Glove throwdown in a cipher beef: Telegram vs. Signal
Perhaps you're using the good old Messenger to chit-chat, or WhatsApp, or even Viber. Perhaps.
However, if you're into encrypted messaging and you distrust the aforementioned popular messenger apps, you surely have come across Telegram or Signal.
As of now, these two privacy-focused apps (the people behind them, duh!) hold a grudge and blame each other for not being encrypted enough.
It all started with a post from Pavel Durov – the CEO of Telegram. Durov said that his platform is more secure than Signal, which is widely considered cryptographically secure.
Durov points out that "the current leaders of Signal, an allegedly "secure" messaging app, are activists used by the US state department for regime change abroad". He also states:
"Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private", says Durov.
Following Durov's comments, Matthew Green, a cryptography expert at Johns Hopkins University, called this a "pretty intense campaign to smear Signal as insecure".
Green highlighted that the Signal Protocol is open-source and thoroughly reviewed by cryptographers, making it the "gold standard" for encryption. Telegram, in contrast, is inherently unencrypted unless users manually enable "secret chat." Green pointed out that while open-source doesn't mean bug-free, it does ensure extensive scrutiny.
Green found Durov's claim amusing, likening it to "advertising ketchup as better for your car than synthetic motor oil." In several tweets, he explained why Telegram's security doesn't compare to Signal's. Green remarked that it's normal for a CEO to promote their product, but when it comes to security, deliberately not providing it for most users is a serious competitive and ethical issue.
Do you trust any messaging app out there? Let me know in the comments.
As of now, these two privacy-focused apps (the people behind them, duh!) hold a grudge and blame each other for not being encrypted enough.
Durov points out that "the current leaders of Signal, an allegedly "secure" messaging app, are activists used by the US state department for regime change abroad". He also states:
The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference.
"Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private", says Durov.
In fact, Durov is citing (in the beginning) a story by Christopher F. Rufo titled "Signal’s Katherine Maher Problem". The same story was reshared by ex-Twitter boss Jack Dorsey with the laconic comment alongside: "did not know this".
The response
Following Durov's comments, Matthew Green, a cryptography expert at Johns Hopkins University, called this a "pretty intense campaign to smear Signal as insecure".
Green highlighted that the Signal Protocol is open-source and thoroughly reviewed by cryptographers, making it the "gold standard" for encryption. Telegram, in contrast, is inherently unencrypted unless users manually enable "secret chat." Green pointed out that while open-source doesn't mean bug-free, it does ensure extensive scrutiny.
Do you trust any messaging app out there? Let me know in the comments.
Things that are NOT allowed: