A new controversy has erupted around the messaging app, with Telegram founder Pavel Durov publicly criticizing WhatsApp’s encryption system.
Durov sharply described WhatsApp’s encryption as a “huge scam,” sparking a broader debate about the role privacy plays in modern messaging apps.
Durov bases his criticism on a recent legal hack, which, he says, exposes another loophole in WhatsApp’s privacy claims. The lawsuit was a hot topic last month, highlighting an example of a state lawsuit in which WhatsApp “deceived its users” about the security of their communications, from Texas. The key part of this claim is that certain internal mechanisms could allow an employee to access a significant amount of user data, directly targeting the widely held assumption that messages are purely private.
These statements, which were repeated all over social media, quickly went viral. We constantly hear claims like the ones above, and as described in Durov’s statement, this not only fuels a competitor’s attack, but also begins to attack the foundation of end-to-end encryption itself.
WhatsApp encryption is a giant scam.
The state of Texas sued WhatsApp for lying to users about privacy, because WhatsApp employees have access to almost all private messages.
Now we know what the founder of WhatsApp meant when he said that he “sold his users’ privacy.”
– Pavel Durov (@durov) May 23, 2026
Texas lawsuit raises questions about encryption claims
This Texas lawsuit has become an important point of debate. According to state authorities, WhatsApp attempted to mislead users about what privacy protection really means regarding message storage, internal access, and auditing processes.
The debate revolves around the disconnect between user expectations and technical realities. The actual definition of “end-to-end encryption” among many users is that messages can only be read by the sender and recipient (no one else). But the lawsuit throws a bit of uncertainty into that simple equation, at least regarding potential items (cloud backups, metadata collection, internal moderation tools, etc.) that you might not think belong as part of that capability.
WhatsApp has faced privacy scrutiny before. Meta platforms have long been subject to regulatory and public scrutiny over their data handling practices. However, the latest accusations have reopened scrutiny of how messaging services talk publicly about their security features, and whether those communications are completely clear to users.
Social media on doubt and anxiety
Durov’s statements sparked quick and divided reactions across X (formerly Twitter). Others support this criticism, pointing to long-standing concerns about Big Tech’s handling of personal data. Others see the suspension as a deliberate move aimed at bolstering Telegram’s position in the industry by questioning one of its main competitors.
As evidenced by discussion such as this chain reaction, some question Durov’s timing and tone, and others speculate whether these concerns come from a genuine privacy-loving individual or simply posturing for market advantage.
This divide is also a symptom of something bigger in the technology debate: trust is no longer an assumption. Users are increasingly realizing that platforms operate in complex ecosystems of data retention policies, compliance systems, and monitoring infrastructure. This means that any bold claims, whether regarding privacy or otherwise, are not without an additional layer of skepticism.
Privacy in modern technology is a set of trade-offs
Aside from the immediate controversy, this episode highlights an important point about a fundamental shift in thinking about privacy. The traditional all-or-nothing view of cryptography, either completely secure or completely weak, has been replaced by a more nuanced appreciation.
At this point, privacy falls on a sliding scale. Although messages can be encrypted in transit, many issues arise from things like metadata collection, backup to cloud services, syncing between devices, and content moderation. Clearly, these layers involve trade-offs between ease of use, security, and privacy.
For example: Although chat backup features are convenient for users, they may store data in places with different security standards. Likewise, stopping abuse or illegal activity may require restricted internal access or automated analysis, including in places that appear to contain encryption.
These fine details remain hidden to most end users, who rely on superficial guarantees from service providers. Although the words “secure” and “private” are available, they can hide the technical nuances below.
Privacy in technology increasingly looks like a set of trade-offs rather than a binary advantage.
Most users think that “encryption” automatically means it’s inaccessible to everyone except the sender and recipient, but metadata, backups, cloud sync layers, and internal tools often tell us a lot…
— Tyrian Trade (@TyrianTrade) May 23, 2026
Messaging apps are fighting for each other
Durov’s statements also highlight the growing competition between messaging services, where privacy claims are a weapon of choice. Telegram has long positioned itself as a privacy-conscious alternative, citing features like optional end-to-end encryption and significant data reduction.
By contrast, WhatsApp’s monopoly has been strengthened by its widespread default end-to-end encryption with global reach as one of the world’s most popular messaging apps. This scope presents challenges in balancing user privacy obligations, regulatory obligations, and platform obligations.
This competition is old, but it is becoming more pronounced as users seek clarity and accountability. Messaging services compete not only on technical features, although they are beginning to stabilize, but also on the fragile currency of user trust.
Real question: What does “encrypted” mean?
At the heart of this discussion lies the central question: What does “encryption” actually guarantee? For most users, this also means that any third party not participating in the conversation cannot access the message content. But in reality, this largely depends on the system design and implementation details.
However, while encryption protects data during transmission, it does not inherently protect every stage of the data life cycle. Different security assumptions between the storage mechanism, backup solution, or accompanying service can lead to potential access points.
This doesn’t automatically flag platforms as malicious, but it does point out the importance of careful messaging around these features. The Texas lawsuit also shows that discrepancies between user perceptions and technical reality, which are often small in impact, can have significant legal and reputational ramifications.
Regardless of whether you interpret Durov’s comments as valid criticism or a blatant competitive ploy, they were effective in reviving an important debate about digital privacy. In the era where messaging apps have become an integral part of our daily lives, the mechanics behind them are no longer a nice-to-know but a necessity.
So the debate is heated, but one thing is clear: the future of digital communications will depend not on how fast or easy a platform is to use, but on whether it can earn and maintain our trust.
Disclosure: This is not trading or investment advice. Always do your research before purchasing any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash To stay up to date on the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
