Won't Use Getsync.com Link For Sharing

[JohnCentaur]

I'm using the latest version (1.4.35) of the BitTorrent client for iOS and it works well for syncing folders between my NAS and my phone. The only thing that is not acceptable for me is the new way of sharing my camera roll with my NAS. Therefor I'm forced to use a link to ...getsync.com... but I won't send my secret to someone else than my local network peer. Why than use a secret if this 'secret' is transferred to the internet?

 

Is there a way to get the secret without using this link?

[capi]

This is the old one-time secret wrapped in a link, its not the secret itself that is being transferred via the link.

[RomanZ]

@JohnCentaur

 

The link is not a secret. It is secure way to exchange secret. As @capi mentioned, Link only contains one-time secret, which is used to actually exchange secrets. Also, if you do not trust link.getsync.com you can replace https:// in link to btsync:// and paste it to the browser. Browser will open Sync without loading any pages (will work even with disabled internet). Please see here more about how links are working and why are they secure.

[JohnCentaur]

@RomanZ

 

Ok I think this make it more clear for me. I can't get it running up to know but I'm sure this is just a question of time. 

 

The old way for me was a little bit more intuitiv and more easy to use. I can't see a benefit in using this key exchange method but compared to directly transferring this information from one device to another. Especially if I use the sync just for my local devices. But I now understand better how it works.

 

So thanks for your quick answer.

 

Update:

 

It works well for folder synchronization between all my devices but I can't get the sync running between my QNAP NAS and the camera backup of my iOS client. The newest client is installed at all devices but it want synchronize either with my NAS nor with my Mac.

 

Do you have any further tips for me?

Edited September 11, 2014 by JohnCentaur

[RomanZ]

@JohnCentaur

 

Need more info about your case. Are you devices all in LAN or connected over internet? Do they "see" each other (display each other in peers list)?

[rstarkov]

I much preferred the old way of sharing a folder. It was so refreshingly obvious that no third parties needed to be involved. Not anymore.

 

It's no longer even possible to just add a folder by simply pasting a key. I *HAVE* to use a link in 1.4. Exchanging one-time keys was one of the best parts of it, and now you've gone and ripped it out completely.

 

It's especially annoying that by default, my one-time secrets end up being sent to your servers. The very same one-time secrets that would enable you to access my files. Now, I already have to trust you not to be evil, but this is altogether different, because the software itself does not need to be evil anymore; only the people on the other end of link.getsync.com.

[JohnCentaur]

@JohnCentaur

 

Need more info about your case. Are you devices all in LAN or connected over internet? Do they "see" each other (display each other in peers list)?

 

Yes the devices see each other and are all in the same local network. As I mentioned the synchronization of folders works fine also with the iOS client. 

 

The only thing I can't getting work is the synchronization between the camera roll of the iOS device and my QNAP NAS. I've tried it also with the BTSync client for Mac with the same result. The client can't find a device to connect to? As mentioned for folder sync it works fine.

I much preferred the old way of sharing a folder. It was so refreshingly obvious that no third parties needed to be involved. Not anymore.

 

It's no longer even possible to just add a folder by simply pasting a key. I *HAVE* to use a link in 1.4. Exchanging one-time keys was one of the best parts of it, and now you've gone and ripped it out completely.

 

It's especially annoying that by default, my one-time secrets end up being sent to your servers. The very same one-time secrets that would enable you to access my files. Now, I already have to trust you not to be evil, but this is altogether different, because the software itself does not need to be evil anymore; only the people on the other end of link.getsync.com.

 

I agree with you!

 

Maybe the new procedure is not more insecure than the old one but the old solution feels more trustworthy in my eyes. Just share a hash key between two or more devices and it works.

[shahar]

I much preferred the old way of sharing a folder. It was so refreshingly obvious that no third parties needed to be involved. Not anymore.

 

It's no longer even possible to just add a folder by simply pasting a key. I *HAVE* to use a link in 1.4. Exchanging one-time keys was one of the best parts of it, and now you've gone and ripped it out completely.

 

It's especially annoying that by default, my one-time secrets end up being sent to your servers. The very same one-time secrets that would enable you to access my files. Now, I already have to trust you not to be evil, but this is altogether different, because the software itself does not need to be evil anymore; only the people on the other end of link.getsync.com.

in 1.4. you can still use keys. it's under the general cog-options menu ("Enter a key"). Though, keep in mind that the link is much more secure (w/links you can set expiration, approval and/or usage limits). you can also paste the link into the key field ].

[rstarkov]

Ah cool, didn't realise there was still a way to paste a key directly. They sure did a good job of hiding it, because I looked and I couldn't find it.

[RomanZ]

@JohnCentaur

I've opened a support ticket for you. Please follow our support instructions to resolve the issue.

[alleoma]

The new key exchange procedure for IOS-based devices is a specific overcare for Apple users (who must have got used to be limited to only absolutely fool-proof settings to play with; hmmm, who are they deemed to be then?).

 

Proof: unlike on IOS, you can use an advanced setting "Use key" on Android versions of the Sync client, which gives you choice between sharing a link, or a key.

 

Hence, I've found a solution, or rather a workaround: send/copy the key link to an Android Sync client, using it to connect a Camera Backup folder to be synced there (you may pause syncing at once, as we're not going to sync here), and then re-share the key from the context settings of that folder (for Camera Backup it'll give a RO key only).

 

It worked for me like a charm. And now I'm happily watching syncing tens of gigabytes of pictures and movies from my iPhone to an external drive connected to my Linux box. Just had to add another section to the config file and approve the connection on the iPhone.

 

On security of these links: with respect to IOS client at least, and bearing in mind that there is no actual key encoded in the link (as indicated above), I think, sending such links over email or whatever in cleartext gives much more peace of mind. Especially considering that: (1) links are temporary (30 days or something); (2) links are limited to the maximum number of uses (not sure how is it to be controlled without some central accounting); and (3) the IOS client (sic!) asks your approval for every client connecting using a link or a key leaked as I've explained. That is, on IOS, the client guards your pictures well. Just don't approve, and you're more or less safe.

 

2Sync developers: given that a key generated on IOS can be leaked easily anyway, would you please add a "Use key" option to the IOS version as well?

Edited September 21, 2014 by alleoma

[RomanZ]

@alleoma

 

I suggest posting it to Feature Request forum as well.

[alleoma]

Added an associated Feature Request, as suggested: http://forum.bittorrent.com/topic/31843-add-use-key-advanced-setting-to-ios-client-as-on-android/