Anaqreon

Thanks for your thoughts. I have warm fuzzy feelings about BitTorrent as a company, but if we have learned anything from the revelations about NSA and related agency activity, it is that companies can be coerced into violating the privacy of their customers whether they want to or not, while the legality of the action seems to be an almost irrelevant concern to the government agencies. This makes me sad but it is a hard truth that must be confronted in the absence of institutional reform. Is it possible in Linux for a process running as a normal user to access the memory of any other process run by the same user? If so, perhaps it is best to run Sync as a separate user dedicated only to that application. Would that be safe enough? What used to be paranoid behavior, as you say, now seems to be simply prudent.

There are many discussions about the intrinsic security of Sync encryption, but this topic is not about that. I'm confident that the encryption used is solid. I would like to know if there is proof that there is no "backdoor" in the Sync software that could allow a third party to decrypt files. I have searched repeatedly but have not found any substantive discussion about this obvious question. The only reason this is a worry, of course, is that the Sync client is not open-source. While the decision for it to remain closed is understandable (and not the relevant topic here), it does place the burden of proof on BitTorrent to assure users of their data privacy. Is it even possible to prove this without knowing the code? Perhaps several independent third party security audits would be better than nothing. Have these taken place? I recognize that it is always possible to encrypt files yourself before they are accessed by the Sync client (or even Dropbox or any other file sync provider) in order to neutralize any potential backdoor, but this method is of course not how the system is advertised and adds a layer of complexity most people will not use. Such a discussion would be distracting and off-topic for this specific question about what proof exists for Sync data privacy and/or what the nature of that proof is.