Texas Attorney General Ken Paxton sued Meta Platforms and WhatsApp on May 21, 2026, in a Harrison County district court, alleging that the companies spent years telling 3.3 billion users that "not even WhatsApp" could read their private messages — while maintaining an internal system that allowed employees and contractors to do exactly that. The complaint, filed under the Texas Deceptive Trade Practices Act, draws on whistleblower accounts and a Commerce Department investigation described in the filing to argue that WhatsApp's defining privacy claim is false.
Telegram founder Pavel Durov responded to the filing on May 23, calling WhatsApp's encryption "a giant fraud" and urging his own users to switch platforms. The post is the latest in a series of escalating attacks from Durov as legal pressure on Meta's privacy practices builds across multiple courts.
Texas Sues Meta and WhatsApp Over Encryption Promises
The lawsuit's core allegation is specific: Meta allegedly stored WhatsApp messages in unencrypted form and operated a tiered internal "task" system through which employees and contractors could submit requests to obtain the content of private messages. According to the complaint, those requests were sometimes processed with little or no scrutiny, directly contradicting the assurance that messages are protected from everyone — sender, recipient, and company alike.
Attorney General Paxton laid out the stakes plainly. "WhatsApp markets its services as secure and encrypted, but it does not deliver on those promises," he said in a statement announcing the filing. "I am suing to protect Texans' privacy and ensure that WhatsApp by Meta does not mislead Texans by unlawfully accessing private conversations and data."
The complaint also cites a Commerce Department investigation that reportedly concluded there was "no limit" to the type of WhatsApp message that could be viewed by Meta employees, and references a 2024 whistleblower complaint to the Securities and Exchange Commission describing the same internal access system.
The Texas action follows a March 2026 federal class-action filed in the U.S. District Court for the Northern District of California by plaintiffs Brian Y. Shirazi and Nida Samson against Meta Platforms, WhatsApp, and contractor Accenture, making substantially the same allegations. That complaint alleged Meta employees and Accenture contractors had broad access to the substance of private messages users were assured only they could read. Meta called that case "frivolous."
Read more: Meta Launches Incognito AI Chat Days After Removing Instagram Encryption
What Brian Acton Said When He Left Meta
The Texas lawsuit lands with extra weight alongside remarks made years earlier by WhatsApp co-founder Brian Acton. In a September 2018 interview with Forbes, Acton — who sold WhatsApp to Facebook for approximately $19 billion in 2014 and left the company in 2017 over clashes on advertising and privacy — made an admission that has followed the platform ever since: "At the end of the day, I sold my company. I sold my users' privacy to a larger benefit. I made a choice and a compromise. And I live with that every day."
Acton's departure cost him roughly $850 million in unvested stock. After leaving Meta, he co-founded Signal, the encrypted messaging app that security researchers consistently cite as the most privacy-protective major messaging platform in wide use.
Pavel Durov Calls Texas Lawsuit Proof WhatsApp Encryption Is "Giant Fraud"
Telegram founder Pavel Durov responded to the Texas filing directly on May 23, 2026, posting on his Telegram channel: "WhatsApp encryption is a giant fraud. The state of Texas just sued WhatsApp for lying to users about privacy — because WhatsApp employees have access to 'virtually all' private messages. Now we know what WhatsApp's founder meant when he said he 'sold his users' privacy.' Stay safe — stay Telegram!"
The post is Durov's sharpest escalation yet in a months-long campaign against WhatsApp's security claims. In January 2026, responding to an earlier international lawsuit, he alleged that Telegram's own analysis had uncovered "multiple attack vectors" in WhatsApp's encryption implementation. In April 2026, he went further, calling WhatsApp's encryption claims "the biggest consumer fraud in history — deceiving billions of users." Elon Musk added on X: "Can't trust WhatsApp."
Durov's attacks are commercially motivated and technically incomplete. Telegram does not enable end-to-end encryption by default. Its standard cloud chats use client-server encryption, which means Telegram itself retains technical access to message content. Only the "Secret Chats" feature provides full end-to-end encryption, and that feature does not support group conversations. Matthew Green, a cryptographer and professor at Johns Hopkins University, has noted that many Telegram users never activate Secret Chats and wrongly assume their conversations are already fully encrypted.
