為什麼Telegram不預設使用端到端加密?

為什麼Telegram不預設使用端到端加密?

karasu

在今年,我收到越來越多有關這類的問題。其實這個問題是基於一個錯誤的假設,也就是其他知名的通訊軟體,像是WhatsApp,都預設使用端到端加密,但Telegram沒有。這篇文章的目的是想要破解這個已經被Facebook/WhatsApp的市場行銷策略給仔細地塑造的迷思。讓我們先從基礎層面開始吧。

I've been getting this question more often this year. It's based on the wrong assumption that some other popular messaging apps such as WhatsApp are "end-to-end encrypted by default", while Telegram is not. This post is intended to disprove this myth that has been so carefully crafted by Facebook/WhatsApp marketing efforts. Let’s start from the basics.

主流通訊軟體如何對待備份

每個知名的通訊軟體都會提供一些方法使得他們的用戶可以備份自己的訊息以防止資料流失。那些忽略備份的通訊軟體(像是Wickr/Signal/Confide)從來不會達到一百萬每日活躍用戶,只能保持小眾。我會在文章稍後的部分詳細說明他們的作法。

Every popular messaging app offers its users some way to back up their messages to prevent data loss. Messaging apps that ignore backups (such as Wickr/Signal/Confide) never reach 1M DAU and remain niche. I’ll describe their approach in detail later in this post.

至於那些主流的軟體,像是WhatsApp、Viber、Line,它們依賴Apple iCloud和Google Drive去儲存它們用戶的歷史紀錄和避免資料的流失以免它們的用戶弄丟手機。這些備份並沒有端到端加密,而是每當用戶買了新手機且復原他們在WhatsApp/Viber/Line上的歷史紀錄時就會解密。雖然它似乎讓你,做為一個使用者,有選擇不備份的自由,但事實上並沒有什麼選擇的空間:就算你選擇不參與其中(這是不尋常的,有時甚至有點微妙),跟你對話的對象大部分還是有使用的。

As for popular apps such as WhatsApp, Viber and Line, they rely on Apple iCloud and Google Drive to store their users' message history and prevent data loss in case their users lose their smartphones. These backups are not e2e-encrypted and get decrypted whenever the user buys a new phone and restores their WhatsApp/Viber/Line message history. While it may seem that you, as a user, have the freedom to opt out of these backups, in reality there’s little room for choice: even if you opt out (which is unusual and sometimes tricky), people you chat with most likely won’t.

這導致一個甚至你都沒有意識到的情況:你傳送和收到的訊息,在雲端的部分其實都不是端到端加密的。你完全不了解哪些內容實際上會被加密,又有那些被備份了。你依賴端到端加密且確信「沒有第三方有權限存取我的訊息」的話術,但你的私人資料實際上對駭客和那些可以藉由雲端儲存系統得到權限的政府來說,都是很脆弱的。如果你覺得這不是大威脅,再想想:根據WhatsApp在去年Google IO分享的統計數據,在WhatsApp上大部分所謂「端到端加密」的聊天紀錄事實上都被備份且儲存在雲端上了,而不是端到端加密的。

This creates a situation when messages you send and receive end up not e2e-encrypted in the cloud without you even realizing it. You have zero transparency on what is really e2e-encrypted and what is backed up. You rely on e2e encryption and trust the “no third party can access my messages” mantra, but your private data is in fact vulnerable to hackers and governments that can get access to it via the cloud storage. If you think this is a minor threat, think again: according to stats WhatsApp shared during Google IO last year, most of the “e2e-encrypted” chats on WhatsApp eventually get backed up and stored in the cloud, not e2e-encrypted.

WhatsApp的策略還有其他會使得99%的私人對話的端到端加密無效的架構上的缺陷,但在這篇文章裡,為了簡單起見,我會盡量把焦點放在備份上。

WhatsApp's approach has other architectural drawbacks that invalidate end-to-end encryption for 99% of private conversations, but in this post I’ll focus mainly on backups for simplicity.

小眾通訊軟體如何對待備份

How Niche Messaging Apps Handle Backups

由於聊天紀錄不會被備份,Signal/Wickr/Confide的策略是更安全的。這有點巧妙,但當你用這樣的方法限制你的用戶時,會產生兩個問題:

The Signal/Wickr/Confide approach is more secure as chats never get backed up. This looks neat, but two problems arise when you restrict your users this way:

1)在弄丟/更換手機的時候,用戶不想要失去它們整個聊天紀錄,所以這些應用程式永遠不會變成主流。你可以看看Wickr/Signal/Confide在AppStore上的評價,再拿去跟Telegram/Viber/WhatsApp比較。很明顯的,還有其他原因使得這些小眾應用程式停留在小眾,但對於一個普通用戶來說,如果這個功能在她使用的主流應用程式已經有了(像是Telegram的Secret Chats,或是同樣也提供端到端加密且不會被備份的,在Viber、Facebook Messenger的山寨版),她不太可能去下載另外一個不同的應用程式。

1) Users don’t want to lose their entire message history when they lose/change their phones so apps of this kind never become massively popular. You might want to take a look at the AppStore rankings of Wickr/Signal/Confide and compare them with Telegram/Viber/WhatsApp. Obviously, there are also other reasons at play why niche apps remain niche, but an average user is unlikely to download a separate app if the same functionality already exists in a mainstream app she's using (such as Secret Chats in Telegram or their copycat versions in Viber or Facebook Messenger, which also provide e2ee and don’t get backed up). 

