A new controversy has erupted around the messaging app as Telegram founder Pavel Durov publicly criticized WhatsApp’s encryption scheme.
Durov sharply described WhatsApp’s encryption as a “huge fraud” inciting a broader discussion about the role that privacy plays in modern messaging applications.
Durov bases his criticism on a recent law breakthrough which, in his words, exposes another gap in WhatsApp’s privacy claims. The lawsuit was a hot topic last month, and he highlighted one state’s suit as an example, WhatsApp “deceived its users” about the security of their communications, from the state of Texas. The key part of this claim is that some internal mechanisms could allow an employee to access a good deal of user data, taking direct aim at the widely held assumption that messages are purely private.
Those remarks, repeated all over social media, quickly went viral. We constantly hear claims such as the one quoted above and, as shown in Durov’s statement, this feeds not only a competitor attack but also starts attacking the very basis of end-to-end encryption itself.
WhatsApp encryption is a giant fraud.
The state of Texas just sued WhatsApp for lying to users about privacy — because WhatsApp employees have access to “virtually all” private messages.
Now we know what WhatsApp’s founder meant when he said he “sold his users’ privacy.”
— Pavel Durov (@durov) May 23, 2026
Texas Lawsuit Questions Encryption Claims
This lawsuit in Texas has been turned into an important point of the debate. According to state authorities, WhatsApp tried to mislead users on what the privacy protections really mean in terms of message storage, internal access and review processes.
The controversy revolves around a disconnect between user expectations and technical realities. The de facto definition of “end-to-end encryption” among many users is that messages can only be read by the sender and recipient (no one else). But the lawsuit throws a bit of uncertainty into this simple equation, at least in terms of possible elements (cloud backups, metadata collection, internal moderation tools etc.) you may not think belong as part of that capacity.
WhatsApp has faced scrutiny over privacy before. Parent Meta Platforms has long been under regulatory and public scrutiny over its data handling practices. However, the latest accusations have re-opened scrutiny over how messaging services publicly talk about their security features, and whether those communications are fully clear to users.
Social Media on Skepticism and concern
Durov’s remarks drew pretty swift and divided reactions across X (formerly Twitter). Others support the critique, pointing to longstanding fears around Big Tech’s handling of personal data. Others see the comment as a deliberate move intended to boost Telegram’s ground in the industry by questioning one of its major competitors.
As illustrated in a discussion like this reaction thread, some are questioning the timing and tone of Durov, others speculate if these concerns are coming from a real privacy-loving individual or simply an act of posturing for market advantage.
This split is also symptomatic of something larger in the tech debate: trust is no longer assumed. More and more, users realize that platforms operate in complex ecosystems of data retention policies, compliance regimes and monitoring infrastructure. This means that any bold claims, whether about privacy or otherwise, are not without an extra layer of suspicion.
Privacy In Modern Tech Is A Spectrum Of Tradeoffs
Aside from the immediate controversy, this episode makes an important point about a basic shift in thinking about privacy. The traditional all-or-nothing view of encryption, as either completely secure or fully vulnerable, is being replaced with a more nuanced appreciation.
At this point, privacy sits on a sliding scale. Although messages can be encrypted in transit, many issues arise from things such as the collection of metadata, backups on cloud services, synchronization between devices and moderation of content. These layers self-evidently involve tradeoffs between user-friendliness, security and privacy.
For example: While chat backup features are convenient for users, they may store data in places with different security standards. Similarly, stopping abuse or unlawful activity may require restricted internal access or automated analysis, including in places which appear to have encryption.
These subtleties remain hidden for most end users, who rely on shallow assurances from service providers. While the words ‘secure’ and ‘private’ are available, they can hide technical nuances below.
Privacy in tech increasingly feels like a spectrum of tradeoffs rather than a binary feature.
Most users think “encrypted” automatically means inaccessible to everyone except sender and receiver, but metadata, backups, cloud sync layers and internal tooling often tell a much…
— Tyrian Trade (@TyrianTrade) May 23, 2026
Messaging Apps Battle For One Another
Durov’s remarks also highlight the intensifying competition among messaging services, in which privacy claims are a weapon of choice. Telegram has long positioned itself as the privacy-conscious alternative, noting features like optional end-to-end encryption and extreme data minimization.
By contrast, WhatsApp’s monopoly was cemented by default end-to-end encryption at scale with a global reach as one of the most popular messaging apps in the world. This scale poses challenges in balancing user privacy commitments, regulatory and platform obligations.
This competition is older, but it has been becoming more pronounced as users seek clarity and accountability. Messaging services are competing not only on technical features even though these are starting to stabilize but also on the fragile currency of user trust.
The Real Question: What Is The Meaning Of “Encrypted”?
At the heart of this debate is the central question: what does “encryption” actually guarantee? To most users, it also means that no third party not taking part in a conversation can access the content of messages. In reality however, this largely depends on the system design and implementation details.
However, while encryption protects data in transit, it does not inherently protect every phase of the data lifecycle. Different security assumptions between the storage mechanism, backup solution or accompanying service can lead to potential access points.
This does not automatically tag platforms with malice, but it signals that careful messaging around these features is important. The Texas lawsuit also shows that discrepancies between user perceptions and the technical reality, often small in impact, can have outsized legal and reputational repercussions.
And no matter if you interpret Durov’s comments as valid criticism or a blatant competitive ploy, they have been effective in reviving an important debate on digital privacy. In an age where messaging apps are part and parcel of our everyday lives, the mechanics behind them is no longer a nice-to-have knowledge but rather a necessity.
So the debate rages on, but one thing is clear: The future of digital communication will depend not on how fast, or easy it is to use a platform, but whether they can earn and keep our trust.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
