Is BTSync for me?

[pirateghost]

I know a lot of users were alienated by broken promises associated with folder limits the free version. They eventually walked that back, which took guts. I have never needed to sync more than 10 folders, so it didn't affect me in a practical sense, but it was an ugly situation.

As for encryption, we know they know how to do it, because they grew out of BitTorrent. I think the idea that they might not be doing it properly with BTSync is a bit silly.

I've been on and off with BTSync since version 1.2, and it's been a bumpy ride for sure. I tried every alternative I could find, including Syncthing, and ran with AeroFS for a while. In the end I came back to BTSync because it's the only thing that handles my use case properly (mostly idle, with occasional surges of many thousands of small files all being changed within a very short time interval) without choking, and with reasonable resource usage. It's been solid and reliable for me for over a year now, and it forms an important part of our workflow.

So yes, I feel a bit defensive about BTSync, but have no axe to grind against any alternative that works properly for others.

It's less about them not knowing how to encrypt (not sure how you think bit torrent is encrypted by nature), and more about "How much information do they really have on my personal data?".

 

[djdwosk97]

You think owncloud is insecure to put on the internet but some other service is? It's all an equal attack vector. You should read up a bit on security if you think one service is safer than the other.

The free version used to be limited to 10 folders...that's around the time I stopped using them because they screwed over the community that grew them into what they have become.

It was someone on this forum who strongly recommended against exposing the OwnCloud plugin to the internet due to security reasons.

If OwnCloud is just as secure as syncthing/plex/etc... then would something like this be possible, I don't know if Syncthing and OwnCloud would cause any conflicts (or if it's just generally a really bad idea to have multiple plugins accessing/manipulating the same data).

• Vol1
  • Pictures
  • Backups
    • Laptop
      • Documents
      • Downloads
      • etc...
    • Desktop
    • Other laptop

I'd want Pictures to be accessible via OwnCloud (for viewing/downloading images -- or maybe Plex?). I'd also like to be able to easily add a folder containing new pictures (without having to VPN/SSH in).

I'd want the backups dataset to be synced with my computer (with my computer being the master -- so any changes on my computer get synced), but then I'd also want the files in the backup (documents, downloads, etc...) to be accessible via OwnCloud.

 

[danb35]

You think owncloud is insecure to put on the internet but some other service is? It's all an equal attack vector.

No, Owncloud is fine to put on the Internet. The Owncloud plugin for FreeNAS may well not be (and I'm speaking second-hand on this, as I've not used or really looked at the plugin). One obvious issue with it is that it isn't configured for HTTPS, and can't easily be made so, since nginx has to be recompiled to give TLS support (which strikes me as a very poor choice by the nginx developers and/or the FreeBSD package maintainers, but they didn't ask me). No public-facing website should really be operating without HTTPS, and certainly nothing that's going to be handling sensitive data the way that Owncloud will.

And no, Owncloud compared to anything else isn't going to be the same attack vector, unless you mean something completely different than what I'm understanding. Any software (and, more to the point, software installation) has its own set of vulnerabilities, some known, most unknown. Owncloud's vulns will be different from BTSync's, or syncthing's, or whatever.

 

[djdwosk97]

And no, Owncloud compared to anything else isn't going to be the same attack vector, unless you mean something completely different than what I'm understanding. Any software (and, more to the point, software installation) has its own set of vulnerabilities, some known, most unknown. Owncloud's vulns will be different from BTSync's, or syncthing's, or whatever.

I assume he means that anything you expose will be "equally" vulnerable in their own way.

 

[Robert Trevellyan]

not sure how you think bit torrent is encrypted by nature

I didn't say that.

"How much information do they really have on my personal data?"

Seems like FUD to me.

 

[danb35]

I assume he means that anything you expose will be "equally" vulnerable in their own way.

If that's what he means, that doesn't make any sense either. All software installations have some vulns, but the number, extent, and severity of those vulns vary widely.

 

[djdwosk97]

If that's what he means, that doesn't make any sense either. All software installations have some vulns, but the number, extent, and severity of those vulns vary widely.

