Telegram says it has ‘about 30 engineers’; security experts say that’s a red flag

Topics

Latest

AI

Amazon

Image Credits:Lam Yik/Bloomberg / Getty Images

Apps

Biotech & Health

Climate

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

appliance

Gaming

Google

Government & Policy

Hardware

Instagram

layoff

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

security measures

societal

infinite

inauguration

TikTok

Transportation

Venture

More from TechCrunch

Events

Startup Battlefield

StrictlyVC

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

Over the weekend , a clip from a recent interview withTelegram’sfounderPavel Durovwent semi - viral on X ( previously Twitter).In the TV , Durov tells proper - annexe personality Tucker Carlson that he is the only ware manager at the company , and that he only use “ about 30 engineers . ”

certificate expert say that while Durov was gas about his Dubai - based company being “ super efficient , ” what he enounce was actually a red flag for user .

“ Without end - to - terminal encryption , huge figure of vulnerable quarry , and servers located in the UAE ? Seems like that would be a security incubus , ” Matthew Green , a cryptanalytics expert at Johns Hopkins University , told TechCrunch . ( Telegram spokesperson Remi Vaughn gainsay this , saying it has no data point centers in the UAE . )

Green was referring to the fact that — by default — chats on Telegram are not end - to - end encrypted like they are on Signal or WhatsApp . A Telegram substance abuser has to start a “ unavowed confabulation ” to flip on end - to - close encryption , ready the substance undecipherable to Telegram or anyone other than the think receiver . Also , over the years , many people have disgorge doubt over the caliber of Telegram ’s encryption , given that the company use its own proprietary encoding algorithm , created by Durov ’s brother , as he said in an lengthened interpretation of the Carlson consultation .

Eva Galperin , the director of cybersecurity at the Electronic Frontier Foundation and a longtime expert in the security measures of at - risk of infection users , said that it ’s important to remember that Telegram , unlike Signal , is a pot more than just a message app .

“ What gain Telegram different ( and much worse ! ) is that Telegram is not just a message app , it is also a societal medium political platform . As a social media political program , it is model on an enormous amount of user data . Indeed , it is sit on the contents of all communication theory that are not one - on - one messages that have been specifically [ end - to - end ] encrypted , ” Galperin told TechCrunch . “ ‘ Thirty engineers ’ means that there is no one to fight legal requests , there is no infrastructure for dealing with abuse and subject relief issues . ”

“ And I would even argue that the timbre of those 30 engineers is n’t that great , ” Galperin continue . “ Also , if I was a threat worker , I would definitely count this to be encouraging news . Every aggressor loves a profoundly understaffed and overworked opposition . ”

Join us at TechCrunch Sessions: AI

Exhibit at TechCrunch Sessions: AI

In other words , it ’s unlikely for Telegram to be very effective contend hackers , specially authorities - backed ace , with such a small stave .

Lemme guess , none of these 30 staff include privacy or deference citizenry , and zero third - political party audited account is ever done to critique likely security measure controls restricting memory access to users ' datum . " Please bank us " is not how security works.https://t.co/w7PBkU0TJR

Telegram ’s representative confirm the society has 30 developer working on the apps and substructure , but claims to have an extra 30 multitude on its “ core squad . ” The spokesperson did not answer our specific questions , including whether the caller has a chief certificate officer , and how many of its engineers ferment full sentence on plug the political program .

Last workweek , the well - known cybersecurity expert SwiftOnSecuritywrote on Xthat “ The price to run a caller that has all the correct cyber security pecker and staff is perfectly obscene . ”

“ It ’s hard to name the numbers I ’ve seen . Even saying this is a gray area . But it is [ an ] incredible head count and spend , ” SwiftOnSecurity wrote .

All to say , even the biggest company on the major planet probably do n’t spend enough money , time and vigour on secure themselves . Telegram has almost one billion exploiter , according to Durov . It ’s one of the most popular platforms for multitude work in crypto ( who move millions of dollar bill ) , extremists , hackers and disinformation peddlers .

That makes it an incredibly interesting target for both deplorable and government hacker . And it has — at most — just a smattering of people devote to cybersecurity .

For years , securityexpertshavewarnedthat people should not see Telegram like a genuinely impregnable messaging app . impart what Durov said recently , it may be even tough than expert thought .