昨天Durov在Telegraph( https://goo.gl/BRhpkW )发表了这篇文章:
Why Isn’t Telegram End-to-End Encrypted by Default?
内容谈论到关于Telegram的迷思以及diss WhatsApp(O)
他是不是讨厌WhatsApp啊www
以下内文与翻译( By me,翻译:https://goo.gl/F7ikHv ):
在今年,我收到越来越多有关这类的问题。其实这个问题是基于一个错误的假设,也就是
其他知名的通讯软件,像是WhatsApp,都默认使用端到端加密,但Telegram没有。这篇文
章的目的是想要破解这个已经被Facebook/WhatsApp的市场行销策略给仔细地塑造的迷思
。让我们先从基础层面开始吧。
I've been getting this question more often this year. It's based on the wrong
assumption that some other popular messaging apps such as WhatsApp are
"end-to-end encrypted by default", while Telegram is not. This post is
intended to disprove this myth that has been so carefully crafted by
Facebook/WhatsApp marketing efforts. Let’s start from the basics.
主流通讯软件如何对待备份
主流通讯软件如何对待备份
How Popular Messaging Apps Handle Backups
每个知名的通讯软件都会提供一些方法使得他们的用户可以备份自己的讯息以防止资料流
失。那些忽略备份的通讯软件(像是Wickr/Signal/Confide)从来不会达到一百万每日活跃
用户,只能保持小众。我会在文章稍后的部分详细说明他们的作法。
Every popular messaging app offers its users some way to back up their
messages to prevent data loss. Messaging apps that ignore backups (such as
Wickr/Signal/Confide) never reach 1M DAU and remain niche. I’ll describe
their approach in detail later in this post.
至于那些主流的软件,像是WhatsApp、Viber、Line,它们依赖Apple iCloud和Google
Drive去储存它们用户的历史纪录和避免资料的流失以免它们的用户弄丢手机。这些备份
并没有端到端加密,而是每当用户买了新手机且复原他们在WhatsApp/Viber/Line上的历
史纪录时就会解密。虽然它似乎让你,做为一个使用者,有选择不备份的自由,但事实上
并没有什么选择的空间:就算你选择不参与其中(这是不寻常的,有时甚至有点微妙),跟
你对话的对象大部分还是有使用的。
As for popular apps such as WhatsApp, Viber and Line, they rely on Apple
iCloud and Google Drive to store their users' message history and prevent
data loss in case their users lose their smartphones. These backups are not
e2e-encrypted and get decrypted whenever the user buys a new phone and
restores their WhatsApp/Viber/Line message history. While it may seem that
you, as a user, have the freedom to opt out of these backups, in reality there
you, as a user, have the freedom to opt out of these backups, in reality there
’s little room for choice: even if you opt out (which is unusual and
sometimes tricky), people you chat with most likely won’t.
这导致一个甚至你都没有意识到的情况:你传送和收到的讯息,在云端的部分其实都不是
端到端加密的。你完全不了解哪些内容实际上会被加密,又有那些被备份了。你依赖端到
端加密且确信“没有第三方有权限存取我的讯息”的话术,但你的私人资料实际上对骇客
和那些可以借由云端储存系统得到权限的政府来说,都是很脆弱的。如果你觉得这不是大
威胁,再想想:根据WhatsApp在去年Google IO分享的统计数据,在WhatsApp上大部分所
谓“端到端加密”的聊天纪录事实上都被备份且储存在云端上了,而不是端到端加密的。
This creates a situation when messages you send and receive end up not
e2e-encrypted in the cloud without you even realizing it. You have zero
transparency on what is really e2e-encrypted and what is backed up. You rely
on e2e encryption and trust the “no third party can access my messages”
mantra, but your private data is in fact vulnerable to hackers and
governments that can get access to it via the cloud storage. If you think
this is a minor threat, think again: according to stats WhatsApp shared
during Google IO last year, most of the “e2e-encrypted” chats on WhatsApp
eventually get backed up and stored in the cloud, not e2e-encrypted.
