Pavel Durov attacks WhatsApp’s encryption claims, but his broadest charge goes too far
5 min. read 
Published on
Telegram founder Pavel Durov has accused WhatsApp of running a “giant consumer fraud,” arguing that many users wrongly assume all their WhatsApp data stays protected by end-to-end encryption. His criticism focuses on cloud backups, which can fall outside WhatsApp’s core in-transit encryption unless users turn on a separate encrypted backup option.
That part of the criticism rests on a real technical issue. WhatsApp’s own help and Meta’s documentation make clear that encrypted chat backups are an extra feature, not the same thing as standard message encryption while messages travel between users. Meta said when it launched the feature that end-to-end encrypted backups were an “extra, optional layer of security” for data stored in Google Drive or iCloud.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
But the sample claim overreaches in a few important ways. Publicly available documentation does not support the statement that WhatsApp cloud backup is turned on by default for everyone today, and EFF’s current WhatsApp guide says backups are optional and not enabled by default. Public evidence also does not independently prove Durov’s “about 95%” figure.
What WhatsApp actually encrypts, and what it does not
WhatsApp says personal messages and calls are end-to-end encrypted by default, meaning the company says no one outside the chat, including WhatsApp, can read or hear them while they move between sender and recipient. That claim refers to the message path itself, not automatically to every possible copy of that conversation.
Backups work differently. Meta said in 2021 that users who want cloud backups in iCloud or Google Drive can add an extra encrypted layer with either a password or a 64-digit key, and that neither WhatsApp nor the cloud provider can read those protected backups. That wording confirms the key point in Durov’s criticism: cloud backup protection is separate and optional.
EFF makes the practical risk even clearer. Its current WhatsApp guide says backups are optional, not enabled by default, and can be stored with or without encryption. EFF also warns that anyone you chat with can still back up the same conversation in a weaker way, which means one privacy-conscious user cannot fully control the backup exposure of both sides of a chat.
Where Durov’s attack is fair, and where it is weaker
Durov is right that users often confuse “end-to-end encrypted by default” with “every copy of every message remains end-to-end encrypted forever.” That has never been fully true for cloud backups unless the encrypted backup setting is enabled. On that narrow point, his criticism highlights a real consumer misunderstanding.
His broader framing is harder to prove. Neither WhatsApp’s official documentation nor independent public sources viewed here establish that 95% of private WhatsApp messages end up in plain-text backups, and no primary source surfaced here backs the claim that billions of users’ messages are broadly “exposed” in the exact way Durov describes.
There is also an obvious competitive angle. Telegram’s default cloud chats are not end-to-end encrypted. Telegram’s own FAQ and privacy materials say end-to-end encryption applies to Secret Chats, while ordinary cloud chats are not covered the same way. That does not invalidate Durov’s criticism of backups, but it does weaken any attempt to present Telegram as a perfect counterexample.
WhatsApp backups vs Telegram defaults
| Topic | Telegram | |
|---|---|---|
| Default chat encryption | End-to-end encryption for personal messages and calls by default | Regular cloud chats are not end-to-end encrypted by default; Secret Chats are |
| Cloud backups | Optional; can be protected with end-to-end encrypted backup | Secret Chats are device-specific and not stored like ordinary cloud chats |
| Extra step needed for stronger backup privacy | Yes, user must enable encrypted backup | Yes, user must choose Secret Chat for end-to-end encrypted messaging |
What privacy-conscious users should do
- Check whether chat backups are enabled at all.
- If you use WhatsApp backups, turn on end-to-end encrypted backup and save the password or key safely.
- Remember that your contacts can still create less secure copies of the same conversation.
- Do not assume Telegram’s normal chats offer the same protection as Secret Chats.
FAQ
Yes. His public post described WhatsApp’s “E2E encryption by default” claim as a “giant consumer fraud.”
Not based on the official documentation reviewed here. WhatsApp and Meta say messages and calls are end-to-end encrypted by default, but backups are a separate issue.
Not necessarily. Meta says end-to-end encrypted backups are an extra optional layer, and EFF says backups are optional and not enabled by default.
Not across the board. Telegram’s Secret Chats use end-to-end encryption, but Telegram’s normal cloud chats do not use end-to-end encryption by default.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages