DEV Community: Induwara Ashinsana

After the Telegram Leak and Signal Phishing Wave: When a No-Account, Self-Destructing Chat Is the Safer Call

Induwara Ashinsana — Fri, 29 May 2026 15:10:04 +0000

Two privacy stories broke within days of each other in May 2026, and read together they make one quiet point: the data that can hurt you later is the data that gets stored.

First, a dataset claiming to hold details of more than 200 million Telegram accounts — usernames, email addresses, phone numbers, and in some cases partial password data — surfaced on a dark-web forum. Around the same time, researchers documented how Telegram's network layer can leak persistent identifiers that let network operators correlate users without ever breaking the encryption itself.

Then TechCrunch reported a new phishing wave aimed at Signal users: attackers trying to trick people into handing over the recovery key that unlocks their cloud message backups — which can hold years of old chats, photos, and documents.

The common thread: accounts and history are the attack surface

Look at what both attacks actually go after. Not the live end-to-end encryption — that mostly held up. They target the accounts and the stored history sitting around afterwards: the phone number tied to your identity, the address book, the backup full of old messages.

That is the uncomfortable trade every account-based messenger makes. To be convenient — to sync across your devices, to let friends find you, to restore your history on a new phone — it has to keep things. And anything kept is something that can later be leaked, subpoenaed, or phished.

For your day-to-day private messaging, a serious app like Signal is still an excellent choice; it stores famously little and encrypts by default. This is not an argument against it. It is an argument about a different situation that comes up constantly:

You just need to send one private thing to one person, right now, and you would rather it not live anywhere afterwards.

A Wi-Fi password. A home address. A document you are sending to a landlord. A sensitive note to a colleague. For that, you do not need a permanent account at all. You need something that leaves nothing behind.

What a no-account, self-destructing chat does differently

This is exactly the gap our free Secret Chat tool fills. It is deliberately the opposite of an account-based messenger:

No account, no phone number, no app. There is nothing tying the conversation to your identity, so there is no account database to leak and no recovery key to phish.
End-to-end encrypted in your browser. The encryption key is generated on your device and lives in the link's # fragment — the one part of a URL browsers never send to a server. Our server only ever stores ciphertext it has no key for.
It self-destructs. You pick a timer (from one hour up to a month, or destroy instantly), and the whole conversation — text and files — is deleted when it runs out. What is not stored cannot leak.
It works for groups too. Share a link, or a Group ID plus passphrase, and several people can join with a name and photo — without anyone signing up for anything.

The principle is the same one the Telegram and Signal incidents keep teaching: the safest message is the one that no longer exists.

How to share something privately right now

If you have a one-off private thing to send, here is a clean way to do it:

Open Secret Chat and create a room. Choose a short self-destruct timer — an hour is plenty for sharing a password.
Copy the link and send it to the person through a different channel than the secret itself. The link contains the decryption key, so treat it like a password.
Say what you need to say. Share the file if you need to.
Tap Destroy when you are done, or just let the timer delete everything for you.

That is the whole flow. No install, no account, nothing kept.

The takeaway

Breaches and phishing campaigns will keep happening, because storing data is what most apps are built to do. You cannot leak what was never collected, and you cannot phish a backup that does not exist. For the conversations that should simply disappear, reach for a tool that is built to forget — start a secret chat here.

Sources: TechCrunch — hackers targeting Signal backups, reporting on the May 2026 Telegram dataset leak and MTProto network-layer tracking disclosures.

Glean Hit $300M Selling Lower AI Bills. Here's the Lesson

Induwara Ashinsana — Fri, 29 May 2026 14:57:38 +0000

The most useful way to reduce AI API costs in 2026 might not be a cheaper model. It might be feeding the model less work. That is, more or less, the bet that just carried a startup called Glean to a $300 million annual run rate, and I think the framing is worth more to a small Sri Lankan team than the headline number is.

TechCrunch reported it in Glean's top line crosses $300M as AI budget-cutting becomes its major selling point. I want to pull apart why "we make your AI bill smaller" became a stronger pitch than "we make your AI smarter."

