• Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by quarrelinastraw

  1. I agree with ftrotter that open source is a necessary feature. I've seen others on this board mention that open source would be good for security or trust reasons. But it bears explicitly pointing out what some of these reasons are, since many potential users of BitTorrent will be Dropbox emigrees rather than the peer-to-peer crowd. P2P users are perhaps much more familiar with security and legal issues than the casual Dropbox user. The issue is this: there is a gaping security hole in BitTorrent Sync, and it appears the company has ignored the most prominent security threat that faces most of its potential users. One of the many lessons from the NSA scandal is that the successful way to beat encryption is through social engineering. Instead of hacking computers by brute force, the NSA and other spy agencies apply legal and fiscal pressure to obtain what they need. The international spy game is fiercely competitive, and it would be naive to suspect that the NSA has no interest in having direct access to the computer files of every American, since undoubtedly every foreign spy agency will want this information as soon as it is technologically and financially feasible. If we are unfortunate enough to experience a terrorist attack by an individual who used BitTorrent Sync for security, chances are very good that in the aftermath BT will be heavily pressured by the government into having btsync phone home with the secrets. This is independent of whether BT has already decided they'd like to have access to those secrets. Security against this attack vector cannot be guaranteed unless users can see the source code. It's also worth mentioning that the primary concern *isn't* necessarily that BT Sync users will be targeted by the government for unnecessary privacy violations. Edward Snowden has admitted to taking a job at Booz Allen Hamilton with the express purposes of making goverment secrets public. Thus we have clear evidence that -- even if the NSA is just and secure -- private security firms can be infiltrated by individuals with motivations that run counter to the motivation of the NSA. It seems likely that there have been other infiltrations of these security firms by more nefarious organizations. So even if we are entirely trusting of our government's noble principles, the fact remains that the ability of BT Sync to transmit secrets home is a potential security hole that affects all of its users. Finally, we've seen some judges attempt to force defendents to decrypt their harddrives so that these drives may be searched. As of now, this legal point hasn't been settled, and individuals might still have the ability to take the 5th amendment and refuse to decrypt their hard drives. What *has* been settled is that neither the 4th nor 5th amendment applies to information held for you by a third party. Thus if BT Sync for any reason has copies of your secrets, and you are being investigated for a crime (wrongly or otherwise) you have effectively no security from BT Sync. We need to know that BT Sync does not currently transmit secrets anywhere, and will never do so in the future. The only way we can really know these things for sure is to look at the source code.