The encryption wars brewing between the messaging apps Telegram and Signal have attracted the commentary of a high-profile critic: Elon Musk.
Musk, who previously championed Signal for its user privacy protections, now appears to have changed his tune, amplifying criticisms of the app and its leadership and saying there are unspecified “known vulnerabilities” within Signal that have gone unaddressed by the company’s leadership.
Given his influence in the tech sphere, Musk’s remarkable reversal on Signal has become central to the current conversation on encryption — and, according to one cryptography expert, is pushing users toward less secure alternatives.
A conniption over encryption
In recent weeks, Signal has come under fire from Pavel Durov, the CEO of rival app Telegram, who lambasted Signal’s encryption capabilities in a public post on his own platform, saying, “the US government spent $3M to build Signal’s encryption,” and accusing Signal of being an insecure choice for private messaging.
“An alarming number of important people I’ve spoken to remarked that their ‘private’ Signal messages had been exploited against them in US courts or media,” Durov wrote.
While Durov didn’t detail the allegations, former Fox News host Tucker Carlson previously claimed in an episode of the “Full Send Podcast” without evidence that the NSA broke into his Signal account before his trip to Moscow to interview Russian President Vladimir Putin.
“But whenever somebody raises doubt about their encryption, Signal’s typical response is ‘we are open source so anyone can verify that everything is all right,'” Durov’s post continued. “That, however, is a trick. ”
Notably, messaging on Telegram is not end-to-end encrypted by default, as it is on Signal.
Signal has also made its cryptography open-source. It is widely regarded as a remarkably secure way to communicate, trusted by Jeff Bezos and Amazon executives to conduct business privately.
In his post, Durov cited an article written by conservative activist Christopher Rufo — known in part for his crusade against DEI initiatives — that took aim at the Signal Foundation’s current chairman of the board, Katherine Maher.
In his article, Rufo described Maher as “a US-backed agent of regime change” and alleged she worked with the government to censor conservative viewpoints during her tenure at Wikipedia. Maher’s ideology, Rufo argued, means users of Signal should be cautious of its trustworthiness, though he provided no evidence that Maher has altered any of Signal’s encryption technology nor changed the organization’s mission since joining the board.
As Business Insider reported, the US government has been found to have used encrypted devices to spy on clients. However, there is no evidence that Signal, a nonprofit company operating with open-source code, has ties to the US government.
How Musk fits in
Musk championed Signal in 2021 for its user privacy protections, sending app downloads skyrocketing after urging people to “Use Signal” in a Twitter post. At the time, he was joined by other high-profile privacy advocates like Edward Snowden in his endorsement of the app.
But following Rufo’s article, Musk’s public commentary about the app turned sharply.
In response to Rufo’s post, Musk wrote cryptically, “There are known vulnerabilities with Signal that are not being addressed. Seems odd…”
There are known vulnerabilities with Signal that are not being addressed. Seems odd …
— Elon Musk (@elonmusk) May 6, 2024
Musk did not elaborate on the so-called vulnerabilities, but his post prompted a response from Meredith Whittaker, president of Signal, who elaborated on the app’s open-source code and the company’s commitment to user privacy, saying the app’s developers “put a lot of thought into making sure our structure and development practices let people validate our claims, instead of just taking our word for it.”
“We use cryptography to keep data out of the hands of everyone but those it’s meant for (this includes protecting it from us),” Whittaker wrote. “The Signal Protocol is the gold standard in the industry for a reason–it’s been hammered and attacked for over a decade, and it continues to stand the test of time.”
Hi, hello, we don’t have evidence of extant vulnerabilities, and haven’t been notified of anything. We follow responsible disclosure practices, and closely monitor [email protected] + respond & fix any valid issues quickly. So if you do have more info hit us up! But beyond… https://t.co/IbXREWVaPL
— Meredith Whittaker (@mer__edith) May 7, 2024
She added in another post that the point of how Signal is built and how the nonprofit company is structured is so that no one can disrupt its privacy-first mission, saying: “That’s our whole deal.”
Musk didn’t respond to Whittaker, but when Jack Dorsey re-posted the same Rufo article, he wrote in a separate post that the allegations made in Rufo’s story were “concerning.”
A ‘campaign to malign Signal’
“Telegram has launched a pretty intense campaign to malign Signal as insecure, with assistance from Elon Musk,” Johns Hopkins cryptography professor Matthew Green wrote in response to the unfolding commentary about the apps: “The goal seems to be to get activists to switch away from encrypted Signal to mostly-unencrypted Telegram.”
Telegram has launched a pretty intense campaign to malign Signal as insecure, with assistance from Elon Musk. The goal seems to be to get activists to switch away from encrypted Signal to mostly-unencrypted Telegram. I want to talk about this a bit. 1/
— Matthew Green (@matthew_d_green) May 12, 2024
He added that promoting Telegram as more secure than Signal, as Durov has done, “is like promoting ketchup as better for your car than synthetic motor oil. Telegram isn’t a secure messenger, full stop.”
Green continued that he doesn’t care which messenger people use but wants people to “understand the stakes.”
Telegram by contrast does not end-to-end encrypt conversations by default. Unless you manually start an encrypted “Secret Chat”, all of your data is visible on the Telegram server. Given who uses Telegram, this server is probably a magnet for intelligence services. 3/
— Matthew Green (@matthew_d_green) May 12, 2024
“If you use Telegram, we experts cannot even begin to guarantee that your communications are confidential. In fact at this point I assume they are not, even in Secret Chats mode,” Green wrote. “You should do what you want with this information. Think about confidentiality matters. Think about where Telegram operates its servers and what government jurisdictions they work in. Decide if you care about this. Just don’t shoot your foot off because you’re uninformed.”
Green, as well as Musk, Signal, and Telegram representatives, did not immediately respond to requests for comment from Business Insider.