WhatsApp的策略还有其他会使得99%的私人对话的端到端加密无效的架构上的缺陷,但在
这篇文章里,为了简单起见,我会尽量把焦点放在备份上。
WhatsApp's approach has other architectural drawbacks that invalidate
WhatsApp's approach has other architectural drawbacks that invalidate
end-to-end encryption for 99% of private conversations, but in this post I’
ll focus mainly on backups for simplicity.
小众通讯软件如何对待备份
How Niche Messaging Apps Handle Backups
由于聊天纪录不会被备份,Signal/Wickr/Confide的策略是更安全的。这有点巧妙,但当
你用这样的方法限制你的用户时,会产生两个问题:
The Signal/Wickr/Confide approach is more secure as chats never get backed
up. This looks neat, but two problems arise when you restrict your users this
way:
1)在弄丢/更换手机的时候,用户不想要失去它们整个聊天纪录,所以这些应用程式永远
不会变成主流。你可以看看Wickr/Signal/Confide在AppStore上的评价,再拿去跟
Telegram/Viber/WhatsApp比较。很明显的,还有其他原因使得这些小众应用程式停留在
小众,但对于一个普通用户来说,如果这个功能在她使用的主流应用程式已经有了(像是
Telegram的Secret Chats,或是同样也提供端到端加密且不会被备份的,在Viber、
Facebook Messenger的山寨版),她不太可能去下载另外一个不同的应用程式。
1) Users don’t want to lose their entire message history when they
lose/change their phones so apps of this kind never become massively popular.
You might want to take a look at the AppStore rankings of
Wickr/Signal/Confide and compare them with Telegram/Viber/WhatsApp.
Wickr/Signal/Confide and compare them with Telegram/Viber/WhatsApp.
Obviously, there are also other reasons at play why niche apps remain niche,
but an average user is unlikely to download a separate app if the same
functionality already exists in a mainstream app she's using (such as Secret
Chats in Telegram or their copycat versions in Viber or Facebook Messenger,
which also provide e2ee and don’t get backed up).
2) (1)的后果-使用这些应用程式的人可能会被政府认为是有东西需要隐瞒的。基于这些
应用程式有限的销量,政府可以辨别出以及追踪这些手机连到相应的IP位址的个体用户。
这对有些工具,像是Tor,或者在某种程度上的通讯软件,是正在发生的事。Yasha
Levine公布了一项有关它的出色调查。
2) Consequence of (1) – people using these apps can be targeted by
governments as those who have something to hide. Due to the limited
distribution of such apps, the government can identify and track individuals
whose phones connect to the corresponding IP addresses. This is something
that is already happening in case of tools like Tor, and, to a lesser extent,
of some messaging apps. Yasha Levine is publishing a brilliant investigation
about it.
Telegram的作法
The Telegram Way
时间回到2013年,我们发布Telegram的那一年,在当时我们仔细考虑过了两种做法。我们
时间回到2013年,我们发布Telegram的那一年,在当时我们仔细考虑过了两种做法。我们
了解到我们不想要借由转移他们的资料给第三方去备份的责任而侵犯我们用户的隐私,就
像WhatsApp跟Viber所做的。但我们也不想要剥夺我们用户在其他应用程式享受到的功能
,这会使得Telegram陷在非主流。
Back in 2013, when we were launching Telegram, we carefully considered both
approaches. We knew we didn’t want to violate our users’ privacy by
shifting the responsibility for their data to third-party backups like
WhatsApp or Viber do. Neither did we want to deprive our users of
functionality that they enjoyed in other apps and doom Telegram to join the
ranks of niche apps.
所以,再经过研究之后,我们决定采用两种对话方式-Secret chats和Cloud chats。
So after some research we decided to introduce 2 kinds of chats – Secret
chats and Cloud chats.
