Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Resilio Sync
    • Sync General Discussion
    • Sync Troubleshooting
    • Sync for NAS (Network Attached Storage)
    • Sync Stories
    • Developers
    • Feature Requests

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







  1. I use Resilio Sync to sync files among computers within my local network. I've unchecked "Use relay server when required" and "Use tracker server" in preferences for every connected folders. But Resilio Sync still keep making outgoing connections to the tracker server( and 2606:2e00:8003:1:ec4:7aff:fe57:108e). Is it possible to disable this? for security and privacy concern.
  2. Hello I just want to know for sure which essential Roaming files I should backup (*.dat ?) to be able to reinstall my Sync settings on a computer from scratch : I whish you add, not a feature, but just a documentation to clarify and officialize this. Sorry I it allready exists, but I don't think so. Thanks
  3. How does the sync work over non-WiFi (3g,4g etc...) How does my phone discover changes on my PC without any central server? Is there an URL with my device key? How does this work?
  4. Does the sync also bring over the file/user privileges with the files? thanks
  5. Can someone confirm whether or not the Government solution provided by Resilio is FIPS 140-2 compliant? Regards, A
  6. I recently did a contract with a Fortune 500 client that requires SAS 70 Type II, SSAE 16, ISAE 3402, and/or SOC2/3 certifications amongst other guarantees like 99.9% SLAs and so on and so forth when working with external vendors. Moving data securely is always a sensitive issue. The company required AES256 at rest and during data transmission. BT Sync (now Resilio) only currently supports AES-128, which is problem number one, but I still floated BT Sync for transmitting large assets that weren't mission critical. During a security review legal called attention to a clause in Resilio's Terms o
  7. Hello, Is there ANYTHING other than the public key and the folder key/hash transferred unencrypted? (In standard folders) Are there plans to open source the client and protocol? Is there a security whitepaper I can read? Thanks for your great work.
  8. Hi, 1st question: Is it from a security point of view relatively safe to directly expose the listening port to the internet? To my understanding this is necessary if I do not want to use a relay server and all devices are NATed? A VPN would restrict use cases a lot. I do of course not expose the Mgmt. UI - not sure how safe that would be at all. 2nd question: Additionally I was wondering why there is no apparmor profile installed by default. Wouldn't that be best practice for applications with direct internet exposure? Thanks, -b
  9. Hello Everyone! I'm thinking about securing usage of BTSync. Encrypted folders are superb but there is a lack of security. It is not in the manual but every instance of BTSync organizes a folder with name .SyncUser with numbers. This folder contains very sensitive information... It contains the keys! Imagine that you are using Synology or Windows. You installed BTSync, set it up, set some encrypted folders, use BitLocker or eCryptFS for your sensitive folders and think that everything is very secure. But.... But the problem is in the process how and where BTSync stores the
  10. Would it be madness to make the webgui available publicly, or is this ok as long as you use a strong password? Do attackers have as long as they like to brute force the credentials, or is there some rate limiting and/or IP banning on failed logins implemented by BTSync?
  11. Does BTSync support perfect forward secrecy? The following post suggests yes, but it is kind of old and points to a security page that no longer exists: This page suggests that PFS doesn't apply since Sync doesn't use TLS: Is there any further information on this? Thank you, John
  12. I've removed my 1.4 shares, to upgrade to 2.0 shares (of course i've made a backup from the settings and the database). First i've set the new share to be preapproved when new client connects, but even if i approved the connection, the client wrote "waiting for approval". So approvals do not work, it's OK, i don't need it. So i've disabled the approve requirement, and tried again... but the client still writes "waiting for approval" while it isn't needed. Then i said ok, i've just restore to 1.4 database, so restored everything that is related to btsync, but that isn't worked, as the clien
  13. The related report:
  14. Hi, I installed Bittorrent Sync 1.4.110. I read some topics regarding privacy, and I understand hash is not privacy data. But I would like to use Bittorrent Sync as pure P2P system. Share(mail,copy,QR code) will use internet connection( So I will use "copy key" in settings. I disalbed both "use tracker server" and "use relay server". I believed this will work pure P2P system. But I found my firewall logs continue to show connection between UDP 3000 and my local pc. How can I stop this? To disable "use relay seve
  15. Hey. This might be a stupid question. But what exactly happens if a peer with read-only access to a folder modifies or changes it's contents? Or if a large number of users attempt to do it? Is it possible to fake content without the read/write-key in any way? Thanks for the clarification.
  16. Running btsync on Linux will by default create a *publicly-accessible, unprotected* WebUI, allowing anyone on the web to create a sync folder to view and edit files your files (i.e. files in directories writable by you). Could the defaults (used when running btsync without a config file) be changed to prevent this unintended data leak? A temporary workaround is to run `killall btsync` to turn off the WebUI, and then use --config with a config file that sets webui > password to a secure password. You can use `lsof -i` to verify that the WebUI is not running.
  17. We are looking to deploy this product in a environment with over 100 remote locations, and would like the ability to lock down the gui, so shares, settings, and so on are not able to be changed by users. A password would suffice. I believe this will be helpful to many people. Thanks!
  18. Security researches have found out that Bittorrent Inc has access to all your "encrypted files". It's VERY easy for the NSA or other agencies to get access, all they need is to do one of the following: 1. Send National Security Letters to Bittorrent Inc forcing them to cooperate in a "legal" way 2. Hack/Infiltrate Bittorrent Inc 3. Force Bittorrent Inc to cooperate All your keys are transported to Bittorrent Inc. This is a recent change, it wasn't this way in the first versions of Bittorrent Sync. That indicates a deliberate change in order to backdoor Bittorrent Sync. http://2014.hackit
  19. We use this a lot in our laptops, as usually your laptop has a risk to be lost or stolen. It would be huge security add-on if you could remotely lock those synced folders by encrypting them temporaly until you recover your peer device. If you are sure that you peer device has been stolen or totally lost => you want to secure your data by remotely deleting all data in Synced folders and deleta all secure keys in BTSync client!
  20. When I read all this: I wonder whether bittorrent gets all informations to identify peers by using this link thing and could interfer their communication. juh
  21. Hi, Just have some questions about approved peers so I understand how it works. It's a unit based setting right? I mean if I have 5 units I need to enable the setting on all devices to make sure no content is being shared to anyone else? Can these approved peers be specified in the config file using the username or device name? Thanks!
  22. I have not found one but is there a way to hide "***************" the secret fields in the preferences / settings box so it can only be viewed with a password. I am on OSX Maverick.
  23. Hi, When I click "Generate" for "Shared secret" they all begin with "A". Are they really random? Cheers, Jens
  24. hello together, I ask me if it is possible to get foreign content? is it possible to bruteforce valid keys to get the content from forein persons? or is there a "list" with valid keys in the web? how the client finds the right "server" with the suitable content for the secret key? why do not use a private and a public key or key and passphrase? I think it is not save if anyone can use a bruteforced or traced key without a pasasword or private key to decrypt the content. can someone enlighten me? thanks, ks