Usefulness of one-time codes?

[Morethought]

I just tested a one time code out from my linux VPS to my windows desktop. I thought it was going to be some secure thing where someone can use the code once and now only they can access it and not let anyone else get access... But it seems I was mistaken because after I used the one time code the properties for the folder has the full code right there to be seen and given out to other people without your permission, basically making the one time'ness completely useless it seems.

Am I wrong? I know there would be some limited usefulness of having one code but if the person who uses it can then get the full code to distribute isn't that a bit useless? I may be missing something, if so please let me know.

[Automatic Coding]

It's used to transfer the real key over an encrypted channel, I believe. Useful for if you want to give someone you trust full access, but, you don't trust you means of the connection between you two.

Basically, you give them a one time key, they connect to you, the channel is encrypted, then BTSync transfers the real key, then the OTK is marked as invalid, then they reconnect using the real key.

[Morethought]

Oh that would make sense then. A tooltip or something to describe the purpose would be very useful. I would like to hope at some point that perhaps a second type of one time code exists where some how it lets someone gain access but not be able to have the full code to give out maybe? Not sure, it may not be possible with the technology the way it is but it is an idea, which I thought was already the case. Thats why I only just now tested it because I thought I knew what was meant by one-time but eventually wanted to test to make sure.

But that for sure is useful now you have brought that up.

[Zbig]

AFAIR, when you give a one-time read-only code to someone, they don't see the full (master) key in the UI. Anyway, if you're concerned with giving someone an access to some data and then worrying what they could do with it, maybe you shouldn't have given it in the first place? After all, even when unable to invite others to the BTSync cloud, he or she can burn the data to CD-Rs, e-mail it to friends, print it in the newspaper, create their own BTSync cloud... you get the idea What you have in mind is called DRM and is little out of scope of the data sync tool

[Morethought]

Yeah I was just thinking of like "VIP Access" folders where people can share their work etc, but not be able to go giving that same full level access out to other people. Thats what I thought a one-time full code would do. I only tested it on the offchance that I was wrong. I was lol. Still, it is useful to securely get a code to people, I just wish they would add that as an added tickbox option to prevent a person from distributing a code to other people to make sure that only the person who you gave the code can possibly access the folder via that original code. But make it optional, so you still can give someone you trust full access by using a one-time code for secure setup initially.

[Zbig]

I got your point, but it all boils down to not trusting someone with your data and granting him full read-write access to the very same data at the same time. You just don't have any chance to get this "right".

[Morethought]

It would just be nice to offer like a bonus full access to members of some thing and know that those people cannot go giving access to other people directly.

[qcbqoucq]

that would only give people a false sense of security. golden rule goes: once you gave somebody else access to your files, they can do with them whatever they like and you can't do much about that - period. so, you should only share your files with people you trust, technology can't do nothing for ya here.

it's funny; same sorts of proposals appear on dropbox forums on and on, no arguments help...

[Morethought]

that would only give people a false sense of security. golden rule goes: once you gave somebody else access to your files, they can do with them whatever they like and you can't do much about that - period. so, you should only share your files with people you trust, technology can't do nothing for ya here.

it's funny; same sorts of proposals appear on dropbox forums on and on, no arguments help...

I know this, I am talking more of a "If you are a member of this you get access to that" so you want people to have full access to fully participate and share their work etc but without the temptation to go giving other people direct access to do the same as themselves. I am not worried about the data, just that a person could give full access to other people at any time. Do you know what I mean?

[qcbqoucq]

yea, i know what you mean, but feature like this seems to me of more psychological than real value.

[Morethought]

I just figured it would be a nice addition, "You can take part but you cannot let other people take part" basically.