Meta's Record in Texas Courts
The WhatsApp lawsuit follows a pattern of large-scale enforcement by Paxton's office against major technology companies. In July 2024, Meta agreed to pay $1.4 billion to settle a Texas lawsuit accusing it of capturing facial geometry data from photos uploaded to Facebook without users' consent — the largest privacy settlement ever obtained by a single U.S. state at the time. In May 2025, Texas reached a $1.375 billion settlement with Google over a 2022 lawsuit alleging unauthorized collection of geolocation data, incognito search history, and biometric information.
Earlier in May 2026, Paxton filed a lawsuit against Netflix, alleging the streaming company secretly processed billions of behavioral events from users — including children — and sold that data to advertising brokers without meaningful consent. Netflix called the claims "inaccurate and distorted."
Is WhatsApp End-to-End Encryption Actually Private?
For WhatsApp's 3.3 billion users, the Texas lawsuit raises a practical question: is the app's core privacy promise reliable in practice? Meta maintains that it is, and that the Signal protocol it implements is robust and open-source. Independent security researchers generally agree that the protocol itself is cryptographically sound.
The dispute is not primarily about the quality of the encryption algorithm. It is about what happens around it: whether cloud backups are protected, whether business messaging creates exceptions, and whether internal employee-access systems can circumvent the protocol's guarantees. These are the exact vulnerabilities the Texas complaint and the California class-action target.
Signal, by contrast, collects minimal metadata by design, encrypts backups end-to-end by default, and applies end-to-end encryption to every conversation — individual and group — without requiring a separate mode. The Electronic Frontier Foundation has noted that Signal "stands out for collecting minimal metadata on users, meaning it has little to nothing to hand over if law enforcement requests user information," while describing WhatsApp's strength as accessibility rather than superior security architecture.
Read more: Pavel Durov Calls WhatsApp 'Cheap Imitation' After Telegram Crosses 1 Billion Monthly Users
The Texas case is ongoing. Meta has not filed a formal court response to the complaint.
Frequently Asked Questions
What does the Texas lawsuit against WhatsApp and Meta actually allege?
Texas Attorney General Ken Paxton filed suit on May 21, 2026, under the Texas Deceptive Trade Practices Act, alleging that Meta stored WhatsApp messages in unencrypted form and ran an internal system through which employees and contractors could access private message content on request — directly contradicting WhatsApp's claim that not even the company can read users' messages. The lawsuit draws on whistleblower accounts and a federal Commerce Department investigation cited in the complaint.
Can Meta actually read your WhatsApp messages?
Meta says no, calling the allegations "categorically false and absurd" and citing WhatsApp's implementation of the open-source Signal encryption protocol. The Texas complaint and a March 2026 California class-action both allege otherwise — pointing to an internal task system and to cloud backups that are not protected by end-to-end encryption unless users manually enable that option. Cryptographer Matthew Green has noted the backup vulnerability is real and that WhatsApp's own disclosures acknowledge categories of data outside the encryption guarantee.
Is Signal safer than WhatsApp for private conversations?
Signal applies end-to-end encryption by default to every conversation — including group chats — and encrypts backups automatically, while collecting minimal metadata. WhatsApp uses the same underlying Signal encryption protocol for messages in transit, but cloud backups require a manual setting to encrypt, business messaging creates exceptions, and the Texas and California lawsuits allege internal-access mechanisms exist. The Electronic Frontier Foundation notes Signal collects minimal data and has little to hand over to law enforcement by design.
What did WhatsApp co-founder Brian Acton say about selling user privacy?
In a September 2018 interview with Forbes, Acton — who left Meta in 2017 after disputes over monetizing WhatsApp — said: "At the end of the day, I sold my company. I sold my users' privacy to a larger benefit. I made a choice and a compromise. And I live with that every day." Acton subsequently co-founded Signal, now widely regarded as a more privacy-protective alternative to WhatsApp.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