Secret Chats采用端到端加密,在任何情况下都不会被备份。Cloud chats也使用同样的
加密方式,但同时会有一个内建的云端备份。Cloud chats是被设计给大多数的使用者的
-那些依靠比较不安全的第三方备份的应用程式,像是WhatsApp,的使用者。不像在非主
流应用程式里,cloud chat的用户跟secret chat的用户之间的交流是混和在一起的。(加
密方法是一样的,但在cloud chats里,我们的服务器拥有存取加密金钥的权限),所以个
体用户不会因为他们使用secret chats或是有东西要藏而被锁定。
Secret chats are e2e-encrypted chats that never under any circumstances get
backed up. Cloud chats are encrypted in the same way, but also have a
backed up. Cloud chats are encrypted in the same way, but also have a
built-in cloud backup. Cloud chats are designed for the majority of users –
the majority that in another app like WhatsApp would rely on less secure
third-party backup storage. Unlike what you have in niche apps, the traffic
between cloud chat users and secret chat users on Telegram is mixed (the
encryption is the same in both cases, but in cloud chats our servers do have
access to the encryption key), so individuals can not be singled out and
targeted based on the fact that they use secret chats and thus have something
to hide.
为什么Telegram的做法更有意义的四个理由
4 Reasons Why The Telegram Way Makes More Sense
为什么我们决定使用两种对话方式,而不是像那些只有一种的老应用程式,像是WhatsApp
呢?有四个理由:
There are four main reasons why we decided to use two types of chats as
opposed to having one type of chats like older apps such as WhatsApp:
1)不像WhatsApp,我们不会借由备份把我们用户的资料给第三方。作为代替,我们依靠我
们自己的分布式跨管辖权加密云端储存系统,我们相信这比大公司,像是Google和Apple
,所能提供的更有保障。给你一个关于这个差异的想法:当Telegram还没有从云端泄漏任
何的私人资料给第三方的时候,光是在今年,Apple就已经满足了80%中国(!)的要求(更打
算在中国建造一个iCloud的私人资料中心)。
算在中国建造一个iCloud的私人资料中心)。
1) Unlike WhatsApp, we don’t give out our users’ data to third parties via
backups. Instead, we rely on our own distributed cross-jurisdictional
encrypted cloud storage which we believe is much more protected than what
megacorporations like Google and Apple can offer. To give you an idea about
this difference: while Telegram has disclosed no private data to
third-parties from its cloud so far, this year alone Apple satisfied 80% of
data requests from the Chinese (!) government (and is even building a
data-center for private iCloud data in China).
2)不像WhatsApp,由于我们内建的即时云端同步系统,我们允许我们的用户使用数个装置
同时存取Telegram。因此我们可以在macs、PCs、iPads,甚至是lunux服务器上提供简单
且一贯的使用者体验。
2) Unlike WhatsApp, we can allow our users to access Telegram from several
devices at once thanks to our built-in instant cloud sync. Thus we can
provide easy and consistent UX on macs, PCs, iPads and even linux servers.
3)不像WhatsApp,在Telegram上面你不需要总是在手机上储存你整个聊天纪录-你可以在
你需要的时候,随时下载比较旧的讯息与媒体,完全按照你的想法。这节省了很多的硬件
空间及内存,对我们在发展中市场的用户尤其重要。在Telegram上面,内建储存空间的
短缺从来不会造成资料的遗失。
3) Unlike on WhatsApp, on Telegram you don’t have to store your entire
message history on your phone all the time – you can always download older
message history on your phone all the time – you can always download older
messages and media on demand when you need them. This saves a lot of disk
space and memory, which is particularly important for our users in the
developing markets. On Telegram, shortage of local storage never leads to
data loss.
