Today, Telegram is considered a secure messaging service, and one of the main alternatives to WhatsApp. Its boss, Pavel Durov, regularly criticizes its main competitor.

And when there’s a problem on WhatsApp (like a privacy controversy or a giant outage), people flock to Telegram. Yet, if Moxie Marlinspike, the founder of Signal, is to be believed, Telegram isn’t as secure as people think.

“It’s amazing to me that after all this time, almost all the media coverage of Telegram still calls it an ‘encrypted messenger.’ Telegram has a lot of great features, but in terms of privacy and data collection, there is no worse choice,” he wrote in a thread on Twitter.

An encryption that is not activated by default

This one explains that Telegram stores all your contacts, groups, media, and messages in clear text on its servers. And, in essence, the messaging service can read everything.

To demonstrate this, Marlinspike offers a simple test. “Delete Telegram, install it on a brand new phone, and register with your number. You’ll immediately see all your conversation history, all your contacts, all the media you’ve shared, all your groups. How? Everything was on their servers, in the clear,” explains the founder of Signal.

For him, the confusion comes from the fact that Telegram offers a “very limited” secret mode that allows you to protect your messages with end-to-end encryption. This encryption is therefore not offered by default.

See also  Tesla: Elon Musk's surprising method for spotting those who cheat on their CVs

Also, for the founder of Signal, Telegram is comparable to Facebook Messenger, on which messages are not end-to-end encrypted by default, but which allows you to protect your conversations using a “secret” mode. On the other hand, Marlinspike considers Facebook Messenger’s secret mode to be less limited than Telegram’s.

Telegram and Messenger, the same thing?

The thread does not mention WhatsApp. Nevertheless, it is important to remember that on WhatsApp, conversations are encrypted from end to end. Therefore, the content is not readable when it passes through Facebook’s servers.

Besides, if you delete WhatsApp from your smartphone and you haven’t made a backup, you lose all your data!

To Moxie Marlinspike, Telegram should therefore not be considered as an “encrypted messaging”. He also calls the media on this subject: “my request is that when you write ‘encrypted messaging’, it should at least mean an application where all messages are e2ee (editor’s note, end-to-end encrypted) by default. Telegram and FB Messenger are built exactly the same way. Neither of them is ‘encrypted messaging'”.

This release comes at a time when Signal, the app whose Marlinspike is increasingly reaching out to the general public.

In its early days, the app was seen as a service for journalists, whistleblowers, who can be targets for hackers and governments. But now, Signal wants to attract ordinary users as well.