I understand the main complaint against BT Sync is that it's not open source. That said, is it possible for anyone speak to its security? I've been testing the desktop client for some time and it seems one of the most promising applications I've used in awhile - even at alpha status.
Would like to recommend this to peers I work with as a potential collaboration tool for projects that require security.
I think it's safe to say that the primary reason people complain about the lack of BT Sync source code is because it is currently difficult (if not nearly impossible) to audit its security.
I started using BTSync a few days ago and I must admit it is a very interesting and useful software. However there are a few things that bug me:
[1] It uses a public tracker to transfer your files, which mean anyone with your secret phrase can download your files from the other end of the world. You can't assign a private tracker or change the current one. (The use of trackers can be turned off but when I did, it failed to sync, even within a LAN)
[2] If a direct connection cannot be made, a relay will be used to transfer your files. (This is turned on by default but you can turn it off in the settings)
[3] .SyncIgnore which is supposed to be similar to .gitignore does not work as expected.
[4] "Anonymous" statistics are collected and cannot be opted out or turned off.
[5] The claim for privacy, security and encryption cannot be easily audited since it is closed source.
BTSync definitely fills the void what Dropbox leaves behind but I wouldn't recommend using it for anything secure.
Would love to get HN's thoughts on this idea ... if BTSync were to release (or have developed if it goes open source) a mobile SDK for ios and android, what if an app that used this would just give the user a folder secret. This secret could then be used to set up a folder on their PC to automatically get access to and backup data from their mobile devices.
I for one would love this, because then I can choose how much infrastructure to devote to backing up and sharing (between my own applications) my mobile data.
I tried it for a few days to sync my main laptop with my netbook. Could not find any info on how it works and stopped using it. How does it generate keys? How does it sync? How can i be sure nobody is reading my files somewhere else? Back to rsync I guess, though the two way sync with syncapp was rly nice.
15 comments
[ 3.1 ms ] story [ 48.0 ms ] threadWould like to recommend this to peers I work with as a potential collaboration tool for projects that require security.
Next up, BT Mail? Would love to see that.
http://forum.bittorrent.com/topic/8816-will-syncapp-be-open-...
http://forum.bittorrent.com/topic/21048-defensive-open-sourc...
http://www.fsf.org/campaigns/priority-projects/priority-proj...
I would be thrilled if this project gets somewhere, even to gnash-like quality.
1: http://forum.bittorrent.com/topic/21338-inofficial-protocol-...
2: https://github.com/picosync/workingDraft
[1] It uses a public tracker to transfer your files, which mean anyone with your secret phrase can download your files from the other end of the world. You can't assign a private tracker or change the current one. (The use of trackers can be turned off but when I did, it failed to sync, even within a LAN)
[2] If a direct connection cannot be made, a relay will be used to transfer your files. (This is turned on by default but you can turn it off in the settings)
[3] .SyncIgnore which is supposed to be similar to .gitignore does not work as expected.
[4] "Anonymous" statistics are collected and cannot be opted out or turned off.
[5] The claim for privacy, security and encryption cannot be easily audited since it is closed source.
BTSync definitely fills the void what Dropbox leaves behind but I wouldn't recommend using it for anything secure.
I do wonder how they will monetize their final release. Perhaps a monthly backup plan on their own servers.
Not sure if there are any efforts being made at reverse engineering. Maybe it would make a good project =)
I for one would love this, because then I can choose how much infrastructure to devote to backing up and sharing (between my own applications) my mobile data.