I'm definitely not a security expert either, but would something like what's done here work similarly for BTSync? I'm just about to set up something like this, so haven't tried it yet, but see no issues with it either. As long as the encfs command isn't run automatically, you can't use the HDD in another system, as the data won't be decrypted yet. However, once the command is run, BTSync would see standard files. Am I getting something wrong with the basics? Like I said, I don't have this running yet, but hope to do that this weekend. Edit: In summary, encrypted during transfer by BTsync, encrypted on HDD by encfs. Unencrypted in RAM, but direct access can't really be protected against without the encrypted node kind of stuff.