Moxie Marlin Spike, founder of the application encrypted communication Signal, warned on Twitter that Telegram masquerades as a secure app, when in fact all communications and contacts are stored in a database that Russia can easily access.
Likewise, he warned that Moscow could target Telegram employees in Russia to gain access to this database. Marlinspike added: “If Russia doesn’t want to bother with hacking, they can take advantage of family security to gain access.”
Telegram is the most popular messenger in urban Ukraine. After a decade of misleading marketing and press, most ppl there believe it’s an “encrypted app”
The reality is the opposite-TG is by default a cloud database w/ a plaintext copy of every msg everyone has ever sent/recvd. https://t.co/6eRGIyXyje
— Moxie Marlinspike (@moxie) February 25, 2022
Elon Muskbillionaire founder of Teslastepped in to ask Marlinspike: “Are you sure Signal is safe?”
Marlinspike responded: “Signal is designed very differently. All communication is e2ee (end-to-end encrypted), so there is no cloud database with all of everyone’s plain text message history. Groups are encrypted by default, so the only people who know the details of the group are the people who are in it. The same with contacts, calls, social graphs, etc.”
A Telegram spokesperson said: “This type of FUD (fear, uncertainty and doubt) is not surprising, coming from a small (and typical) competitor. That said, they do. I can confirm that we are not developers or servers in Russia and we do not see any mentioned risks. For those who want to use the app, Telegram has a secret message feature that promises more security.”
The Telegram application was founded by the Russian billionaire, Pavel Durov. However, Alan Woodward, a cryptography expert from the University of Surrey, he said he “would not trust Telegram.”
“The cryptography it is home grown and has never been held for public scrutiny. Quite the opposite for Signal and WhatsApp. The other thing you can see about Telegram is the amount of metadata it generates.” That metadata includes logs of “who is talking to whom, when and for how long, plus some other ancillary data that can easily track and identify users. Signal does not do this. WhatsApp does some of that, which is why I prefer Signal.” Woodward added.
Telegram disputed Woodward’s claim that his encryption has not been subjected to scrutiny. “The Telegram encryption protocol is fully documented and can be used with open source application code to demonstrate both the implementation and integrity of Telegram encryption.
In addition to the contests that caught the attention of security researchers, Telegram has an open bug bounty program with rewards ranging from $500 to $100,000 for those who report potential flaws.” said a spokesman and added “A workable way to break the encryption currently used by Telegram has never been found.”
Instant messaging app users are looking for options
Free to download and widely recognized as one of the most secure options available to the public for encrypted calls and texts, the use of Signal has increased in Ukraine in recent days, as well as Telegram, although to a lesser extent, according to data shared by Cloudflare CEO Matthew Prince.
Meanwhile, experts from outside Ukraine have provided free security services. This includes the former security director of the New York Times, Sandvik runewhat offers software free virtual private network (VPN).
Apple Event: what to expect from the next launch to be held at Apple Park
iPhone: the simple trick to convert a web page into a PDF document
The 5 trends that will mark the union between humans and robots