I looked at BTSync the other day when researching self-hosted Dropbox alternatives. It looks like a great product and so far beats the pants off the closest competitor, Seafile, for ease of install and use. I was really impressed.
But unfortunately it's not open source, so it comes down to an issue of trust--which, in the end, is the same issue with Dropbox and really the entire point of moving to self-hosted for me.
Do you trust BitTorrent to properly encrypt your data as they promise? To not send it to someone else on the sly? Etc. etc. I acknowledge the possibility of funny business is remote at best but it's one of those "on principle" things for me.
(Yes you could use another layer like Encfs or something before putting it in your BTSync/Dropbox folder but that's a pain and not really the point.)
I fully agree with that. Trusting crypto in a closed-source product is something I'm not comfortable with. That said, I'm using btsync just for syncing unimportant files across clients within my local network and it's working really great.
How hard would an open source equivalent of BTSync be to create? This isn't advocacy; it's just a literal question. In a world where everyone uses multiple devices to access his or her "stuff", it seems as though something as fundamental as secure file sync'ing is going to become fundamental infrastructure in which an open source solution would be strongly preferred. How likely it is to happen soon would depend on how hard it is to do.
"Do you trust BitTorrent to properly encrypt your data as they promise? To not send it to someone else on the sly?"
I've currently got BTSync dealing with a bunch of "non-private" data, and EncFS (and BoxCryptor on OS X) encrypting the more private data I'm syncing with BTSync.
I'm still "trusting" the BTSync app not to mess with my machine(s) in unexpected ways - but I have to trust every application I run to do that, Photoshop or Firefox are just as capable of "sending my data so someone else on the sly".
One thing I'm realy liking about the BTSync/EncFS setup is that I can have machines I consider "less trustworthy" to sync/store EncFS encrypted data without having EncFS/BoxCryptor installed or needing the keys. I'm happy enough for a spare machine at work, where other people might have physical access to it, to store EncFS encrypted blobs for me. I'm confident enough that's secured against pretty much everything up to federal law enforcement or nation state level snooping.
I'm confident enough that's secured against pretty much everything up to federal law enforcement or nation state level snooping.
Could you please elaborate what you mean by that? As far as I know, it is not possible to "crack" EncFS or Truecrypt as long as you use reasonably strong password and are able to protect it. Or am I wrong?
What _I_ meant by that (and keep in mind my answer might not be based on the same circumstances/juristiction/type-of-encrypted-data as you) - is that I'm reasonably sure my employers, family members, office-mates, cleaning staff - and even state and local police, will not have access to my data unless I choose to give it to them. At the same time I'm under no impression that federal level law enforcement can manipulate things so I don't really have any choice about whether to hand over my keys (I'm _reasonably_ sure that at least local and state law enforcement where I live are unlikely to use "rubber hose cryptography" to extract my passphrase). And I don't know for sure, but I strongly suspect that various three letter agencies or "nation states" probably do have the resources needed to brute force any password/phrase I'm using (including 25+ character random upper/lower/digit/symbol ones I let 1Password generate, or perhaps they'd just brute force the 6 word mis-spelled 1Password master passphrase).
Ah, thanks for explanation. Also thanks for introducing me to the phrase "rubber hose cryptography", I didn't know that.
It is probably good to keep in mind what you said. All passwords are only as good as your ability to keep them for yourself.
Also remember that if someone (feds) would had physical access to your computer while encrypted data is mounted, then the password doesn't matter. Even if you manage to turn off the computer, they could still decrypt the keys by "cold boot attack"[1] within minutes after shutdown. Actually anybody can do that easily. [2]
For normal-purpose encryption that this thread is about, it would be too much hassle, but if I had something I would want to really encrypt and be sure nobody would get to it, then:
1. I would use multiple layers of encryption with the possibility to decrypt one layer in multiple ways (plausible deniability)
2. Would not rely on password only, but also use some external key/token, maybe something like this: https://www.crypto-stick.com/
3. Make the access to data quickly destroyable if I choose so. Several options come to my mind. E.g. make the key/token easily destroyable for me. Other option would be to physically destroy the media where data is stored. These would render the data inaccessible if I choose so. I would of course lose the data.
You could argue that trusting two different entities for encryption and storage is safer than trusting a single entity for both. Two unrelated parties are "unlikely to collude" against you.
Of course I'd rather not have to trust either, especially with encryption. Is there an open source equivalent to BoxCryptor?
BoxCryptor interacts just fine with EncFS on Linux (I don't know if its a reimplementation or just a nice Mac OS X gui wrapper round the EncFS code), and EncFS is GPL.
