Slashdot Mirror
BitTorrent Sync Beta Released
Nerval's Lobster writes "BitTorrent Sync has reached its Beta milestone. The tool, which allows for secure file-syncing between devices, has been under development for quite some time: BitTorrent released a limited pre-Alpha program in January, planning to use any feedback to refine the software before release. Key features include the use of peer-to-peer technology for direct synchronization, rather than storing files in the cloud—a key differentiator from similar storage services on the market. 'It fits into our overall goal of making a better Internet using P2P,' BitTorrent Inc. told TorrentFreak when that pre-Alpha rolled out. In the intervening months, of course, former federal contractor Edward Snowden leaked a variety of top-secret documents about NSA surveillance to The Guardian, kicking off several weeks' worth of discussions and handwringing over government snooping. Several of those documents suggested that an NSA program codenamed PRISM siphoned user data from nine major technology companies, including Google and Microsoft; the named companies have stridently denied any involvement. Those revelations about the NSA—even if totally unsurprising to the paranoid—could kick off renewed interest in software tools capable of securing data against prying eyes. In other words, this could be just the moment for something like BitTorrent Sync to hit the market. 'Sync is a response to what we see as real, fundamental challenges to personal data movement: the limitations on speed, size, space, privacy, and security that come with cloud dependency,' read a July 17 note on the BitTorrent Blog."
The BTSync team has been perfectly clear that they do not intend at any time to open BTSync to the public. We were told that when we were using Skype, that it was safe and encrypted. Now we learned that it wasn't. Open source Sync and we will trust you.
If you're told a service is unsnoopable and you get prosecuted because it turns out to be highly snoopable, is the company liable for any charges?
You'd be a fool to install any software made by a company publicly in cooperation with the MPAA.
(who knows what kind of backroom deals are going ontop of that)
(:)copyrighted movie found in sync folder. contacting the lawyers.
The advantage of synching and sharing with random peers is increased bandwidth and more redundancy in case one or more of your devices are not working or have limited network connectivity.
Closed specification, closed client AND no apparent business model?
I don't see any reason to trust this with synchronizing any data.
Please people, seed my personal files that you can't see!
Mod me down, my New Earth Global Warmingist friends!
as long as they open their standard. If I can choose an open-source implementation written by someone else, I'm much more interested and inclined to really use the service.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
>Those revelations about the NSA—even if totally unsurprising to the paranoid
Don't those revelations imply that the people labelled as paranoid were in fact not paranoid at all?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
So it's basically a distributed, but private dropbox thingie, sounds nice.
Is there any open-source that does a similar thing ? (as in: works on linux and android, and is fairly lightweight)
Owncloud is the closest I could find, but it requires a central server, I think.
I doubt BitTorrent will open source this, as it's a for-profit company that hasn't had luck monetizing open source in the past.
There's no -1 for "I don't get it."
The ONLY security that works is end-point encryption under the control of the user. This old "don't worry, we'll take care of it for you" approach is just another NSA scam.
Man-in-the-middle attacks, and in-built back-doors by companies like BitTorrent (remember, BitTorrent is a COMPANY, and nothing to do now with bittorrent the protocol used for ordinary torrents) render such services worse than useless.
Look, let me make this simple. Use Truecrypt or something equally reliable to encrypt a file. Send the file over the Internet. Ensure the receiving user knows the password through a mechanism least likely to be casually and AUTOMATICALLY intercepted by the NSA. If you are an actual named target of the NSA or similar agency, they'll use keyloggers, cameras in your home or whatever, and no security will prove good enough.
True security has different levels of quality. The security we want allows us to prevent Gates and Obama from running mass surveillance on our private data. Like I said, it won't help if heaven forbid we become named targets, but it will reassert the principle that ordinary people are NOT cattle to be tracked and monitored by their 'owners'.
I perhaps need to point out the obvious. When a user is creating secure communication between devices they control, this issue of providing a password or key to a second party is missing, simplifying things to an extraordinary degree. Because the user can create ONE password and be the only person that knows that password, true inter-device security is theoretically possible.
However, take the recent announcement that Tony Blair's goons are legally able to confiscate ANY phone from people passing through UK borders, with no excuse required. Why don't most phones allow user data to be properly encrypted, making Blair's actions useless? And please don't give me crap about forcing passwords from people. That is a tactic that, even in the UK, can only be applied to a VERY small number of people, and even then some court approved suspicion is required. Blair has goons grab so many phones BECAUSE the data they contain is almost always trivially available.
I should also point out that no REAL criminal is going to forget to protect or hide their data. Only ordinary users, with 'nothing to hide' (a very dangerous way of thinking in Blair's police-state) will be so casual about what they keep on their phones.
