I'm definitely not a security expert either, but would something like what's done here work similarly for BTSync? I'm just about to set up something like this, so haven't tried it yet, but see no issues with it either.
As long as the encfs command isn't run automatically, you can't use the HDD in another system, as the data won't be decrypted yet. However, once the command is run, BTSync would see standard files.
Am I getting something wrong with the basics? Like I said, I don't have this running yet, but hope to do that this weekend.
Edit: In summary, encrypted during transfer by BTsync, encrypted on HDD by encfs. Unencrypted in RAM, but direct access can't really be protected against without the encrypted node kind of stuff.
I think your solution is not safe. Dropbox "encrypts" all the data and your solution only the communication between your computer and server with btsync. Please do not forget if you rent a server, its not your server and in time of PRISM maybe 3rd person has access to it.
If you installed the server was it "your" image or an image given by the provider? In best case if there is no backdoor (ssh keys etc.), where do you know that someone at you provider does not boot in e.g. rescue mode or from different system with your hard disk to access all your data?
Thats why i would use encryption. But the problem with e.g. ecryptfs is, that for running btsync the needed home folder must be unenrypted and an unencrypted home folder is visible by root. Means that it could be accessible again by people with more "force" or by a backdoor.
Thats why i would install the encrypted home folder not on your rented server, i would install it on a virtual machine (kvm) running on your rented server where you can use you own installed image. And in case someone has access to the rented server the 3rd person can only download an image file with encrypted home folder.
I am not really a security expert and i am not sure that this solution is safe, but i think more safe than install all my personal data on an "unprotected" system.
Create a Secure Cloud with Sync and Amazon EC2
in Sync Stories
Posted
I'm definitely not a security expert either, but would something like what's done here work similarly for BTSync? I'm just about to set up something like this, so haven't tried it yet, but see no issues with it either.
As long as the encfs command isn't run automatically, you can't use the HDD in another system, as the data won't be decrypted yet. However, once the command is run, BTSync would see standard files.
Am I getting something wrong with the basics? Like I said, I don't have this running yet, but hope to do that this weekend.
Edit: In summary, encrypted during transfer by BTsync, encrypted on HDD by encfs. Unencrypted in RAM, but direct access can't really be protected against without the encrypted node kind of stuff.