📊 The numbers, and the one caveat that matters

Here is what the article actually states, stripped of spin:

Metric	Figure
Current run rate	$300M
Previous milestone	$100M, ~15 months earlier
Growth	Roughly 3×
Last valuation	$7.2B (Series F, $150M, June 2025)
Named customers	Databricks, Reddit, Pinterest, Samsung
New competitors	Google, Microsoft, OpenAI, Anthropic, Salesforce, Atlassian

One honest caveat: the article notes the $300M includes consumption-based revenue, so it's technically an annualized run rate, not pure recurring revenue. Usage-based money is real money, but it swings with how much customers actually use the product. Read it as momentum, not a locked-in contract.

The part I keep circling back to is the competitor list. CEO Arvind Jain says the first four or five years had "no competition." Now six of the biggest names in software are building the same thing, and Glean still tripled. That only happens when you are selling something the incumbents structurally can't copy fast.

💰 Why "cheaper AI" outsells "smarter AI"

The pitch shift is the real story. Glean's selling point is a context graph that connects to a company's internal systems so the AI does fewer operations to find an answer. In Jain's words, "we can reduce your AI bill significantly."

Think about what that admits about the market:

The novelty phase is over. Buyers have run the pilots, seen the demos, and now the finance team is asking what the monthly token bill buys.
"It's impressive" is no longer a budget line. "It cut our spend by X" is.
Cost becomes the feature. The model is a commodity input; the value is in not wasting it.

Key takeaway: When a category matures, the winning pitch flips from capability to efficiency. AI is hitting that flip right now, and it rewards anyone who can prove savings over anyone who can only demo magic.

For a solo builder or a small shop in Colombo billing clients in USD, this is the friendlier world. You don't need a frontier model to win. You need to be the one who makes the AI bill predictable.

⚡ The trick is the context, not the model

Strip away the enterprise packaging and Glean's idea is simple: don't ask a large model to do work you can do cheaply first. The expensive call should arrive with the right context already attached, so it runs once instead of looping.

You can apply the same principle on a free tier:

Retrieve before you generate. Pull the relevant documents with a cheap search or embedding step, then hand only those to the model. This is the whole reason RAG (retrieval-augmented generation) exists.
Cache aggressively. Identical or near-identical prompts shouldn't pay twice. Most providers now bill cached input tokens at a fraction of the normal rate.
Right-size the model per task. Classification and extraction rarely need your most expensive model. Route the easy 80% to a small one.
Trim the prompt. Every token of boilerplate context you send on every call is money. Measure it.

That last point is where I'll plug something of our own: before you ship a prompt template, paste it into the word and character counter to see how heavy your fixed context actually is. A 600-token system prompt sent on a million calls is a real line item, and most people never count it.

Glean built a $7.2B company on a more sophisticated version of exactly these four moves. The principle is free. The enterprise plumbing is what they charge for.

🌐 What focus beats scale teaches a small team

Six tech giants entered the category and Glean still grew 3×. That should be encouraging if you're small.

Incumbents (Google, Microsoft, OpenAI…)	A focused player (Glean)
General platforms, many priorities	One job, done deeply
Slow to wire into messy internal systems	Built specifically for that wiring
Sell breadth	Sell a measurable outcome

This is the same logic this site runs on: build the Sri Lanka-specific thing the global giants won't bother with. A focused tool that nails one painful job beats a broad platform that does it adequately. Glean's "no competition for five years" head start came from doing unglamorous integration work nobody else wanted to do.

For a Sri Lankan dev or student, the lesson is concrete: pick a narrow, real problem (an EPF projection, a tax bracket, a USD-LKR fee comparison), solve it better than anyone, and let the giants stay general.

💡 What this means for you

If you build with AI APIs: start measuring cost per request today, not after the invoice surprises you. The market has decided that efficiency is a feature, so treat your token budget like product work.
If you're learning: study RAG, caching, and model routing. These are now core engineering skills, not optimizations you bolt on later. They're also free to practise on free tiers.
If you're choosing what to build: narrow and deep beats broad and shallow. Glean just proved a focused product can outrun six giants in the same category.
If you're a buyer: ask any AI vendor for the cost story, not just the capability demo. "Show me the savings" is now a fair question, and the good ones have an answer.

The $300M headline will scroll past. The shift underneath it is the part to keep: AI is no longer sold as a miracle. It's being sold as a smaller bill. Build for that reader and you're building for where the money actually is.