Heavensrevenge Posted October 3, 2013 Report Share Posted October 3, 2013 I really do apologize for that and I hope I'm not banned but this really needs to be said again. The dev team really needs to stop being assholes and ignoring the need to release the specifics about this protocol and documentation regarding the protocol for this and now, eventually, BT-chat to show it is solid and really is a wonder of engineering.Yes your solutions work pretty darn good, but you are preventing your own growth by withholding such critical documentation and specifics about how this operates and if we can actually trust anything to these protocols. Until the documentation is published I can not vouch for BT-Sync anymore, you've waited too long for no reason, and IF your solution really is secure, well then prove it, and you'll have nothing more to prove than by showing your technical capability is as much as it seems to be. Being closed source doesn't help, without it you will never see it grow regardless of how well it works, sort of like driving down the road in a 1/2 built dune-buggy. Sure it works, but it feels HORRIBLE and is horrible to drive. So if your keeping it closed to keep everyone out of the secret of how bad your implementation is then fine, that's reasonable, but it still wont gain anyone's confidence to rely on you for real tasks. Until anything is published I will have to actively warn but also discourage the use of this and BT-Chat until you actually pull your act together and do the right thing. I will be hoping for it, and I will be eagerly awaiting the good news IF it ever comes. Sincerely,Eric Quote Link to comment Share on other sites More sharing options...
dmason Posted October 4, 2013 Report Share Posted October 4, 2013 I'm irritated that there isn't more information available. I won't get upset about it unless they offer the enterprise solution with the same information being absent. I can daydream about the project going to an open source license but with the enterprise beta signups I have reservations about that ever happening. Quote Link to comment Share on other sites More sharing options...
xmanz Posted October 4, 2013 Report Share Posted October 4, 2013 As every researcher will tell you, the most basic rule of cryptography definded by one of Kerckhoffs' principle is:NO SECURITY THROUGH OBSCURITYi.e. the security of the system should not be dependant on the secrecy of the emplyed algorithms, but only on the secrecy of the keys.Sadly, as it stands, i cannot ascertain whether or not this is the case for BTSync. Wherever this cannot be ascertained, one may assume one of two things a possibility as follow.hidden implementations point to weak, i.e. arbitrarily secure systems presence of "backdoors" A reminder on the basic levels of security by descending order of security:unconditionally secureconditionally securevery well reviewedbarely reviewedsecret You don't have to release it under Open Source, but at least make review possible! Quote Link to comment Share on other sites More sharing options...
Heavensrevenge Posted October 6, 2013 Author Report Share Posted October 6, 2013 It is a shame they haven't prioritized it, I'll be hopeful but won't hold my breath. I just hope I reminded these people instead of think we'll forget about it and just ignore their lack of documentation with our ignorance be their bliss. Quote Link to comment Share on other sites More sharing options...
dmason Posted October 8, 2013 Report Share Posted October 8, 2013 Hopefully being mentioned on last week's Security Now will get some more people aware of the importance of it all. FWIW communicating those things to the public is pretty darn important. Quote Link to comment Share on other sites More sharing options...
baz Posted October 8, 2013 Report Share Posted October 8, 2013 Honestly, I'd be happy if they even selected a group of security researchers to get an inside look at the way they have this setup. I personally don't have the time to sift through and analyze it myself. I imagine there are plenty of people out there like me who would be perfectly content if we saw security analysis from 4-5 reputable security experts. Steve Gibson is a great start, and he's already requested such a review. Why the hold up? It's starting to make things smell funny. Quote Link to comment Share on other sites More sharing options...
crash893 Posted October 9, 2013 Report Share Posted October 9, 2013 +1 Quote Link to comment Share on other sites More sharing options...
tommyent Posted October 10, 2013 Report Share Posted October 10, 2013 Yeah I'm not really understanding why they have yet to address this situation at all. I work with a few companies that keep asking but won't use it until something is released and I'm sure there is many more and then you have someone like Steve Gibson reach out to you because he's excited about the project and would give his seal of approval. Quote Link to comment Share on other sites More sharing options...
crash893 Posted October 10, 2013 Report Share Posted October 10, 2013 unfortunately Its been my experience that the Devs (or at least the devs that frequent this board) are not what you would call "people persons" I would hate to see something so cool die on the vine because they don't want to address the peasants. Quote Link to comment Share on other sites More sharing options...
crash893 Posted October 16, 2013 Report Share Posted October 16, 2013 13 days later....................... Quote Link to comment Share on other sites More sharing options...
tjarra Posted October 16, 2013 Report Share Posted October 16, 2013 Bittorrent Sync is great! Now practice what you preach Quote Link to comment Share on other sites More sharing options...
dmason Posted October 16, 2013 Report Share Posted October 16, 2013 Hopefully we'll get more than marketing with a 1.2.x release. They seem to be pretty hard at work on it. Quote Link to comment Share on other sites More sharing options...