4)不像WhatsApp,Telegram可以提供它的用户一些进阶的功能,像是不间断的群组聊天,
最高可以到达10000名成员,或者是没有大小上限的频道。这些技术都不是所谓的“端到
端加密+第三方备份”可以做到的。我们的布局充满了各种不可能在过时的架构上实现的
功能,这些功能需要我们内建的云端即时存取系统,而不是WhatsApp所依赖的第三方备份
。
4) Unlike WhatsApp, Telegram is able to provide its users with advanced
functionality, such as persistent group chats with up to 10,000 members or
channels with no limit on max size. These technologies can not be implemented
within the “e2ee+third-party backups” paradigm. Our roadmap is filled with
features that are impossible to build on a obsolete architecture like
WhatsApp's that has to rely on third-party backups instead of relying on its
own built-in cloud accessible in real-time.
这就是为什么我们在最终选择了提供“两种对话方式”的原因,它更安全(Telegram的云
端比Apple/Goolge更有保障)、更透明(你真的可以看到哪些端到端加密的讯息被备份在云
端上,哪些没有),功能更丰富(在未来,我们会实现我在上面有提到跟没有提到的功能)
。我们相信我们“两种对话方式”的作法在长期上会更有意义,也就是为什么会被
。我们相信我们“两种对话方式”的作法在长期上会更有意义,也就是为什么会被
Kakao(2014)、Line(2015)、还有去年的Google Allo和Facebook Messenger复制的原因。
这些公司确实都做了自己的研究,证明了Telegram的做法是比较有拓展性、且更安全更透
明的。
These are the reasons why we, ultimately, decided to go with the “two kinds
of chats” approach, which is more secure (Telegram cloud is better protected
than Apple/Google storage), more transparent (you can actually see which of
your e2e-encrypted messages go to the cloud and which don’t) and more
feature-rich (we can implement features that I mentioned above and many more
in the future). We believe our “two kinds of chats” approach makes more
sense in the long run, which is why it has since been copied by Kakao (2014),
Line (2015), and last year by Google Allo and Facebook Messenger. These
companies did their own research that proved that the Telegram way is more
scalable, secure and transparent.
所以为什么大家会问这个问题?
So Why Do People Ask This Question?
我觉得这个“Telegram比WhatsApp还不安全”的迷思来自于一篇误导性的2016年的文章,
作者是Gizmodo(“为什么你不该使用Telegram”),里头有很多不正确的事情。在我们的
团队里,有一位成员写了一篇广泛的评论,内容提到了很多我在这篇文章讲过的一些误解
的事实。
I think the myth about Telegram being less secure than WhatsApp originated in
I think the myth about Telegram being less secure than WhatsApp originated in
a misleading 2016 article by Gizmodo (“Why you should never use Telegram”)
which claimed a lot of things that are not true. A member of our team wrote
an extensive review of that article exposing some of the misconceptions that I
’ve also described in this post.
每年,Facebook-也就是拥有WhatsApp的公司-花好几百万在市场行销、有影响力的记者
及部落客上。相比之下,Telegram到从2013年开始到现在都没花任何一毛钱在行销上。虽
然如此,每天还是有最起码五十万以上的新用户注册Telegram,Telegram的有效年成长率
也超过了50%。我们要把这个归功于你们-我们的用户还有Telegram社群。
Every year Facebook – the company that owns WhatsApp – spends millions of
dollars on marketing, influencing journalists and bloggers. By contrast,
Telegram has spent zero dollars on marketing since we started in 2013.
Nevertheless, every day at least half a million new users sign up for
Telegram, and Telegram's organic annual growth rate exceeds 50%. We owe this
growth only to you – our users and the Telegram community.
我希望这篇文章能够给你一个想法,一个关于Telegram如何运作,以及为什么我们相信我
们的架构比那些老的应用程式更有意义的想法。
I hope this post gives an idea about how Telegram works and why we believe
our architecture makes more sense than that of the older apps.
原文有些地方有参考资料的连结,我就不附上了,有需要的自己点进去看吧
原文有些地方有参考资料的连结,我就不附上了,有需要的自己点进去看吧
我不是专业的翻译,只是很喜欢Telegram顺便拿来练英文河河河
有错请指正~