Pavel Durov, the founder of Telegram, ignited a fresh privacy debate with WhatsApp after claiming the Meta-owned platform's encryption model misleads users, even as independent reports raise questions about Telegram's own safeguards.
In a post on X, Durov described WhatsApp's security claims as a "giant consumer fraud," arguing that "95% of private WhatsApp messages" ultimately reside in "plain-text backups" stored on Apple or Google servers rather than remaining end-to-end encrypted. The remark quickly escalated into a broader dispute over how messaging apps handle user data.
The controversy intensified when Durov responded to a user who said, "I usually send my nudes over Telegram, not WhatsApp," replying: "The nudes are safe with us." That comment drew immediate backlash, with critics pointing to documented cases of abuse and non-consensual image sharing on Telegram's platform.
A 2022 investigation by BBC found that Telegram had been used to distribute intimate images without consent across multiple countries, including Brazil, Russia and Malaysia. According to the report, administrators in monitored groups encouraged users to submit explicit images of others to automated systems for publication while concealing their identities.
The BBC reported that Telegram users were instructed to upload content alongside personal details such as addresses and family contact information, amplifying harassment and blackmail risks. The outlet also found that despite reporting more than 100 images through the platform's tools, most remained accessible a month later, concluding there was "little evidence" of aggressive enforcement.
Privacy advocates have also questioned Telegram's moderation philosophy. Natalia Krapiva, tech legal counsel at Access Now, told the BBC that Telegram's "light-touch approach to moderation" has contributed to its reputation as a space where harmful content can spread more easily.
The technical debate underlying the dispute centers on encryption architecture. While WhatsApp applies end-to-end encryption by default for messages, backups stored on third-party cloud services may not always be encrypted in the same way, depending on user settings.
Telegram, by contrast, uses a hybrid model:
- Standard chats: client-server encryption, with data stored on Telegram's servers
- Secret chats: end-to-end encryption, limited to one-on-one conversations
- Groups and channels: no end-to-end encryption
This distinction is critical. In Telegram's default mode, the company retains server-side access to messages and media, meaning ordinary chats are not fully private in the cryptographic sense. Only "Secret Chats" provide end-to-end encryption, and even then, they are restricted to specific devices and cannot be used for groups.
Further scrutiny has come from academic and investigative research. A forensic analysis cited by AFP and WIRED examined 2.8 million messages across Telegram communities and found that a large proportion of shared material involved non-consensual explicit content.
Telegram, which now reports more than 1 billion monthly active users, continues to position itself as a privacy-first alternative to mainstream messaging platforms. That positioning has helped fuel its growth, particularly among users wary of corporate data practices.