Chymera Posted October 17, 2013 Report Share Posted October 17, 2013 Yep, +1 on this. There is way too little documenation on Btsync available. Tried to do a proper GNU/Linux package for this, but I ended up having to go windows-style and put everything in an /opt/ subdirectory because I just don't get how it works 0.o. Quote Link to comment Share on other sites More sharing options...
crash893 Posted October 17, 2013 Report Share Posted October 17, 2013 . Quote Link to comment Share on other sites More sharing options...
Shot2 Posted October 17, 2013 Report Share Posted October 17, 2013 Hopefully we'll get more than marketing with a 1.2.x release. They seem to be pretty hard at work on it.What are they busy with, that's the question of the superbanco. They might as well have spent 15 days working hand-in-hand with their legal team and the NSA on how to implement a backdoor, fwiw. (just kiddin' ) Quote Link to comment Share on other sites More sharing options...
crash893 Posted October 18, 2013 Report Share Posted October 18, 2013 Im sure they are very busy but even a simple "Hey details are due out on 1/1/2014" or "when we release 1.2 we will give you details". How long does it take to write back and at least acknowledge the question Quote Link to comment Share on other sites More sharing options...
joebush Posted October 18, 2013 Report Share Posted October 18, 2013 The devs don't have any authorization to release any information about the protocol behind this product. It's fully up to the company to make that decision. This product is also still experimental. The client as well as the protocol are still being developed, so it would make no sense to release any information. I'm all for full disclosure of the protocol, and preferably open sourcing the client as well. And after this project is launched as a consumer product, I will be equally disappointed if this isn't done. But until it's ready, all we can do is test the software. Quote Link to comment Share on other sites More sharing options...
btusername Posted October 19, 2013 Report Share Posted October 19, 2013 +1couldnt say it any better myself. I cant recommend this product to anyone until the security claims are validated Quote Link to comment Share on other sites More sharing options...
pankid Posted November 1, 2013 Report Share Posted November 1, 2013 I have been wanting to impliment btsync at my work, but I am not really comfortable doing so because of the lack of information. Quote Link to comment Share on other sites More sharing options...
Killa Posted November 2, 2013 Report Share Posted November 2, 2013 It is understandable that the dev team is unwilling to release the source code, as there is a company behind BTsync, trying to keep an advantage over the competition. We will consequently never have certainty that there is no NSA backdoor. Still a "whitepaper" giving some insights on the way keys and encryption are managed might help trusting BTSync a little bit more. Quote Link to comment Share on other sites More sharing options...
Joselito Posted November 2, 2013 Report Share Posted November 2, 2013 It seems to be quite clear that the protocol is not going to be opened. This means btsync is dead since its security can never be verified and trusted (Snowdons docs about NSA eavesdropping, backdooring and weakening security means nothing closed will ever be trusted again). And do you trust a tracker on the internet that controls access to your devices ??? Fortunatelly there are people working on alternative and open protocols: https://github.com/jewel/clearskies is still early but looks good.Maybe clearskies will not really take off but other will since there is interest for this kind of stuff.So please stop asking/begging. Use your feet Quote Link to comment Share on other sites More sharing options...
Harold Feit Posted November 3, 2013 Report Share Posted November 3, 2013 It seems to be quite clear that the protocol is not going to be opened.Based on what exactly? Quote Link to comment Share on other sites More sharing options...
Joselito Posted November 3, 2013 Report Share Posted November 3, 2013 Cool. I've not been around the forums for a while, so i probably missed a post.So you're confirming/stating that the protocol is stable and will be made public ? Quote Link to comment Share on other sites More sharing options...
Harold Feit Posted November 4, 2013 Report Share Posted November 4, 2013 It's not stable yet, but there is the intention to make it public when it is. Quote Link to comment Share on other sites More sharing options...
dmason Posted November 4, 2013 Report Share Posted November 4, 2013 It's not stable yet, but there is the intention to make it public when it is. That's great news! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.