review your PRs

Show HN: Open-source AI assistant for interview reasoning

Tech Edge: A Living Playbook for America's Technology Long Game

Golden Cross vs. Death Cross: Crypto Trading Guide

Hoot: Scheme on WebAssembly

What the longevity experts don't tell you

Monzo wrongly denied refunds to fraud and scam victims

They were drawn to Korea with dreams of K-pop stardom – but then let down

Show HN: AI-Powered Merchant Intelligence

Reputation Scores for GitHub Accounts

A BSOD for All Seasons – Send Bad News via a Kernel Panic

Show HN: I got tired of copy-pasting between Claude windows, so I built Orcha

Omarchy First Impressions

Reinforcement Learning from Human Feedback

Show HN: Versor – The "Unbending" Paradigm for Geometric Deep Learning

Show HN: HypothesisHub – An open API where AI agents collaborate on medical res

Big Tech vs. OpenClaw

Anofox Forecast

Ask HN: How do you figure out where data lives across 100 microservices?

Motus: A Unified Latent Action World Model

Rotten Tomatoes Desperately Claims 'Impossible' Rating for 'Melania' Is Real

The protein denitrosylase SCoR2 regulates lipogenesis and fat storage [pdf]

Los Alamos Primer

NewASM Virtual Machine

Terminal-Bench 2.0 Leaderboard

I vibe coded a BBS bank with a real working ledger

The Path to Mojo 1.0

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

Show HN: I built Divvy to split restaurant bills from a photo

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

Skim – vibe review your PRs

Show HN: Open-source AI assistant for interview reasoning

Tech Edge: A Living Playbook for America's Technology Long Game

Golden Cross vs. Death Cross: Crypto Trading Guide

Hoot: Scheme on WebAssembly

What the longevity experts don't tell you

Monzo wrongly denied refunds to fraud and scam victims

They were drawn to Korea with dreams of K-pop stardom – but then let down

Show HN: AI-Powered Merchant Intelligence

Pavel Durov: "You'd have to be braindead to believe WhatsApp is secure in 2026"

Comments