#482 – Pavel Durov: Telegram, Freedom, Censorship, Money, Power & Human Nature
Pavel Durov is the founder and CEO of Telegram. Thank you for listening ❤ Check out our sponsors: https://lexfridman.com/sponsors/ep482-sc See below for timestamps, transcript, and to give feedback, submit questions, contact Lex, etc. Transcript: https://lexfridman.com/pavel-durov-transcript CONTACT LEX: Feedback – give feedback to Lex: https://lexfridman.com/survey AMA – submit questions, videos or call-in: https://lexfridman.com/ama Hiring – join our team: https://lexfridman.com/hiring Other – other ways to get in touch: https://lexfridman.com/contact EPISODE LINKS: Pavel’s Telegram: https://t.me/durov Pavel’s X: https://x.com/durov Telegram: https://telegram.org/ Telegram Contests: https://contest.com/ SPONSORS: To support this podcast, check out our
Podcast: Play in new window | Download
Subscribe: Spotify | TuneIn | RSS
Pavel Durov is the founder and CEO of Telegram. Thank you for listening ❤ Check out our sponsors: https://lexfridman.com/sponsors/ep482-sc See below for timestamps, transcript, and to give feedback, submit questions, contact Lex, etc.
Transcript: https://lexfridman.com/pavel-durov-transcript
CONTACT LEX: Feedback – give feedback to Lex: https://lexfridman.com/survey AMA – submit questions, videos or call-in: https://lexfridman.com/ama Hiring – join our team: https://lexfridman.com/hiring Other – other ways to get in touch: https://lexfridman.com/contact
EPISODE LINKS: Pavel’s Telegram: https://t.me/durov Pavel’s X: https://x.com/durov Telegram: https://telegram.org/ Telegram Contests: https://contest.com/
SPONSORS: To support this podcast, check out our sponsors & get discounts: Miro: Online collaborative whiteboard platform. Go to https://miro.com/ UPLIFT Desk: Standing desks and office ergonomics. Go to https://upliftdesk.com/lex Fin: AI agent for customer service. Go to https://fin.ai/lex LMNT: Zero-sugar electrolyte drink mix. Go to https://drinkLMNT.com/lex Shopify: Sell stuff online. Go to https://shopify.com/lex
OUTLINE: (00:00) – Introduction (02:46) – Sponsors, Comments, and Reflections (11:29) – Philosophy of freedom (14:37) – No alcohol (22:42) – No phone (28:38) – Discipline (49:50) – Telegram: Lean philosophy, privacy, and geopolitics (1:05:12) – Arrest in France (1:21:23) – Romanian elections (1:32:18) – Power and corruption (1:41:50) – Intense education (1:53:51) – Nikolai Durov (1:58:19) – Programming and video games (2:02:33) – VK origins & engineering (2:19:46) – Hiring a great team (2:29:02) – Telegram engineering & design (2:48:04) – Encryption (2:53:01) – Open source (2:57:48) – Edward Snowden (3:00:20) – Intelligence agencies (3:01:32) – Iran and Russia government pressure (3:04:41) – Apple (3:11:38) – Poisoning (3:43:53) – Money (3:52:45) – TON (4:02:35) – Bitcoin (4:05:34) – Two chairs dilemma (4:12:14) – Children (4:23:24) – Father (4:27:55) – Quantum immortality (4:34:27) – Kafka
PODCAST LINKS: – Podcast Website: https://lexfridman.com/podcast – Apple Podcasts: https://apple.co/2lwqZIr – Spotify: https://spoti.fi/2nEwCF8 – RSS: https://lexfridman.com/feed/podcast/ – Podcast Playlist: https://www.youtube.com/playlist?list=PLrAXtmErZgOdP_8GztsuKi9nrraNbKKp4 – Clips Channel: https://www.youtube.com/lexclips
Lex Fridman Blog
https://lexfridman.com/pavel-durov/?utm_source=rss&utm_medium=rss&utm_campaign=pavel-durovSign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
platformsurvey
MCP App CSP Explained: Why Your Widget Won't Render
You built an MCP App. The tool works. The server returns data. But the widget renders as a blank iframe. You've hit the #1 problem in MCP App development : Content Security Policy . This post explains exactly how CSP works in MCP Apps, what the three domain arrays do, the mistakes that cause silent failures, and how to debug them. By the end, you'll never stare at a blank widget again. The sandbox model Every MCP App widget runs inside a sandboxed iframe. On ChatGPT, that iframe lives at a domain like yourapp.web-sandbox.oaiusercontent.com . On Claude, it's computed from a hash of your server URL. On VS Code, it's host-controlled. The sandbox blocks everything by default. No external API calls. No CDN images. No Google Fonts. No WebSocket connections. Nothing leaves the iframe unless you e
Scraped 300 pages successfully. Site updated robots.txt at page 187 and blocked me.
