The article opens with a statement by Telegram co-founder Pavel Durov who claims that WhatsApp shared Messages with third parties while Telegram "never did and never will" do that.

Now, Telegram doesn't use End-to-End encryption by default at all, does it? What I mean is: The message is encrypted on the sender's device and can only be decrypted on that and the receiver's device.

Telegram uses transport layer encryption that leaves all messages exposed to the servers an their admins. Last I checked, there was a E2E feature but every room I opened would just stop working after a while and my contacts were very confused about that. Large rooms weren't possible.

I have no idea what Meta/WhatsApp may or may not be doing but this article opens with Telegram and doesn't pick that up anymore. Makes it feel like a telegram ad.

The rest of the article may be fine but it's very lengthy and goes somewhere to show that dispite using the Signal protocol, WhatsApp cloud backups can be decrypted, I think. The Telegram ad was too irritating to give the article a fair chance, to be honest.

XMPP, Matrix and Signal are there, too.

Feels AI generated ("linkedin-style" short sentences, blob of malformated text towards the bottom), so I'll give myself the permission to skim and take shortcuts.

The most interesting claim is the weakness of groups (the article claims the server controls who is a group member, without cryptographically secured authorization by an existing member).

The other key points are correct to my knowledge but unsurprising to anyone knowledgeable and partially apply to Signal too (backups are a weak point, you securing/disabling them properly doesn't protect you, metadata is unprotected and sensitive, participants in the conversation might upload the chat to Meta's AI, endpoints are attackable either through WhatsApp or other apps, the general trust issue - which isn't really resolved by being open source unless someone actually checks the reproducible builds AND someone reviews the code).

I thought that claim about the backup password hash was wrong, but https://www.nccgroup.com/media/fzwdxklh/_ncc_group_whatsapp_... suggests that Meta thought that 100k iterations of PBKDF2 are a reasonable choice for the key derivation, so it might actually be accurate.

AFAIK WhatsApp backups are, by default, encrypted with a key escrowed to WhatsApp (which means that an attacker using warrants now has to subpoena both the cloud provider and whatsapp - probably the best you can get while keeping backups usable for the 99% of people who can't be expected to write down a passphrase and still have it when asked).

But IMO the reality is that WhatsApp is the most secure messenger that you can expect normal people to actually use (mostly due to market share/network effect), and the only secure-ish messenger aside from Signal, so I'd be careful with the messaging towards "normies": "Signal is a much better choice, but out of the other options, Whatsapp is by far the least bad".

Otherwise, you end up with people picking something like Telegram because "it's all bad anyways" or "I've heard Telegram is secure".

This is just bad. The writing is more horrible Claude garbage. It also begins with this quote from Durov:

> Despite its claims, it reads users’ messages and shares them with third parties.

Note this claim. When it goes into its first smoking gun,

> WhatsApp [...] automatically backs up your entire chat history to iCloud or Google Drive

> This is what Durov meant. This is why he said ~95% of messages end up in plain text on Apple/Google servers.

This is the closest the article ever comes to proving the claim at the front. Note that nothing in this claim implies that Meta can or is reading your messages, only that it is "sharing" them with a third party, so we still haven't actually successfully justified this quote.

It then rambles over just about every security controversy WhatsApp has ever had: bugs, design flaws, etc.

Okay. Then it mentions that sometimes when you're talking to a business it's actually Meta servers on the other end of the encryption, I guess. This again seems like it doesn't really prove anything.

I am not saying none of these issues are problems, but this literal dump of AI output into Medium can't even justify its primary claim. It just keeps throwing more shit at you and hopes you've forgotten what the bold claim at the front of the article actually said was, since it isn't really true.

I do not believe Matrix is a scam, but it has almost all of these problems in some form aside from the stupid Cloud Backups issue, only its a bit more complicated. It has CVEs, generates tons of metadata and several places where homeservers could attempt to attack your privacy.

Durov's platform, meanwhile, offers very little in the way of end-to-end encryption and of course generates a ton of unencrypted metadata, so I am not sure who he's fooling. It seems like they continuously brag about Telegram not being able to solve the E2EE key management problem by pointing out that other solutions are imperfect, whereas Telegram just doesn't have one. Congratulations?