I'm sorry but finding crooks should require 'work', and not rely on laws that assume we are all criminals. It should be a legal requirement that all devices capable of holding personal data have state-of-the-art encryption systems that not even the NSA can break. If the person becomes a named target, the State should have to make a real effort, like replacing his/her phone with a hacked one whose security is compromised. Pre-crime action by the State against all of us is an OUTRAGE. Microsoft, Google and BitTorrent working with the NSA to compromise ALL software provided to ordinary citizens is a crime against Humanity.
They can maket it all they want, nobody that actually knows what they're doing and wants their data to be secure would use this. BT Sync is a product from a company known to collaborate with MPAA & co. I wouldn't trust it with anything until we've seen the source. I hope the same thing that happened to torrents will happen, and that is someone will develop an open source client for this protocol.
I just love when bittorrent is tied into freedom of speech and human rights. It just shows people don't know shit about fuck with regards to freedom of speech and human rights.
First world problems for sure.
I haven't thought of anything clever to put here, but then again most of you haven't either.
I know it is not exactly the same, but it sure does eliminate a lot of security concerns about third-party keys and such floating around. I have been doing network "dropbox" type drive mounts between my own machines for years this way, including across several countries, cities, and offices. Of all the "vpn" systems I have ever tried, ssh, sftp, and so on is still the easiest to use (in 'it just works' sort of way) with the most flexibility.
I also don't see why someone could not setup there own private torrents between machines, perhaps over ssh tunnel, to create the same effect as this software.
but we need to go further. How cool would it be to have an XMPP based initiation protocol instead of a LAMP stack? Place your jabber server credentials of choice into two devices and then have some form of pairing over XMPP. Initiate a direct connection if possible but use XMPP as a fallback. Extra points for communicating over SSL via generated public-private key pairs per device with a graphical fingerprint for pairing the two devices together.
Of course the ultimate extension of this is a bittorrent filesystem sync. Imagine you have a lot of music or movies and want to keep them in sync in multiple locations securely. Maybe allow friends to get a read-only sync copy of your media but not your financial data. Maybe sync everything to a NAS in your parents.
Benefits of just using rsync (which I use now) is obviously the torrent part of it, but an additional part is that you can likely do it without punching an extra hole in your network's security if you live behind a couple layers of routers.
Help! I'm a slashdot refugee.
Paranoid is not exactly the right word, considering it was fucking true.
Yup! yup! yup! They misGood
Wuuhuuu
As cool as using bittorrent protocol would be, at least owncloud's developers do release the source code, and there are sync clients too. It may not be distributed (it requires a regular server setup), but I'll take that over not having the code.
I would like to point out that BTSync has some method of knowing which application/machine is associated with a certain secret. That is, when you installed BTSync all you needed to enter was your secret and it automatically knew which program was associated with the device. It automatically connected program A at IP B to program X at IP Y. To accomplish this there has to be some sort of central registry knowing that program A is associated with that particular secret key.
To obtain your files, all someone needs to do is install with that secret (which as I said BTorrent already knows somewhere on their servers). This appears to be all smoke and mirrors and is likely less secure than Dropbox et al.
So this thing stores segments of your synced stuff in a distributed fashion across multiple unknowns computers. right? I've been following a recent article series on Arstechnica about cracking passwords, and that left me worried. Now, what is to stop anyone participating in my sync from forcefully cracking and viewing encrypted parts of my files?
I've been looking for a good solution to "divorce" myself from the cloud storage trend for quite a while and I'll started using BitTorrent Sync as soon as it was announced. They also now have an Android version for testing and it also works quite well. They use a secret key for each folder shared that is generated by the software, or can be created by you. Each folder has a full access and read only key, so you can share files at two different levels. These keys can be changed anytime and it has a key delivery mechanism of one-time keys that can be more easily shared. Obviously, in order to keep your files safe, you need two locations that separate, such as home and work or you could sync your files with a friend. The features have been coming very quickly and I'm pleased by all they have added. You can choose how much you want to use the BitTorrent network (your files are always encrypted with your key though so they cannot be viewed over the network) from using their trackers, a relay server, and the DHT network, to just using the LAN and hardcoding the host IPs into the software configuration. The more of the network you use, the easier it is to access your files from anywhere. So, if you don't trust BitTorrent, then you don't have to use them. The Android application (and the iPhone one when it come out I'm sure) has some additional features, such as the ability to easy transfer files between mobile devices by simply scanning a QR code and things like that. So far, I am very pleased with this software and have been recommending it to everyone.