WhatsApp’s head, Will Cathcart, publicly challenged Telegram’s approach to security, suggesting that Pavel Durov’s platform falls short of what users in North America and across the border expect from a messaging app. On Twitter, Cathcart laid out his critique, aiming to reinforce WhatsApp’s position in a highly competitive field where privacy features can sway user choice between rival services.
According to Cathcart, Telegram does not come with end-to-end encryption by default and does not provide E2EE for group conversations. He argued that these gaps could expose ordinary chats to unintended surveillance or access, especially in a landscape where many users routinely discuss personal matters, finances, or sensitive information over mobile messaging.
The message he pushed was not merely about a technical edge; it was a broader point about user trust. WhatsApp emphasizes default security as a baseline value, a stance Cathcart used to illustrate why some users might prefer WhatsApp for everyday conversations, while recognizing that no single app is immune to scrutiny or risk.
Cathcart referenced a Wired article that purportedly identified a vulnerability in Telegram, including claims that even closed chats could be read under certain circumstances. The reference was intended to underscore the importance of continually auditing and improving security practices in popular messaging platforms, where missteps can quickly erode user confidence.
In presenting his case, Cathcart acknowledged that his criticisms could appear self-serving, given WhatsApp’s own profile in the market. Yet he stopped short of urging everyone to abandon Telegram or to switch en masse to WhatsApp. The aim, he suggested, is to encourage users to make informed decisions based on transparent security postures rather than brand loyalty alone.
His stance reflects a broader debate in the tech community about what end-to-end encryption should look like in real-world usage. While WhatsApp has moved to emphasize its default encryption across chats and calls, Telegram has chosen a different model that prioritizes flexibility and speed, which some security researchers view as a trade-off with universal end-to-end protection for all message threads, including groups.
For users in Canada and the United States weighing their options, the issue often boils down to how much control they want over their data, how easy it is to manage privacy settings, and how much emphasis they place on security by default versus customizable safeguards. In practical terms, this means evaluating features such as encrypted backups, cross-device authentication, and the clarity of privacy policies across messaging platforms.
Industry watchers note that both apps are continually evolving, responding to regulatory environments, and facing new threats online. Consumers who prioritize privacy should consider not only the presence of end-to-end encryption but also who can access metadata, how servers are managed, and what kinds of incident response protocols are in place. In markets like North America, where digital privacy laws are increasingly nuanced, users often choose the app that aligns best with their personal risk tolerance and their expectations for how data is handled in both ordinary and extraordinary circumstances.
Ultimately, the public exchange between these two major messaging platforms highlights a simple truth: security is not a static feature, but a moving target that requires ongoing vigilance, transparency, and accountability. For many users, the right choice hinges on a combination of default protections, the ability to verify security claims, and the practicality of staying connected in a secure, respectful manner with friends, family, and colleagues across borders. Marked citations from industry reporting and expert analysis remain essential to informing these decisions, helping readers compare real-world implications rather than relying solely on marketing narratives. .
As discussions of digital safety continue to evolve, the emphasis for everyday messaging remains clear: stronger default encryption, clearer disclosures about data handling, and robust security updates are not optional add-ons but core expectations for any service that aims to be trusted in both North American markets and beyond.