BitTorrent Talks Encryption, Improved Linux Support For Sync 2.3
Subject: General Tech | February 2, 2016 - 05:11 PM | Tim Verry
Tagged: file syncing, encryption, bittorrent sync, bittorrent
BitTorrent continues to support its file sharing and syncing application with the recent release of Sync 2.3.1. The 2.3.x update contains a number of bug fixes for stability, but the important news is the added support for encrypted folders and finally allowing selective file syncing on Linux systems. Additionally, the company put out a short brief on the information they collect and how they are securing your files synced by Sync which is available as a PDF.
Sync 2.3 allows Windows users to run Sync as a service and Android users can move data to and from an SD card from within the app so long as they are running at least Android 5.0 or newer. Linux users also get a bit of love with support for selective file syncing (where you can choose which specific files to download locally and which to keep on the remote peers) though it appears that BitTorrent has limited this feature to its paid Sync Pro tier which is in line with other platforms. According to BitTorrent Inc. among the performance and bug fixes, the biggest UI change is a redesigned process for adding new folders.
On the security and privacy front, BitTorrent claims that it employs several security measures to keep your data safe. First though, the company allegedly only collects benign data including the program version, add folder errors, the amount of data transferred (directly and via relay server), number of peers, and share link and tracker statistics as well as few more things you can see in the brief linked above. All the data that they collect is reportedly sent in the clear so that users can verify what they are collecting on them.
To secure your files, BitTorrent uses SSL and AES-128 encryption to transfer files. In the case of Advanced folders, it generates a X.509 certificate (each folder is given it's own certificate) using a certificate authority and then uses a certificate chain to control user access and file modification permissions as well as a mechanism to revoke access. In the case of encrypted folders, Sync generates storage and session keys with the session keys complying with perfect forwards secrecy standards such that future session keys being cracked does not compromise past sessions. When using the encrypted folders option (which is useful when using a VPS as an off-site backup or to any machine that you do not fully own and control for that matter), data from your local machines is encrypted before being sent to the remote machine using AES 128 bit encryption (I wish they had gone with at least AES-256, but it's something). The data is then sent over SSL. Thus, the data on the remote machine is never in an unencrypted state which is a good thing for having a secure off-site backup. The encrypted folder can still be used as part of the mesh to speed up syncing among your machines, as well, while remaining secure.
I think the encrypted folders are a good addition to Sync, though the encryption bit-ness could be improved (a weak VPS' processor doesn't need to decrypt the data anyway so CPU time needed for the beefier algorithm should not matter...). In past coverage users have mentioned issues when syncing folders that they encrypted themselves before adding to Sync where the data could get corrupted when the peers became confused on changes made and what to sync. Hopefully this will help avoid that though they do still need to work on fixing user chosen pre-sync encryption. I am still using Sync to backup my photos and sync documents between my laptop and desktop and it works well for that sans the storage limits imposed by One Drive (and the uncertainty of my once-promised 25GB of free storage).
What do you think of the changes, and is their security good enough?