True, some software is less vulnerable than others, but anything that's exposed to the internet is vulnerable to attack, so it's just a question of if you're targeted and if a vulnerability is found before it's patched.

 

[pirateghost]

I assume he means that anything you expose will be "equally" vulnerable in their own way.

Yep

I didn't say that.

Seems like FUD to me.

Please explain how they have the metrics that they do...they can tell you how much data has been transferred through btsync. I've seen the reports in the past. Directly from btsync. Call it fud if you want, but I know what I've seen and they have done nothing to insure that they are protecting my data or my info.

If that's what he means, that doesn't make any sense either. All software installations have some vulns, but the number, extent, and severity of those vulns vary widely.

True, some software is less vulnerable than others, but anything that's exposed to the internet is vulnerable to attack, so it's just a question of if you're targeted and if a vulnerability is found before it's patched.

This.

 

[Jailer]

One obvious issue with it is that it isn't configured for HTTPS, and can't easily be made so, since nginx has to be recompiled to give TLS support

That's no longer true with FreeBSD 10.3. The base openssl and the nginx package support TLS encryption.

 

[Robert Trevellyan]

Please explain how they have the metrics that they do...they can tell you how much data has been transferred through btsync.

I don't see how the onus is on me to disprove your assertion. However, the information is readily available in summary form in this blog post:
https://blog.resilio.com/sync-security-and-privacy-brief-now-available/
And in more detail in the linked PDF:
https://www.resilio.com/docs/Resilio_Sync_Security_and_Privacy_Brief.pdf

 

[pirateghost]

I don't know what resilio is but that's not the same btsync I've used. Is it a whole new rewrite after their paid limitation debacle or what?

Again, I am sharing MY EXPERIENCE with BTSYNC and I've already stated they lost my trust a long time ago. If they changed their organization and their practices, then good on them, but they already lost me as a "customer". Syncthing works great and does exactly what I need. Until something happens to syncthing I have no reason to ever look at btsync again.

 

[danb35]

That's no longer true with FreeBSD 10.3. The base openssl and the nginx package support TLS encryption.

Ah, good to know. All the guides I'd seen have you recompiling nginx to get TLS support.

 

[Jailer]

Ah, good to know. All the guides I'd seen have you recompiling nginx to get TLS support.

That was true with 9.3 since the base openssl version (.98something) didn't support TLS and you had to recompile nginx to use the ports version that did. Not having to do that any more makes keeping jails up to date a lot easier.

 

[Robert Trevellyan]

I don't know what resilio is but that's not the same btsync I've used. Is it a whole new rewrite after their paid limitation debacle or what?

As I mentioned earlier, it's a rebranding of BTSync.

The statements in the blog post line up with their response to an earlier BTSync forum question about data that was being sent home.

Until something happens to syncthing I have no reason to ever look at btsync again.

I'm not trying to persuade you to use BTSync/Resilio Sync, just offering information for the benefit of readers.

 

[djdwosk97]

So....ummmm

Should I be concerned with exposing the plugin version of Syncthing/OwnCloud to the internet? Also, how secure is the plex plugin (i.e. should I be worried about putting pictures on it)? I'd really like to have everything of mine setup to be easily accessible without needing to VPN/SSH in like I do now (if I want to do anything other than watch videos), but I also am a bit paranoid about putting personal documents (and especially pictures) out there.

 

[pirateghost]

As I mentioned earlier, it's a rebranding of BTSync.

The statements in the blog post line up with their response to an earlier BTSync forum question about data that was being sent home.

I'm not trying to persuade you to use BTSync/Resilio Sync, just offering information for the benefit of readers.

You mentioned earlier that you thought I was just spreading fud but then link to a blog post responding to a query about what data they were phoning home...so obviously I'm not the only one to suggest that we have no idea what they have access to or how they protect it aside from their word.

There truly was an issue with data being phoned home with one of their previous 'brandings', which is where a lot of people got their distrust from, myself included. They had metrics on how many connections were in use and how much data was being synced. That's alarming that they know how much data people are syncing on their own local networks...