{"id":107133,"date":"2024-06-24T20:04:02","date_gmt":"2024-06-24T20:04:02","guid":{"rendered":"https:\/\/entertainment.runfyers.com\/index.php\/2024\/06\/24\/telegram-says-it-has-about-30-engineers-security-experts-say-thats-not-good-techcrunch\/"},"modified":"2024-06-24T20:04:02","modified_gmt":"2024-06-24T20:04:02","slug":"telegram-says-it-has-about-30-engineers-security-experts-say-thats-not-good-techcrunch","status":"publish","type":"post","link":"https:\/\/entertainment.runfyers.com\/index.php\/2024\/06\/24\/telegram-says-it-has-about-30-engineers-security-experts-say-thats-not-good-techcrunch\/","title":{"rendered":"Telegram says it has ‘about 30 engineers’; security experts say that’s . . . not good | TechCrunch"},"content":{"rendered":"


\n<\/p>\n

\n

Over the weekend, a clip from a recent interview with Telegram\u2019s<\/a> founder Pavel Durov<\/a> went semi-viral on X (previously Twitter). In the video<\/a>, Durov tells right-wing personality Tucker Carlson that he is the only product manager at the company, and that he only employs \u201cabout 30 engineers.\u201d\u00a0<\/p>\n

Security experts say that while Durov was bragging about his Dubai-based company being \u201csuper efficient,\u201d what he said was actually a red flag for users.<\/p>\n

\u201cWithout end-to-end encryption, huge numbers of vulnerable targets, and servers located in the UAE? Seems like that would be a security nightmare,\u201d Matthew Green, a cryptography expert at Johns Hopkins University, told TechCrunch.<\/p>\n

Green was referring to the fact that \u2014 by default \u2014 chats on Telegram are not end-to-end encrypted like they are on Signal or WhatsApp. A Telegram user has to start a \u201cSecret Chat\u201d to switch on end-to-end encryption, making the messages unreadable to Telegram or anyone other than the intended recipient. Also, over the years, many people have cast doubt over the quality of Telegram\u2019s encryption, given that the company uses its own proprietary encryption algorithm, created by Durov\u2019s brother, as he said in an extended version of the Carlson interview.\u00a0\u00a0<\/p>\n

Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation and a longtime expert in the security of at-risk users, said that it\u2019s important to remember that Telegram, unlike Signal, is a lot more than just a messaging app.\u00a0<\/p>\n

\u201cWhat makes Telegram different (and much worse!) is that Telegram is not just a messaging app, it is also a social media platform. As a social media platform, it is sitting on an enormous amount of user data. Indeed, it is sitting on the contents of all communications that are not one-on-one messages that have been specifically [end-to-end] encrypted,\u201d Galperin told TechCrunch. \u201c\u2018Thirty engineers\u2019 means that there is no one to fight legal requests, there is no infrastructure for dealing with abuse and content moderation issues.\u201d<\/p>\n

\u201cAnd I would even argue that the quality of those 30 engineers isn\u2019t that great,\u201d Galperin continued. \u201cAlso, if I was a threat actor, I would definitely consider this to be encouraging news. Every attacker loves a profoundly understaffed and overworked opponent.\u201d<\/p>\n

In other words, it\u2019s unlikely for Telegram to be very effective fighting hackers, especially government-backed ones, with such a small staff.<\/p>\n

\n
\n
\n

Lemme guess, none of these 30 staff include privacy or compliance people, and zero third-party audit is ever done to review potential security controls restricting access to users’ data. “Please trust us” is not how security works. https:\/\/t.co\/w7PBkU0TJR<\/a><\/p>\n

\u2014 JP Aumasson (@veorq) June 22, 2024<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

Telegram did not respond to a request for comment, which included questions on whether the company has a chief security officer, and how many of its engineers work full time on securing the platform.<\/p>\n

Last week, the well-known cybersecurity expert SwiftOnSecurity wrote on X<\/a> that \u201cThe cost to run a company that has all the right cyber security tools and staff is absolutely obscene.\u201d<\/p>\n

\u201cIt\u2019s hard to describe the numbers I\u2019ve seen. Even saying this is a gray area. But it is [an] incredible headcount and spend,\u201d SwiftOnSecurity wrote.\u00a0<\/p>\n

All to say, even the biggest companies on the planet probably don\u2019t spend enough money, time and energy on securing themselves. Telegram has almost one billion users, according to Durov. It\u2019s one of the most popular platforms for people working in crypto (who move millions of dollars), extremists, hackers and disinformation peddlers.\u00a0<\/p>\n

That makes it an incredibly interesting target for both criminal and government hackers. And it has \u2014 at most \u2014 just a handful of people dedicated to cybersecurity.\u00a0<\/p>\n

For years, security<\/a> experts<\/a> have<\/a> warned<\/a> that people should not see Telegram like a truly secure messaging app. Given what Durov said recently, it may be even worse than experts thought.\u00a0<\/p>\n<\/div>\n