The content is good, but the LLM feel is jarring.

Almost exactly the same (or worse) can be said about Google's E2EE RCS, but somehow Apple decided to publicly back the initiative. Most people would much more benefit from 1) a faster and broader rollout 2) every other feature in recent versions of the spec, rather than getting a false sense of privacy, yet we're getting a barely compliant RCS client stuck in 2019, plus performative E2EE.

What about calls? I've never understood how calls could be E2EE, but WhatsApp says they are. I didn't read anything in the post claiming they're compromised too.

I'm getting very tired of all of the "this is ai slop" comments. They are now worse than the slop itself. Maybe HN needs a voting button "this is ai slop" so you can make your point without becoming slop yourself.

> 1.16 × 1⁰⁷⁷

reads to me like 1.16*1^077 - which makes zero sense, what is the intended meaning?

Same for Telegram. A couple of years ago people (Phd kind of people) pushed me into using Telegram because "it is encrypted and secure". I checked, and was like... What? AFAIK just transmission is secure (of course, I mean like what traffic is not secure nowadays), but the message are stored plain text on servers in middle east? And the whole thing is operated by a Russian? Like wtf? And people are like "Telegram is totally secure".

For anyone wondering what the actual purported security weaknesses are in this article (I used the slop machine to reduce the slop):

- Cloud backups — by default, backups to iCloud/Google Drive contain plaintext messages, and E2EE backup is opt-in. Even if you enable it, a weak password collapses the effective security, and any other person in the chat with an unencrypted backup exposes the conversation.

- Metadata — who you talk to, when, how often, IP, contact graph, etc. This is the "reading your life without reading your messages" argument, and it's the part that's genuinely well-established.

- Pen register / FBI — the claim that WhatsApp uniquely delivers near-real-time metadata (~every 15 min) to law enforcement.

- Group chat membership integrity — a server-level adversary can inject a member into a group; messages stay encrypted but get delivered to the injected party. Endpoint compromise (Pegasus / CVE-2019-3568) — encryption is irrelevant if the device is owned.

- Closed source, Meta AI, business accounts — content can leave the E2EE envelope in those flows.

Nothing really new here, and as everyone else is pointing out Telegram might be worse.

I bet people use WhatsApp mostly because it's free texting on many ISPs

By the way, I remember the chat apps interoperability in Europe was announced more than 2 years ago but so far no major competitor app have enabled it.

What are our options today to chat with WhatsApp users without using their app?

This is why threat modelling is essential. What are you trying to defend against and by whom?

I’ve been saying this for years — when people derided me on HN — that we need decentralization and open-source backends, because we are relying on pinky-promises. We need attestation that we can trust.

I have been building it, piece by piece. Some pieces have been recently featured (last week) in trusted security publications:

Safecloud: https://www.helpnetsecurity.com/2026/06/19/safecloud-browser...

Safebox and Safebots are coming too: https://safebots.ai/about

You won’t need to take anyone’s word for it. And in fact, end-to-end encryption will become unnecessary.

I can't fucking stand this AI slop writing. If the author couldn't spend time writing it, I won't spend time reading it

> this isn’t a political fight. It’s not a he-said, she-said between tech billionaires. It’s a technical question.

> In transit. Between two online devices. With no cloud backup. With no business accounts. With no Meta AI features. With no linked devices. With no law enforcement warrant for metadata.

> Under every other condition — which is how most people actually use WhatsApp — the story changes dramatically.

Smells a lot like slop so I'll pass, no thanks.

Absolutely, it can be encrypted all they want and it's totally irrelevant given all the plaintext chats get stored straight in Google Drive (if you didn't, your conversation partners did!).

Then for some reason WhatsApp has far more critical no-click or 1-click exploits than Telegram, which has 30 global employees? Huh? There's several thousand working on WhatsApp. Telegram has more features, too. WhatsApp has less surface area, more employees, more exploits.

If the article is from Medium, there is a 90% chance of slop.

Avoid.