First PB


kos13
 Share

Recommended Posts

Question:- EXACTLY what data do you receive from clients?

Essentially, BitTorrent receive "some anonymized statistics, so we could better understand how Sync performs and used in the field. This is the only information we collect and use ... we don't have any access to any private information, just general statistics about app." (source)

Link to comment
Share on other sites

Question:- EXACTLY what data do you receive from clients? So far, I've gathered:-

  • SHA(Something) of secret
  • Any files running through the relay
  • Amount of data synced
  • User's IP addresses and public ports.

1. SHA2(Secret) on tracker, is used to connect peers. This information is not stored;

2. No

3. Yes, to understand usage of Sync.

4. IP address of client without any port information. We don't use it, but see it as a part of HTTP request.

Link to comment
Share on other sites

This is information we collect

http://www.usyncapp.com/cfu.php?arch=x86_64&cl=BitTorrent%20Sync&direct=432129821&files=3567&folders=9&id=htRWdGwwER-daEraerE&pl=linux&relay=0&size=345675432&v=221122

It is not encrypted so you could see easily everything that we collect.

Link to comment
Share on other sites

1. SHA2(Secret) on tracker, is used to connect peers. This information is not stored;

2. No

3. Yes, to understand usage of Sync.

4. IP address of client without any port information. We don't use it, but see it as a part of HTTP request.

I'm more questioning what you receive, more than what you store. What if you were hacked, or, you're just untruthful, it would be very easy to change "receiving" to "storing" (Open a file hook, write to file, close file. Three more lines of code?).

As for 2, yes. Apparently it's encrypted, but, still, with the SHA2($secret) you could easily do a mass bruteforce on all the secrets you receive from the tracker and just decrypt the majority that you manage to acquire the original.

Link to comment
Share on other sites

There are 3 points of contact with BitTorrent infrastructure: tracker, relay, check for update service (listed above HTTP request). If you don't use any of it - we will not get any information about you.

As for brute force - a lot of things in cryptography is based on a fact that there is no other way to decrypt data besides brute force attack (e.g. you can not recover private key from public). We believe 160 bit random secret is strong enough here.

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 months later...

Quick question about the data path...

When I sync between two different devices, does the data go directly from device A to device B, or does it go from device A, to your servers, then to Device B?

In other words, is Bittorrent's servers an intermediary, or do they just act to facilitate the connection?

Link to comment
Share on other sites

In other words, is Bittorrent's servers an intermediary, or do they just act to facilitate the connection?

Depends if you're using the Relay and/or the Tracker options.

If using the Tracker, BitTorrent servers facilitate the connection.

If using the Relay, BitTorrent servers act as an intermediary.

Link to comment
Share on other sites

Thanks for the response. That seems to make perfect sense, but I've looked all around the app (Both for the PC, and Android), and can't find any mention of either Relay, or Tracker. Is this something that can be controlled?

Also, do you think you'll be releasing the 'Server' program, that will facilitate or act as an intermediary? Some of use have static IP's, and/or domain names. :)

Link to comment
Share on other sites

Thanks for the response. That seems to make perfect sense, but I've looked all around the app (Both for the PC, and Android), and can't find any mention of either Relay, or Tracker. Is this something that can be controlled?

The Relay/Tracker options are per-folder settings.

In Windows, on the Folders tab of Sync, right click a folder and select "Show folder preferences". In the resulting dialog, click the "Properties" tab - you will find Relay/Tracker options there!

Also, do you think you'll be releasing the 'Server' program, that will facilitate or act as an intermediary? Some of use have static IP's, and/or domain names. :)

If you have static IP's/domain names, you can make use of the "Predefined hosts" options (also found on the "Properties" dialog described above)

Link to comment
Share on other sites

  • 10 months later...

Maybe a better question - when using Tracker or Relay, do BT's servers see unencrypted file metadata or file content? If so, is any of this data stored or is it merely relayed?

 

@rekoil, this is a VERY old thread (11 months since the last post!), and I believe your question has already been answered in the responses above,

 

But to clarify; no, BT servers don't "see" or store your file contents.

 

This thread is now closed, given its age and its deviation from the original subject.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share