How Can Anyone Be Sure Of These Things?

[bigbrothergohome]

What prevents PRISM from simply snooping out every single "secret" it can and syncing it?

 

What mechanism actually makes the one-time secrets one-timey?  Are they used to encrypt the real, permanent secret?  What keeps _that_ transmission secure from PRISM?

 

BitTorrent's servers must contain, at least in memory if not in a database, every secret mapped to the IP of every client, at least of every currently connected client, in order to enable two clients not on the same LAN to find each other.  What keeps that data safe from PRISM?  Or from any hacker?  What safeguards exist for the probably-inevitable event that this database or memory dump is compromised?  Isn't it true that PRISM or a hacker collective who gains access to this master table will gain the ability to sync any and every synced folder?  Isn't it true that BitTorrent itself can, if it so chooses (or is compelled to by PRISM or other force), use this memory map or db to selectively download any file from any user?

[nils]

If you are concerned about the technology part of btsync, please read up on it http://www.bittorrent.com/sync/technology. I would like to direct your attention to Peer discovery -> Bittorrent tracker. A hash value of the secret is used for peer discovery, therefore the available information for the tracker would be restricted to IP+hash, not the secret itself. If you do not with to use relay,tracker and DHT, you are free to do so and you would then have to rely on predefined hosts and/or LAN only operation.