Pavel Durov: "You'd have to be braindead to believe WhatsApp is secure in 2026"

https://twitter.com/durov/status/2015854422866469222

21•martinlaz•1w ago

Comments

mnky9800n•1w ago

I suppose he may be correct but he also has a stake in the game since he made telegram. Or maybe his brother made it and he’s the face of it. I dunno. There’s always drama about something on the Russian Internet.

0xy•1w ago

WhatsApp by default exports your private key to Google Drive. If you have not done this, probably your conversation partner did.

If neither of you have done this, don't worry the client side code is so sloppy there will be a zero click RCE that can steal all your chats anyway.

phyrex•1w ago

Wow, good for you, you can make A LOT of money!! https://bugbounty.meta.com/

0xy•1w ago

You can make 10x this amount by handing the exploit to brokers.

ThePowerOfFuet•1w ago

Interesting how exploits already got weaponized instead of being reported to Meta...

kepponen•1w ago

I would be highly skeptical about Telegram as well. If I would need to select either Whatsapp or Telegram, Whatsapp would be really easy choice for me, considering the background of Durov. For some reason, Telegram is extremely popular in Russia and still has managed to avoid goverment bans.

mnky9800n•1w ago

what is wrong with durov?

atmanactive•1w ago

What's worse: Telegram's alleged accessibility to Moscow/FSB, or WhatsApp's proven spying and data selling to anyone?

kepponen•1w ago

Tough choice, but I would choose Whatsapp over FSB.

iberator•1w ago

Why? There is a low chance of FSB successfully prosecuting you as western Citizen doing illegal/silly things in Telegram.

Big Five of other hand (UK, USA, AUSTRALIA etc) spy network are already working with your western government...

So I would rather be compromised in Russia with 0 chance of extradition there than non 0 to USA, UK GERMANY etc

(Let's say you are producing fake Coco Channel perfumes)

microtonal•1w ago

It is well known that secret services of unfriendly countries use material they can get as blackmail. The risk is not getting extradited to Russia, the risk is a Russian agent pressuring someone who works at (say) a defense company to do their bidding.

kepponen•1w ago

I'm not big fan of US politics at the moment, but still easily choose US spying over Russia. There is still some difference between these countries.

BobaFloutist•1w ago

>There is a low chance of FSB successfully prosecuting you as western Citizen doing illegal/silly things in Telegram

I'm more worried about electoral interference and stoking of social tensions than prosecution, personally.

budgefrankly•1w ago

Telegram isn't even encrypted, at least not in the sense of the on-by-default end-to-end encryption used by WhatsApp, iMessage and Signal. In reality its selling point is that your chat records are placed in foreign jurisdictions so your local police can't easily access them.

https://blog.cryptographyengineering.com/2024/08/25/telegram...

Ultimately the only way to be completely sure is to use an open-source app like Signal that you've either built yourself from source you've inspected; or sourced pre-built from someone you trust.

bramhaag•1w ago

This is really funny coming from Durov, CEO of an IM app that doesn't even have E2EE on by default (or even available for group chats). Both WhatsApp and Telegram are terrible choices.

Saris•1w ago

That's an interesting statement coming from the guy who made Telegram that has no e2e encryption at all by default, so is guaranteed insecure.

evan_a_a•1w ago

He offers no proof, just “trust me bro”. If they actually had found flaws, they would’ve reported them. WhatsApp uses the Signal protocol, which is built by actual cryptographers using proper formal proofs. In contrast, MTProto is not designed from a formal cryptographic approach and is described by cryptographers as “brittle”. https://martinralbrecht.wordpress.com/2025/03/16/analysis-of...

Telegram also has no public security or cryptographic assessments, while meanwhile WhatsApp has had numerous components analyzed by cryptographers for security.

https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-whatsap... https://www.nccgroup.com/research-blog/public-report-meta-wh...

vrighter•1w ago

Telegram is even more insecure than pretty much any other alternative.

Red teamers arrested conducting a penetration test

Show HN: Open-source AI powered Kubernetes IDE

Show HN: Lucid – Use LLM hallucination to generate verified software specs

AI Doesn't Write Every Framework Equally Well

Aisbf – an intelligent routing proxy for OpenAI compatible clients

Let's handle 1M requests per second

OpenClaw Partners with VirusTotal for Skill Security

Goal: Ship 1M Lines of Code Daily

Show HN: Codex-mem, 90% fewer tokens for Codex

FastLangML: FastLangML:Context‑aware lang detector for short conversational text

LineageOS 23.2

Crypto Deposit Frauds

Substack makes money from hosting Nazi newsletters

Framing an LLM as a safety researcher changes its language, not its judgement

Are there anyone interested about a creator economy startup

Show HN: Skill Lab – CLI tool for testing and quality scoring agent skills

2003: What is Google's Ultimate Goal? [video]

Roger Ebert Reviews "The Shawshank Redemption"

Busy Months in KDE Linux

Zram as Swap

Green’s Dictionary of Slang - Five hundred years of the vulgar tongue

Nvidia CEO Says AI Capital Spending Is Appropriate, Sustainable

Show HN: StyloShare – privacy-first anonymous file sharing with zero sign-up

Part 1 the Persistent Vault Issue: Your Encryption Strategy Has a Shelf Life

Show HN: Teleop_xr – Modular WebXR solution for bimanual robot teleoperation

The Highest Exam: How the Gaokao Shapes China

Open-source framework for tracking prediction accuracy

India's Sarvan AI LLM launches Indic-language focused models

Show HN: CryptoClaw – open-source AI agent with built-in wallet and DeFi skills

ShowHN: Make OpenClaw respond in Scarlett Johansson’s AI Voice from the Film Her

Red teamers arrested conducting a penetration test

Show HN: Open-source AI powered Kubernetes IDE

Show HN: Lucid – Use LLM hallucination to generate verified software specs

AI Doesn't Write Every Framework Equally Well

Aisbf – an intelligent routing proxy for OpenAI compatible clients

Let's handle 1M requests per second

OpenClaw Partners with VirusTotal for Skill Security

Goal: Ship 1M Lines of Code Daily

Show HN: Codex-mem, 90% fewer tokens for Codex

FastLangML: FastLangML:Context‑aware lang detector for short conversational text

LineageOS 23.2

Crypto Deposit Frauds

Substack makes money from hosting Nazi newsletters

Framing an LLM as a safety researcher changes its language, not its judgement

Are there anyone interested about a creator economy startup

Show HN: Skill Lab – CLI tool for testing and quality scoring agent skills

2003: What is Google's Ultimate Goal? [video]

Roger Ebert Reviews "The Shawshank Redemption"

Busy Months in KDE Linux

Zram as Swap

Green’s Dictionary of Slang - Five hundred years of the vulgar tongue

Nvidia CEO Says AI Capital Spending Is Appropriate, Sustainable

Show HN: StyloShare – privacy-first anonymous file sharing with zero sign-up

Part 1 the Persistent Vault Issue: Your Encryption Strategy Has a Shelf Life

Show HN: Teleop_xr – Modular WebXR solution for bimanual robot teleoperation

The Highest Exam: How the Gaokao Shapes China

Open-source framework for tracking prediction accuracy

India's Sarvan AI LLM launches Indic-language focused models

Show HN: CryptoClaw – open-source AI agent with built-in wallet and DeFi skills

ShowHN: Make OpenClaw respond in Scarlett Johansson’s AI Voice from the Film Her

Pavel Durov: "You'd have to be braindead to believe WhatsApp is secure in 2026"

Comments