Benzinga - by Ananya Gairola, Benzinga Staff Writer.
Matthew Green, a cryptography professor at Johns Hopkins University, has expressed his concerns about the security of Telegram compared to Signal. Green’s concerns have now been endorsed by Signal president Meredith Whittaker.
What Happened: Over the weekend, Green took to X, formerly Twitter, to voice his concerns about Telegram’s security measures.
“Telegram has launched a pretty intense campaign to malign Signal as insecure, with assistance from Elon Musk. The goal seems to be to get activists to switch away from encrypted Signal to mostly unencrypted Telegram,” he stated.
Green pointed out that Telegram does not end-to-end encrypt conversations by default, making all data visible on its server. He highlighted the open-source nature of Signal’s client code, which allows for extensive review by experts, making it a more secure option.
The cryptographer also criticized Telegram CEO Pavel Durov for promoting the platform as more secure than Signal, despite its lack of default end-to-end encryption. “This is like promoting ketchup as better for your car than synthetic motor oil. Telegram isn't a secure messenger, full stop.”
He also addressed Durov’s claim that Signal doesn’t have reproducible builds, stating that Signal has these for Android, and it’s a relatively simple process.
“It's not weird for a CEO to say ‘My product is better than your product.’ But when the claim is about security and critically, *you've made a deliberate decision not to add security for most users* then it exists the domain of competition, and starts to feel like malice,” he stated.
Green’s thread was shared by Meredith Whittaker, the president of Signal Foundation, who endorsed his views on the differences between Signal and Telegram. She described Green as an “expert's expert.”
Subscribe to the Benzinga Tech Trends newsletter to get all the latest tech developments delivered to your inbox.
Great thread from Matt, an experts' expert, on the vast (vast!) differences between Signal (gold standard for private comms) and Telegram (not private, not secure, but happy to market themselves that way)