First PB

[kos13]

http://blog.bittorrent.com/2013/05/06/bittorrent-sync-crosses-one-petabyte-milestone/

We achieved quite a milestone, Sync synced more than 1PB of data. I would like to share this with you. With your help we managed to achieve that. I want to assure you that we continue to move fast, with some big announcement soon.

Thank you,

kos

[Automatic Coding]

Question:- EXACTLY what data do you receive from clients? So far, I've gathered:-

• SHA(Something) of secret
  
• Any files running through the relay
  
• Amount of data synced
  
• User's IP addresses and public ports.
  

[GreatMarko]

Question:- EXACTLY what data do you receive from clients?

Essentially, BitTorrent receive "some anonymized statistics, so we could better understand how Sync performs and used in the field. This is the only information we collect and use ... we don't have any access to any private information, just general statistics about app." (source)

[Automatic Coding]

Please see this thread

Technically, that's not all of it. That thread doesn't include three out of the four items I asked about, and, I'm sure I didn't think of all the excess information.

[kos13]

Question:- EXACTLY what data do you receive from clients? So far, I've gathered:-

• SHA(Something) of secret
  
• Any files running through the relay
  
• Amount of data synced
  
• User's IP addresses and public ports.
  

1. SHA2(Secret) on tracker, is used to connect peers. This information is not stored;

2. No

3. Yes, to understand usage of Sync.

4. IP address of client without any port information. We don't use it, but see it as a part of HTTP request.

[kos13]

This is information we collect

http://www.usyncapp.com/cfu.php?arch=x86_64&cl=BitTorrent%20Sync&direct=432129821&files=3567&folders=9&id=htRWdGwwER-daEraerE&pl=linux&relay=0&size=345675432&v=221122

It is not encrypted so you could see easily everything that we collect.

[Automatic Coding]

1. SHA2(Secret) on tracker, is used to connect peers. This information is not stored;

2. No

3. Yes, to understand usage of Sync.

4. IP address of client without any port information. We don't use it, but see it as a part of HTTP request.

I'm more questioning what you receive, more than what you store. What if you were hacked, or, you're just untruthful, it would be very easy to change "receiving" to "storing" (Open a file hook, write to file, close file. Three more lines of code?).

As for 2, yes. Apparently it's encrypted, but, still, with the SHA2($secret) you could easily do a mass bruteforce on all the secrets you receive from the tracker and just decrypt the majority that you manage to acquire the original.

[sergey@bt]

There are 3 points of contact with BitTorrent infrastructure: tracker, relay, check for update service (listed above HTTP request). If you don't use any of it - we will not get any information about you.

As for brute force - a lot of things in cryptography is based on a fact that there is no other way to decrypt data besides brute force attack (e.g. you can not recover private key from public). We believe 160 bit random secret is strong enough here.

[ojchase]

Data collection ethics aside, that's quite an accomplishment! This is looking promising!

[rpod83]

So I had a similar question and I am still unclear: can anyone (at BitTorrent Inc. or otherwise) see the filenames or metadata of the files being synced (without knowing the secret of cource)?

[RChadwick]

Quick question about the data path...

When I sync between two different devices, does the data go directly from device A to device B, or does it go from device A, to your servers, then to Device B?

In other words, is Bittorrent's servers an intermediary, or do they just act to facilitate the connection?

[GreatMarko]

In other words, is Bittorrent's servers an intermediary, or do they just act to facilitate the connection?

Depends if you're using the Relay and/or the Tracker options.

If using the Tracker, BitTorrent servers facilitate the connection.

If using the Relay, BitTorrent servers act as an intermediary.

[RChadwick]

Thanks for the response. That seems to make perfect sense, but I've looked all around the app (Both for the PC, and Android), and can't find any mention of either Relay, or Tracker. Is this something that can be controlled?

Also, do you think you'll be releasing the 'Server' program, that will facilitate or act as an intermediary? Some of use have static IP's, and/or domain names.

[GreatMarko]

Thanks for the response. That seems to make perfect sense, but I've looked all around the app (Both for the PC, and Android), and can't find any mention of either Relay, or Tracker. Is this something that can be controlled?

The Relay/Tracker options are per-folder settings.

In Windows, on the Folders tab of Sync, right click a folder and select "Show folder preferences". In the resulting dialog, click the "Properties" tab - you will find Relay/Tracker options there!

Also, do you think you'll be releasing the 'Server' program, that will facilitate or act as an intermediary? Some of use have static IP's, and/or domain names.

If you have static IP's/domain names, you can make use of the "Predefined hosts" options (also found on the "Properties" dialog described above)

[rekoil]

Maybe a better question - when using Tracker or Relay, do BT's servers see unencrypted file metadata or file content? If so, is any of this data stored or is it merely relayed?

[GreatMarko]

Maybe a better question - when using Tracker or Relay, do BT's servers see unencrypted file metadata or file content? If so, is any of this data stored or is it merely relayed?

 

@rekoil, this is a VERY old thread (11 months since the last post!), and I believe your question has already been answered in the responses above,

 

But to clarify; no, BT servers don't "see" or store your file contents.

 

This thread is now closed, given its age and its deviation from the original subject.