syncingpossum

If it's not too much trouble, it'd be helpful if in each of these changelog posts, a link to the last one could be posted. That way, those of us who aren't sure if we're more than one version behind could click through to make sure there isn't more than one relevant changelog.

Wonderful, I'm glad to hear it!

It's a little disappointing reading this response from an administrator, and I hope others there take security more seriously. Like I already outlined in the third paragraph of my post, disabling all external connections does do a number of things besides just making things harder (seriously, if this is reflective of the team's thought process behind BitTorrent Sync, why are these options to disable external connections even present): * Prevents a bug in the design or implementation of the security of BitTorrent Sync from compromising the data * Prevents anyone outside the LAN from being able to track usage of BitTorrent Sync * Prevents soft information about the inside of the LAN from being leaked such as when computers are on or how often they are restarted * Lastly, BitTorrent Sync is closed-source, and users are supposed to take it on faith on what information is being sent to external servers. Disabling all external connections means there is no need to take it on faith, as if any outbound traffic whatsoever still appears, then it would easy to find and publicize. Right now, these features already exist. However, they are implemented in a way that is not right-thinking about security. Security-related settings shouldn't be blacklists, where each item has to be selected and added individually to not connect externally. Instead, they should be whitelists, where once a user has indicated they are security-sensitive and wish to limit transfers to their own LAN, each item should have to be selected and added individually to be an exception and allowed to connect externally.

It's been asked many times for a LAN syncing mode, and every time people are referred to the hack that is clicking on each folder and manually deselecting relay, tracker, and DHT. This is horrible design from a security point of view. Lack of security is the default - if someone misses a single checkbox or forgets to set a single folder, they are now insecure. Furthermore, when a new folder is added to sync, because it defaults to broadcast to the world, before a user even has a chance to change the settings, a broadcast will go out announcing the files. I realize that the developers claim that this all BitTorrent Sync communications on the Internet are private, and promise that we can trust them not to read our files. However, this is really not good enough for a lot of sensitive information (and presumably they understand that, which is why it's possible to disable relay, tracker, and DHT in the first place). The app is closed source, so we just need to take promises on faith, and even assuming everyone is honest, the data is only one security bug in the code away from the prying eyes of bad guys. For a lot of sensitive data, given that we can't read the BitTorrent Sync source code, the only security that is good enough is being able to ensure by monitoring the network that Sync never, ever communicates outside of the LAN. This is all in addition to the fact that it's incredibly obtuse and burdensome for a user to go through each folder individually clicking options, to the point where this needs to be a question on the FAQ. Now I can appreciate for the average user, you want things to be as simple as possible and just work. However, for an app that claims to be serious about security and privacy, based on best practices in security design, there really needs to be a global option to limit all communications to LAN rather than this current folder-by-folder approach.

Found this thread by searching on Google for my problems with BTS under Windows 8.1. I have three computers on a LAN, two running older versions of Windows, and one running Windows 8.1. I only want to sync on LAN, and the two older computers work completely fine with NAT disabled, relay servers off, and trackers servers off. My Windows 8.1 computer wouldn't connect without those things enabled. The solution here worked for me, by adding the other computers as predefined hosts, my Windows 8.1 computer will connect to them. It's unfortunate that this is necessary, as it really reduces flexibility and is a hassle. I set up all three of them exactly the same way, and confirmed multiple times there are firewall exceptions properly set for all of them. I think there's almost certainly some bug lurking around in the way BitTorrent Sync works under Windows 8.1.