LazyWolf

Members
  • Posts

    40
  • Joined

  • Last visited

About LazyWolf

  • Birthday 09/05/1993

Profile Information

  • Gender
    Male

LazyWolf's Achievements

Advanced Member

Advanced Member (3/3)

  1. From my experience it would be extremely simple to load the executable up in olly and bypass any checks that are built in, then just distribute that with my application. These limitations only restrict legitimate developers and make building any thing using btsync a waste of time and energy. Sent from my SCH-I545 using Tapatalk
  2. Personaly I see no reason to develop anything with the BTSync API until this issue is resolved. I think the API key creation should be on each btsync, to allow the users to make their own keys and allow access to their btsync instances. At any point in time my hours/weeks of work could just be shut off by a Bittorrent employee which is completly against the idea of P2P. It would be like trying to build a house of cards in a vehical traveling down a dirt road -- you never know when the whole thing will be taken away from you.
  3. I do not see the current method of having Bittorrent deciding if a client is able to talk to someone's private server working out very well. What would be the point of developing something for BTSync using the API if at any moment someone from Bittorrent could decide to remove your access to the product and end hours, days, months of work. The only real use I can see for a project like this is for the api beta, once the api is out of beta I think Bittorrent as the gatekeeper should be removed. I would love to still have api keys but I think it should be up to every individual server running BTSync to generate api keys for clients to connect to it... Having Bittorrent have to approve any api use by clients or users in the future make the project useless in my mind. I see it like having strong encryption but every time you want to use it you have to ask for permission from twenty people, fill out a form, and wait 30+ days for possible approval. One posible abuse I could see steaming from Bittorrent control over the api keys would be something like charging developers per Gig of data transfered because of the use of their program, if one does not pay up they could just disable your access. I am hoping that the current situation is temporary. In the future I am looking forward to our own api key generation with acls for every key we create with no intervention or interaction with Bittorrent.
  4. LazyWolf

    Showcase

    When I have free time I will continue to work on my Python lib... https://github.com/BrandonIngalls/BTSyncAPI
  5. You shouldn't need to open any ports in order for it to sync, but you can check the to see what ports are being blocked by using dmesg
  6. 1. Can your ubuntu server connect to the internet? ping 8.8.8.8 2. Can you access btsync from your local network? Also you say you do not want the website to be reachable from the internet, why did you forwardport 8888? You do not need to forward the webui port for sync to work.
  7. If you have it set to 127.0.0.1 you can only access btsync from your local computer as you are setting it to listen on a virtual interface that exists only within that device. 0.0.0.0 listens on all devices eth0, wlan0, etc.
  8. 0.0.0.0:port to listen on then add a firewall rule... sudo ufw allow from 192.168.1.0/24 to any port webuiport proto tcp
  9. Encfs is not build with Plausible Deniability in mind, encfs is easy to detect because of its .encfs6.xml file format. Where if you were to compare a TC volume that wasn't made with --quick and a file of the same size made from dd if=/dev/urandom of=randFile.dd you would be unable to tell which if either of them were TC volumes.
  10. True but knowing how much data has changed from a forensics point of view can give you quite a bit of information... Say a person went to TPB and searched non https, found a movie that was 752227840 bytes. They download said movie and move it to their encrypted tc volume which is later synced across a network. If someone was watching and had control of the backup computer they would not be able to access the data but if they also had access to your net history (LEO) they would be able to show you searched on TPB and one of the links you went to had a 752227840 byte movie then an hour later the person moves the movie to the tc volume and it slowly syncs only the new data 752227840 bytes added to the filesystem. They now can show that the person more than likely moved an illegally downloaded movie from their main partition to an encrytped one. Also if using a hidden volume an adversary would be able to see that you are writing data to one part of the volume that the normal outter volume password will not have access to. Then they could "prove" there was a hidden volume and you lose the Plausible Deniability TC gives.
  11. I think that syncing a TC volume would defeate one of TrueCrypts core security features. You know when you have to wait a long time when creating a new volume or encrypted partition in TC, it is filling that space with "random" data. This makes it hard to guess where data is located(if any at all) in the space. One of the ways BTSync deals with large files is to split up the file into chunks of 4MB to see if it needs to be updated if an attacker could watch the data from a TC volume being backed up to a service like backupsy they would be able to eliminate a large section of the volume and know exactly where the real data is located.
  12. It is to be expected, that process is forked to the background which means it is not tied to your session. You should be able to run it with the extra --nodaemon option in a ~/.config/autostart/something.desktop file I think that would spawn it tied to the current session.
  13. If you want to use the web ui you can not have a share in the config file. The web UI stores secrets in a seperate file, so generate a new config file and only edit device_name, login, and password. Do not change secret or dir.
  14. One thing I would recommend would to use AppArmor to harden the btsync process a bit.
  15. It should run as the current user, but you could do a test my making a new folder and chmod 777 it, then add it to btsync and let btsync add some files from another device. Then you go into the folder through a terminal and type ls -alh . This will show you the information on all the files/folders, username and groups of all the files.