Limit which user/device that can sync a folder

[g3blv]

Hi,

I'm using Resilio sync Free to sync folders across two computers/devices. How can I limit so only these two computers/devices can sync these folders? I am thinking of a scenario when someone else gets hold of the rw sync keys for the folders and would sync the folders to a third device. They would then be able to get and delete the content of folders. I would like to setup sync in such a way that it is only these two computers that are allowed to sync the folders no matter if someone else has the sync keys. And explicitly approve devices every time a new device tries to sync a folder. Is this possible to do in the free version?

[Moe]

Are you implying that you are using BitTorrent Sync Version 1.4 or lower? If so then there is no way of prohibiting other users of adding one of your shares if they know the key.

If you are using Resilio Sync however or BitTorrent Sync 2.0 or greater then you can add a share that is based on links and there the owner of the share (creator) has to manually permit other peers of adding this share to their Sync instance.

Does this answer your question?

[g3blv]

Hi,

I'm using Resilio sync 2.4.4. Links sounds like what I'm looking for. Can I limit a shared folder to only accept share through links and not regular share keys? Is it possible to have an encrypted folder using the links?

[RomanZ]

@g3blv As I understand, you ask questions in the context of "what if my key gets stolen". If yes, then:

• If you are using standard folders - then no, you cant limit to links only. Standard folder is key-based and at the end of day if (say) Eva gets the key, she can reach your content.
• If you are using advanced folders, it is not a key-based and only can be shared via links. So key can't be stolen and sharing folder thru link requires approval. Although, advanced folder is certificate-based and if someone manages to steal your certificate - it will still be able to get access to your data without any links or approvals. So, this way is more secure as you don't have an ability to transfer vital data (key) over non-secure channel.
• You can attempt to disable connection to tracker and LAN discovery, and pre-configure your 2 peers with predefined hosts. It requires a bit of networking skills and at least one public IP and control over your NAT to port forward. Although, this smells more like security-thru-obscurity as with this way your protection is just the fact that attacker does not know your public IP and Sync listening port.

[g3blv]

Thanks RomanZ. That is what I was looking for.