milesrotaru

Sweet! I couldn't find any confirmation of that earlier. Good to know.

Items disappear from the Devices tab when those devices are powered off or not running BT Sync. This makes it hard to keep track of all your peers. I suggest listing every device that has ever connected to one of your shared folders since the last time the secret for that folder was changed. And there could be an indicator for whether or not the device is currently online.

Good point, Zbig. I also suppose if someone had enough access to a machine to steal the secret for a shared folder, they could just as easily steal the folder itself. One could share a Truecrypt volume to get around that but I don't think BT Sync hashes files in small chunks and sends only the changed parts like Dropbox does.

Ooooooh. I misunderstood how those work. Thanks! Could a person I shared a one-time secret with invite more people to the folder? I'd really like to maintain control of the folder without restricting people from adding files. Even though sharing a one-time key seems a lot safer it looks like the recipient still gets the master secret and could then do something stupid like let it get stolen. If there was something like a personal master password for viewing for viewing or changing your secrets, which were encrypted, that would at least prevent accidental leaking.

Are you suggesting sending out new one-time secrets every 24 hours? (or some other interval) That would be pretty good if there was a way to automate it. The usage scenario I have in mind is long term folder sharing with a small number of peers. The only way I can think to handle that with one-time secrets is to manually generate and send one out via encrypted email every morning, which my peers would then manually copy and paste into the program. It would be a security improvement I guess but not an elegant solution. Maybe with an API I could set up something cleverer.

I have a few concerns about the way BitTorrent Sync handles secrets, and I'd like to know if the developers plan to address any of them in the future. There's no built in way to share secrets securely. A non technical person would be tempted to just send out the secret to their peers via IM or email, which is horribly insecure. The only safe way I've thought of to handle this is some other encrypted channel or a scheme involving PGP. Some implementation of PGP encryption built into the program for the purpose of exchanging secrets would be great. Secondly, secrets are poorly protected. I'm only using BT Sync with people I trust but what if one of my peers leaked the key? Everybody I'm syncing with can see the secret and share it however they wish, possibly with someone I don't want gaining access to the shared folder. I'd really like to see a concept of folder ownership, along with authentication. To go along with that, some security features like getting a notification whenever a new user joins using my secret, and the ability to deny access. How can I know that a person using the secret I gave out is actually the person I originally gave it to? BT Sync would be awesome to use with other people over the Internet but I'm nervous about that for the above reasons. If any of this in the future development plans for BT Sync? And are there any workarounds I could try in the mean time? Thanks in advance.