Signal Founder Criticizes Telegram Over Encryption, But Do His Claims Have Merit?

Signal Founder Criticizes Telegram Over Encryption, But Do His Claims Have Merit?


The founder of Signal claims that Telegram’s secure messaging service isn’t as safe as we think it is.

In December 2021, Moxie Marlinspike, founder of the Signal messaging app, had a few choice words to share on Twitter. His target? Telegram, a competing service that also claims to be an encrypted messenger.

This diatribe saw Marlinspike speak openly about transparency, lambasting Telegram for marketing the service that it provides as “encrypted” without actually providing the protection that it promises its userbase.

So what exactly did he say? Do his claims have merit? And how might this change your view of Telegram?

Signal Founder: Telegram and Facebook Messenger “Exactly the Same”

Signal and Telegram are both popular messaging apps. In a recent hailstorm of inflammatory Tweets, Signal founder Moxie Marlinspike shared a few harsh thoughts on its competitor—specifically, the fact that the platform leaves a lot to be desired in terms of user security.

“My request is that when you [claim to be an] “encrypted messenger,” it should, at minimum, mean an app where all messages are E2EE by default.”

Marlinspike blasted the Telegram brand and service, which positions itself as a safe, secure, and air-tight encrypted messenger app.

What Else Did Marlinspike Actually Say?

This episode certainly wasn’t an “exchange” of viewpoints. This one-man-show took place on Twitter just before Christmas 2021. You can read the entire thread for yourself here, unabridged and in all its raging glory.

It’s a lot to digest—the man is passionate, no doubt. How many of these claims actually have merit, though?

If they’re legit, these accusations give Telegram users a lot to worry about if the security of their messages is a priority to them in any way. Let’s take a closer look at a few of these claims in particular.

Marlinspike Claims Telegram Stores User Data in Plaintext

“Almost everything you see in the app, Telegram also sees.”

One of the main, overarching themes of this tirade: the fact that Telegram allegedly stores all user data, contacts, and messages in plaintext on its servers.

He walks us through a simple scenario in order to illustrate his point. You get a new phone and install Telegram, and, instantly, your entire account is repopulated from zero.

He asserts that this is proof that this data is all readily available to any phone with Telegram installed on it, any of which can act as a viewport into the platform.

The most troublesome part of this claim is probably the direct quote that we’ve pulled above: that Telegram itself sees everything too. Does private messaging even exist?

Marlinspike Claims Telegram Misleads Users Over Encryption

Next, Moxie mentions that Telegram’s “secret chat” feature does not truly encrypt your messages end-to-end by default. He says that these secret chats utilize E2EE “nominally,” using “dubious” protocols.

Chilling, for sure. He even goes so far as to say that Facebook Messenger’s E2EE protocol is actually much more secure than the one that Telegram employs.

In any case, we can definitely get behind the fact that companies like Telegram should not be telling users that their messages are being held more securely than they actually are; that is, if that truly is the case. Transparency, especially wherever privacy and security are concerned, is paramount in this industry.

Who can we really trust? Moxie believes that users shouldn’t feel obligated to trust the messaging platform that they use at all.

Privacy isn’t about finding a brand that you trust with your data; it’s about choosing a brand that doesn’t screw around with your data in the first place.

Are All Telegram Messages Actually Group Chats?

Do these opinions actually hold water? It’s hard to say, although many of the arguments that he makes are more than compelling, even if only from an intellectual standpoint.

Marlinspike’s coup de grâce sits like a cherry on top of this thread:

“If Telegram’s UI were consistent with the way the technology worked, every chat would be a group chat with everyone that works at Telegram, as well as everyone that’s ever hacked Telegram, and every government that [currently] has access Telegram.”

One thing that we can certainly agree with: it doesn’t matter if you “trust” your instant messaging service. Shoddy security puts you at risk, and the consequences could be dire.