Scraped 300 pages successfully. Site updated robots.txt at page 187 and blocked me. Building a price tracker for electronics. Target: 300 product pages across an ecommerce site. Tested first 20 pages, everything worked. Ran the full scraper overnight. Woke up to find 187 products scraped, then nothing. Zero errors in my logs. What happened The site admin updated their robots.txt while I was sleeping. Added Disallow: /products/* between page 187 and 188. My scraper checks robots.txt once at startup, then runs. By page 188, their server started returning 403 Forbidden. Fun times. The mess I made First attempt: Just scraped the remaining 113 pages ignoring robots.txt. Got IP banned within 15 minutes. Smart. Second attempt: Added 5 second delays between requests. Still banned. Slower this time
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Products
Cleaned 10k customer records. One emoji crashed my entire pipeline.
Cleaned 10k customer records. One emoji crashed my entire pipeline. Was scraping ecommerce product reviews last month. Got 10k records, ran a cleaning script to normalize text before feeding it to a sentiment analysis tool. Script ran fine on test data (500 rows). Pushed it to production. 48 minutes in, the whole thing just stops. No error message. Just frozen. Thought it was memory. 10k rows shouldn't be a problem, but maybe something leaked. Restarted the process, added memory tracking. Same thing. Froze at exactly the same spot (row 6,842). Checked the CSV manually. Row 6,842 looked fine. Customer name, review text, rating. Nothing weird. Then I noticed it. The review had a 💩 emoji in it. Specifically: "This product is 💩 don't buy it" Encoding hell My script was using basic text encod
From MLOps to LLMOps: A Practical AWS GenAI Operations Guide
The vibe at AWS Student Community Day Tirupati on November 1, 2025, was different from what I thought it would be like. There were lots of students, cloud fans, and builders in the room. They were all there to learn, meet, and geek out about AWS. Throughout the day, there were several classes, and each one added something new. One lesson, though, made me sit up and pay more attention. Raghul Gopal , a Data Scientist and AWS Community Builder (ML), walked up to the stage to talk about something that most people don't think much about: how do you run AI models in real life? Not just make them on a laptop and be happy about it; consistently test, watch, and scale them. " Generative AI Operations: FMOps, LLMOps Integration with MLOps Maturity Model " was the title of the talk. When it was over
Scraped 300 pages successfully. Site updated robots.txt at page 187 and blocked me.
Scraped 300 pages successfully. Site updated robots.txt at page 187 and blocked me. Building a price tracker for electronics. Target: 300 product pages across an ecommerce site. Tested first 20 pages, everything worked. Ran the full scraper overnight. Woke up to find 187 products scraped, then nothing. Zero errors in my logs. What happened The site admin updated their robots.txt while I was sleeping. Added Disallow: /products/* between page 187 and 188. My scraper checks robots.txt once at startup, then runs. By page 188, their server started returning 403 Forbidden. Fun times. The mess I made First attempt: Just scraped the remaining 113 pages ignoring robots.txt. Got IP banned within 15 minutes. Smart. Second attempt: Added 5 second delays between requests. Still banned. Slower this time
I built an npm malware scanner in Rust because npm audit isn't enough
Last week I ran npm install on a new project. 847 packages downloaded in twelve seconds. And I thought: what if one of those just stole my AWS keys? Not a crazy thought. It happened before. In 2018, event-stream got a new maintainer who slipped in code that stole cryptocurrency wallets. Two million weekly downloads. In 2021, ua-parser-js was hijacked to install cryptominers. In 2022, the author of colors.js broke it on purpose, taking down thousands of projects overnight. All of them passed npm audit with zero warnings. npm audit only catches what someone already reported npm audit checks a database of known vulnerabilities. If nobody filed a report yet, it stays silent. That gap between "malicious code gets published" and "someone notices" can be days or weeks. By then, you already have i
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!