Here’s what he said in a post on his telegram channel:

🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷

🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕‍🦺

🕵️‍♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡

🕵️‍♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤

🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪

Original post: https://t.me/durov/274

  • ChallengeApathy@infosec.pub
    link
    fedilink
    English
    arrow-up
    71
    arrow-down
    4
    ·
    7 months ago

    Sounds like someone is mad that security experts would rather trust a tried-and-true encryption standard over Telegram’s encryption which is known to not be anywhere near as secure as the Signal protocol.

    Pavel resorting to outright slander to promote Telegram is not something I expected to see.

    • tetris11@lemmy.ml
      link
      fedilink
      arrow-up
      31
      ·
      edit-2
      7 months ago

      he does raise very valid points about reproducible builds, which should be a priority if your product is security

      Edit: oh @Wolflink below points out that such builds are available for Android, but iOS has issues stemming from Apple and not Signal. This then begs the question, why is Telegram reproducible on iOS?

      • aicse@lemm.ee
        link
        fedilink
        arrow-up
        5
        ·
        7 months ago

        You need some loops to jump through to get there. But that can be achieved for Signal as well, if you check the discussions regarding reproducible builds for Signal’s iOS client, you’ll see that people just decided it is not worth the hassle to push it through.

      • rottingleaf
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        7 months ago

        This then begs the question, why is Telegram reproducible on iOS?

        Is it really.

    • rottingleaf
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      7 months ago

      Sounds like someone is mad that security experts would rather trust a tried-and-true encryption standard over Telegram’s encryption which is known to not be anywhere near as secure as the Signal protocol.

      There’s an issue in Russia with graduates of a few of the “kinda top” universities considering themselves elite, but not quite being as qualified as they think.

      Durov’s brother won a few programming competitions for highschoolers. Because of that apparently he should be considered something in cryptography. For people thinking like this at least.

      Pavel resorting to outright slander to promote Telegram is not something I expected to see.

      Why, it’s very much like him.