2) (1)的後果-使用這些應用程式的人可能會被政府認為是有東西需要隱瞞的。基於這些應用程式有限的銷量,政府可以辨別出以及追蹤這些手機連到相應的IP位址的個體用戶。這對有些工具,像是Tor,或者在某種程度上的通訊軟體,是正在發生的事。Yasha Levine公布了一項有關它的出色調查

2) Consequence of (1) – people using these apps can be targeted by governments as those who have something to hide. Due to the limited distribution of such apps, the government can identify and track individuals whose phones connect to the corresponding IP addresses. This is something that is already happening in case of tools like Tor, and, to a lesser extent, of some messaging apps. Yasha Levine is publishing a brilliant investigation about it.

Telegram的作法

The Telegram Way

時間回到2013年,我們發布Telegram的那一年,在當時我們仔細考慮過了兩種做法。我們了解到我們不想要藉由轉移他們的資料給第三方去備份的責任而侵犯我們用戶的隱私,就像WhatsApp跟Viber所做的。但我們也不想要剝奪我們用戶在其他應用程式享受到的功能,這會使得Telegram陷在非主流。

Back in 2013, when we were launching Telegram, we carefully considered both approaches. We knew we didn’t want to violate our users’ privacy by shifting the responsibility for their data to third-party backups like WhatsApp or Viber do. Neither did we want to deprive our users of functionality that they enjoyed in other apps and doom Telegram to join the ranks of niche apps.  

所以,再經過研究之後,我們決定採用兩種對話方式-Secret chats和Cloud chats。

So after some research we decided to introduce 2 kinds of chats – Secret chats and Cloud chats. 

Secret Chats採用端到端加密,在任何情況下都不會被備份。Cloud chats也使用同樣的加密方式,但同時會有一個內建的雲端備份。Cloud chats是被設計給大多數的使用者的-那些依靠比較不安全的第三方備份的應用程式,像是WhatsApp,的使用者。不像在非主流應用程式裡,cloud chat的用戶跟secret chat的用戶之間的交流是混和在一起的。(加密方法是一樣的,但在cloud chats裡,我們的伺服器擁有存取加密金鑰的權限),所以個體用戶不會因為他們使用secret chats或是有東西要藏而被鎖定。

Secret chats are e2e-encrypted chats that never under any circumstances get backed up. Cloud chats are encrypted in the same way, but also have a built-in cloud backup. Cloud chats are designed for the majority of users – the majority that in another app like WhatsApp would rely on less secure third-party backup storage. Unlike what you have in niche apps, the traffic between cloud chat users and secret chat users on Telegram is mixed (the encryption is the same in both cases, but in cloud chats our servers do have access to the encryption key), so individuals can not be singled out and targeted based on the fact that they use secret chats and thus have something to hide. 

為什麼Telegram的做法更有意義的四個理由

4 Reasons Why The Telegram Way Makes More Sense

為什麼我們決定使用兩種對話方式,而不是像那些只有一種的老應用程式,像是WhatsApp呢?有四個理由:

There are four main reasons why we decided to use two types of chats as opposed to having one type of chats like older apps such as WhatsApp:

1)不像WhatsApp,我們不會藉由備份把我們用戶的資料給第三方。作為代替,我們依靠我們自己的分散式跨管轄權加密雲端儲存系統,我們相信這比大公司,像是Google和Apple,所能提供的更有保障。給你一個關於這個差異的想法:當Telegram還沒有從雲端洩漏任何的私人資料給第三方的時候,光是在今年,Apple就已經滿足了80%中國(!)的要求(更打算在中國建造一個iCloud的私人資料中心)。

1) Unlike WhatsApp, we don’t give out our users’ data to third parties via backups. Instead, we rely on our own distributed cross-jurisdictional encrypted cloud storage which we believe is much more protected than what megacorporations like Google and Apple can offer. To give you an idea about this difference: while Telegram has disclosed no private data to third-parties from its cloud so far, this year alone Apple satisfied 80% of data requests from the Chinese (!) government (and is even building a data-center for private iCloud data in China).

