btsnewbie Posted December 4, 2014 Report Share Posted December 4, 2014 Hi Everyone, I downloaded the newest version of Beta. I like it, very easy to use,but found one major issue. I sent a link to an approved peer, they downloaded what they needed and I approved them. All good. However, in their interface they were able to share a read only version of my documents, without me knowing. They created a link, approved the person and the person was able to access the folder on another computer. I eventually found out because I noticed the peers went from 1 to 2 in the interface (it was just luck that I noticed this). My questions: I have looked everywhere and can't find anyway to stop this from happening. Did I miss something? With the new paid version, will I be able to lock this down to just one user? I don't remember having the same issue with the previous version of BTS (I used it a couple of times), as a key was sent to the person and they couldn't generate their own key for another person. Am I missing something or is this the new normal Thanks everyone, appreciate the help! Cheers Laurie Oh and I thought this forum was the right place for this, not Troubleshooting...but please let me know if I am wrong! Quote Link to comment Share on other sites More sharing options...
trevellyan Posted December 4, 2014 Report Share Posted December 4, 2014 Anyone with a valid key for a folder can share that key with someone else and thus grant the same (or less) access they have to that other person. It's been this way since I began using Sync, which was late 1.2.x if I remember correctly. Quote Link to comment Share on other sites More sharing options...
btsnewbie Posted December 4, 2014 Author Report Share Posted December 4, 2014 Thanks so much. I was going on memory, and I seem to remember the key was one use only (or one could set it that way)? This would have been version 1.3.109....was I incorrect? Quote Link to comment Share on other sites More sharing options...
RomanZ Posted December 5, 2014 Report Share Posted December 5, 2014 @btsnewbie The one-time secret in 1.2 and 1.3 was like a Link in 1.4. It served to safely deliver the key - that's it. At the end of day the client ends with either RO or RW key in 1.2-1.3. Managing access to your folders is planned in upcoming Sync Pro - see here and here for details. Quote Link to comment Share on other sites More sharing options...
btsnewbie Posted December 5, 2014 Author Report Share Posted December 5, 2014 Thanks RomanZ. I read those links, but still can't work out whether any more security will be added. I guess I don't get why the key can't lock things to one machine at least...in terms of allowing that folder only to be shared with people you give access to-which isn't the case now. Would be a great new feature! Quote Link to comment Share on other sites More sharing options...
piotrnik Posted December 5, 2014 Report Share Posted December 5, 2014 Unfortunately for your situation, until the pro version with more granular permissions, sync treats all peers as being on the same level - everyone with r/o is the same, and everyone with r/w is the same. Thus if you give r/w access to someone, they have all the same rights as you - in other words, they can also give the key (r/w or r/o) on to others, change any file, etc, just like you can. As the system works, they are now indistinguishable from you.If you give r/o access, the same concept applies, but on a lower level. They likewise have access to all the files, but changes made don't sync back to the r/w peers. Like the r/w peers can share either the r/o or r/w keys, the r/o peers can share the r/o key as desired (they can't share the r/w key because they don't know it). As mentioned by RomanZ, the link/one-time key/approval only serve to secure the transmission of the core r/o or r/w key; they have fulfilled their purpose once the new peer has access and have no further effect. Currently, the only way to revoke any access for unwanted peers is to change the folder key on all computers that you want to retain access. The peer with the old key will still have all the files they downloaded/synced (and connections with anyone still using the old key, such as by sharing the key on their side), but no new changes will sync with other peers on the new key. Pro will apparently add another level (the owner) on top of the r/o and r/w tiers, and they will have the ability to revoke access already granted (though it's not currently clear if only the owner has to be pro and the users can be free version, or if they all have to be pro; nor is it clear if revoking access will also come with an option to delete the data on the revoked peer). Hopefully this will help explain things a bit Quote Link to comment Share on other sites More sharing options...
btsnewbie Posted December 8, 2014 Author Report Share Posted December 8, 2014 Hi piotrnik, Thanks so much, that gave me a bit more to go on, appreciate it! Cheers Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.