在Telethon中,我有多大程度的匿名性?

huangapple go评论76阅读模式
英文:

To which extent am I anonymous with Telethon?

问题

以下是翻译好的内容:

考虑以下情境。不要因为爱丽丝和鲍勃的粗心而感到惊讶 — 也许他们是我的替身。

爱丽丝和鲍勃都有Telegram帐户。爱丽丝在她的手机上使用my.telegram.org创建了一个新的应用程序,检索到了一对(应用程序api_id,应用程序api_hash),将它们写在一张纸上,然后出于某种奇怪的原因把这张纸交给了我。然后,在我的电脑上,我尝试运行应用程序代码,其中包含字符串client = TelegramClient('bob', api_id, api_hash),我的stdout中会出现提示请输入您的电话号码(或机器人令牌),我输入鲍勃的电话号码,鲍勃收到验证代码,并出于某种奇怪的原因将其展示给我。现在,我已经使用爱丽丝的api_id和api_hash登录到了鲍勃的Telegram帐户。

然后,使用我的电脑,我运行应用程序的代码:我调用一些Telethon函数,如GetFullChannelRequest、GetFullUserRequest,获取一些消息等。我的代码不会代表鲍勃发送任何消息,它只进行大规模的数据抓取。

问题:

  1. 当我使用Telethon进行抓取时,在IP数据包级别会发生什么?它看起来是否像从我的电脑直接发送到Telegram服务器之一的一系列GET请求,还是有一些中间的Telethon服务器?

  2. 谁可以记录我的代码抓取了哪些频道和用户?是否正确,Telegram可以记录每个我的抓取请求,包括我的IP地址、鲍勃的Telegram ID和爱丽丝的应用程序ID,我的ISP只能记录我与Telegram服务器之间的TLS加密流量,鲍勃只能注意到应用程序会话不时变为活动状态,而爱丽丝根本没有关于我的行为的信息?

英文:

Consider the following model situation. Don't be surprised with carelessness of Alice and Bob — maybe they're my alter egos.

Both Alice and Bob have Telegram accounts. Using my.telegram.org on her mobile phone, Alice creates new app, retrieves the pair (app api_id, app api_hash), writes them on a piece of paper and for some strange reason gives this paper to me. Then on my PC I try to run the app's code that has the string client = TelegramClient('bob', api_id, api_hash) in it, the prompt Please enter your phone (or bot token) appears in my stdout, I type in Bob's phone number, Bob receives verification code and for some strange reason shows it to me. Now I'm logged in to the Bob's Telegram account with Alice's api_id and api_hash.

Then, using my PC, I run the app's code: I call some Telethon functions, such as GetFullChannelRequest, GetFullUserRequest, fetch some messages etc. My code does not send any messages on Bob's behalf, it only does massive data scraping.

Questions:

  1. When I use Telethon for scraping, what happens on IP packet level? Does it look like series of GET requests from my PC directly to one of the Telegram servers, or are there some intermediary Telethon servers?

  2. Who can log what channels and users are scraped by my code? Is it correct that Telegram can log every my scraping request together with my IP address and Bob's Telegram ID and Alice's App ID, my ISP can only log TLS-encrypted traffic between me and a Telegram server, Bob can only note that the app session becomes active from time to time, and Alice gets no information regarding my behavior at all?

答案1

得分: 1

> it only does massive data scraping
它只进行大规模数据抓取。

> When I use Telethon for scraping, what happens on IP packet level?
当我使用Telethon进行抓取时,在IP数据包级别会发生什么?

> are there some intermediary Telethon servers
有一些中间的Telethon服务器吗?

> Who can log what channels and users are scraped by my code?
谁可以记录我的代码抓取的频道和用户?

英文:

> it only does massive data scraping

Note that Telegram is free to ban any account for API abuse. You should be sure to read through their Terms of Service.

> When I use Telethon for scraping, what happens on IP packet level?

Telethon creates a new socket and connects via TCP to one of Telegram's datacenters. The first datacenter IP is hardcoded or connection would not be possible. The library will switch datacenter if Telegram says so.

> are there some intermediary Telethon servers

There is no such thing. In older versions, when RPC errors occurred, it made requests to another server so that we could provide better a experience and document all errors users found. This has long been removed, and the library now only talks to Telegram (there is a bug open as it may still make a request to other servers when downloading remote media, but not when downloading files uploaded to Telegram, however, note that Telegram may use CDNs).

> Who can log what channels and users are scraped by my code?

Telegram obviously knows the API ID used, what account it belongs to, what account is logged-in, and your IP address simply by virtue of having a direct TCP connection to you. It also knows what requests you make, as it would not be able to process them otherwise. Whether they log or do anything with this information we cannot know, as we have no access to the server source code.

What happens over the wire is another story, as there are likely intermediate peers between you and Telegram. The protocol used to exchange messages with Telegram is known as MTProto. Whether you trust it or this is safe I can't speak for, as I am not an expert in that field.

Likewise, I've developed the library and I trust it enough to use it. Whether others trust it enough is up to them, and this is true for any other library too (or even the official applications).

huangapple
  • 本文由 发表于 2023年5月11日 17:38:46
  • 转载请务必保留本文链接:https://go.coder-hub.com/76226206.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定