2)不像WhatsApp,由於我們內建的即時雲端同步系統,我們允許我們的用戶使用數個裝置同時存取Telegram。因此我們可以在macs、PCs、iPads,甚至是lunux伺服器上提供簡單且一貫的使用者體驗。

2) Unlike WhatsApp, we can allow our users to access Telegram from several devices at once thanks to our built-in instant cloud sync. Thus we can provide easy and consistent UX on macs, PCs, iPads and even linux servers.

3)不像WhatsApp,在Telegram上面你不需要總是在手機上儲存你整個聊天紀錄-你可以在你需要的時候,隨時下載比較舊的訊息與媒體,完全按照你的想法。這節省了很多的硬體空間及記憶體,對我們在發展中市場的用戶尤其重要。在Telegram上面,內建儲存空間的短缺從來不會造成資料的遺失。

3) Unlike on WhatsApp, on Telegram you don’t have to store your entire message history on your phone all the time – you can always download older messages and media on demand when you need them. This saves a lot of disk space and memory, which is particularly important for our users in the developing markets. On Telegram, shortage of local storage never leads to data loss.

4)不像WhatsApp,Telegram可以提供它的用戶一些進階的功能,像是不間斷的群組聊天,最高可以到達10000名成員,或者是沒有大小上限的頻道。這些技術都不是所謂的「端到端加密+第三方備份」可以做到的。我們的布局充滿了各種不可能在過時的架構上實現的功能,這些功能需要我們內建的雲端即時存取系統,而不是WhatsApp所依賴的第三方備份。

4) Unlike WhatsApp, Telegram is able to provide its users with advanced functionality, such as persistent group chats with up to 10,000 members or channels with no limit on max size. These technologies can not be implemented within the “e2ee+third-party backups” paradigm. Our roadmap is filled with features that are impossible to build on a obsolete architecture like WhatsApp's that has to rely on third-party backups instead of relying on its own built-in cloud accessible in real-time.

這就是為什麼我們在最終選擇了提供「兩種對話方式」的原因,它更安全(Telegram的雲端比Apple/Goolge更有保障)、更透明(你真的可以看到哪些端到端加密的訊息被備份在雲端上,哪些沒有),功能更豐富(在未來,我們會實現我在上面有提到跟沒有提到的功能)。我們相信我們「兩種對話方式」的作法在長期上會更有意義,也就是為什麼會被Kakao(2014)、Line(2015)、還有去年的Google Allo和Facebook Messenger複製的原因。這些公司確實都做了自己的研究,證明了Telegram的做法是比較有拓展性、且更安全更透明的。

These are the reasons why we, ultimately, decided to go with the “two kinds of chats” approach, which is more secure (Telegram cloud is better protected than Apple/Google storage), more transparent (you can actually see which of your e2e-encrypted messages go to the cloud and which don’t) and more feature-rich (we can implement features that I mentioned above and many more in the future). We believe our “two kinds of chats” approach makes more sense in the long run, which is why it has since been copied by Kakao (2014), Line (2015), and last year by Google Allo and Facebook Messenger. These companies did their own research that proved that the Telegram way is more scalable, secure and transparent.

所以為什麼大家會問這個問題?

So Why Do People Ask This Question?

我覺得這個「Telegram比WhatsApp還不安全」的迷思來自於一篇誤導性的2016年的文章,作者是Gizmodo(「為什麼你不該使用Telegram」),裏頭有很多不正確的事情。在我們的團隊裡,有一位成員寫了一篇廣泛的評論,內容提到了很多我在這篇文章講過的一些誤解的事實。

I think the myth about Telegram being less secure than WhatsApp originated in a misleading 2016 article by Gizmodo (“Why you should never use Telegram”) which claimed a lot of things that are not true. A member of our team wrote an extensive review of that article exposing some of the misconceptions that I’ve also described in this post.

每年,Facebook-也就是擁有WhatsApp的公司-花好幾百萬在市場行銷、有影響力的記者及部落客上。相比之下,Telegram到從2013年開始到現在都沒花任何一毛錢在行銷上。雖然如此,每天還是有最起碼五十萬以上的新用戶註冊Telegram,Telegram的有效年成長率也超過了50%。我們要把這個歸功於你們-我們的用戶還有Telegram社群。

Every year Facebook – the company that owns WhatsApp – spends millions of dollars on marketing, influencing journalists and bloggers. By contrast, Telegram has spent zero dollars on marketing since we started in 2013. Nevertheless, every day at least half a million new users sign up for Telegram, and Telegram's organic annual growth rate exceeds 50%. We owe this growth only to you – our users and the Telegram community.

我希望這篇文章能夠給你一個想法,一個關於Telegram如何運作,以及為什麼我們心像我們的架構比那些老的應用程式更有意義的想法。

I hope this post gives an idea about how Telegram works and why we believe our architecture makes more sense than that of the older apps.