This is an important problem, and an effective solution would significantly enhance BTSync security. The issue isn't entirely technical, nor is is limited to BTSync. It's a Social Engineering issue. Basically, if I share a secret with a "trusted" friend, and he/she betrays that trust by sharing the secret with others, the "Genie is out of the bottle" - forever. One idea that comes to mind to mitigate: BTSync keys currently have a prefix that differentiates RW, RO, and E-RO secrets. Would it be possible to add another field that defines how many nodes can share the key? Let's say the person who originates the network intends the key to be used on precisely 10 nodes, and set this key parameter before distributing keys. Theoretically, an uninvited 11th node would fail to connect - (assuming that the undesired 11th node was the last device to join the network). I can already think of faults with this kludgy idea, but perhaps others have better ideas to tackle this.