Note that EncFS "leaks" quite a bit of metadata - you might have problems explaining yourself if you've got files called blockbuster-movie.mpg or kiddie-porn.jpg - in certain configurations those filenames will be exposed (I think BoxCryptor always exposes filenames/directory-structure in the free version).
Note how the company knows how much was synced as reported in the article, although it is unclear exactly what was measured (original file sizes, data transferred, tracker statistics etc). With true privacy the BitTorrent company would have no clue what actually happened.
Would accessing your files using a shared POSIX compatible filesystem that's stored in your own S3 bucket be a possible alternative to self-hosting? With everything encrypted using the NaCl crypto library and stored directly on Amazon S3 with no middleman?
I wanted exactly that and built ObjectiveFS. You can try the free preview at https://objectivefs.com
I'd say it could be troubling for dropbox. It's probably game over for https://aerofs.com though unless AeroFS drastically changes/pivots.
For dropbox, they do have some advantages. Bittorrent brings up thoughts of piracy. Dropbox doesn't have that reputation and would be much more acceptable in corporate environments. Additionally, Dropbox has integration with a lot of apps and I don't see that happening with BT Sync anytime soon. Web access to your files, versioning, etc.
Advantages of BTSync? Free. No limits. Files not stored on 3rd party servers. It's fast. Transferring large files with Dropbox is painful. BTSync is just getting started.
Why would this be game over for AeroFS? Yes, BT Sync is direct competition, but I've used AeroFS for over two years now, since their early alphas and AeroFS works almost flawlessly for P2P sync. It also has S3 sync for their team server which works very well. AeroFS is free for everything BT Sync does, it's only when you get into features that BT Sync doesn't handle at all that you would need to pay for AeroFS. I think AeroFS could work on their marketing and software UX, but so could BT Sync.
AeroFS's showstopper for me was no support for 32bit machines - my largest collection of storage is an old Mac Mini with half a dozen large usb drives plugged in, but AeroFS wont run on it. (and the single core Mac Mini can't be upgraded to a version of OS X that'll run 64bit java).
Even AeroFS has Dropbox's handicap of 'you have to put everything in one folder' or mess around with symlinks. It ought to have been a little improvised at least.
1. A service with the word "torrent" in it will never be adopted by a corporate entity. (edit: "typical" corporation. Technology companies don't count)
2. You may be overestimating how much the average person cares about file storage size, 3rd party servers, or transferring large files.
A service with the word "torrent" in it will never be adopted by a corporate entity
Absolutely not true. Eg: I know film theaters use private Bittorrent networks to distribute the multi-GB master copies of their films to cinemas (yes, they have hardware DRM etc where you need a unique code to be able to play, but they have no problem using the best tool for the job).
@1. You might have missed how many game companies distribute the patches nowadays.
@2. Indeed. To find broader adoption by private users it MUST be click and go. But I don't see a reason why BTSynch can't achieve that in the short term even.
1. True, but game companies are still in the tech-friendly sector. For an average manager at OfficeCorp, a torrent is some illegal website you download stuff from.
2. It could, but BT isn't built around the idea of dead simplicity, like DropBox is. Perceived branding does matter.
If I was aspera or filesociety, I'd be rather worried.
I'm planning on using this to sync terrorbytes between london and LA. Why should I pay the ridiculous cost of a thinly wrapped rsync over UDP when I can have it for free? (the latency between the two means that the maximum throughput on tcp based protocols get about 2-3 megs a second tops)
I will be testing the throughput of torrentsync. Currently it appears to be painfully single threaded (it looks to be python)
A corporate entity is simply a registered company. I have several corporate entities, which I would describe as "typical" corporations. I would have no strong feelings one way or another about using such a service.
You might be thinking about a publicly listed company, which is far from a typical company.
It seems to me that Dropbox is becoming complacent. They still only offer 2 GB of storage for their free plan.
Someone else here commented about using Bittorrent to sync their music library, since the 2 GB that Dropbox offers would probably be too little space. But now there are new Dropbox-like services offering MUCH more space. The largest that I've seen so far is Copy.com, which offers 15 GB for free or 20 GB free if you sign up through a referral link (in case you want to try it out: https://copy.com?r=odoDlI).
Dropbox has name recognition, but how long can they get by on that when competitors offer 10x more space?
Just as Copy.com offers more space with referrals, so does Dropbox. With my student account and referrals, I jumped up to about 20GB. They also do pretty well with other bonuses (e.g. new HTC phone netted me an additional 23GB for two years).
I consider "sync" to only be a feature of Dropbox. Its the absolute best way to get files into their cloud storage platform (as compared to something like uploading files manually via a web portal).
But I think the value of Dropbox is in their cloud storage platform itself. It is the platform that is responsible for integration into a bevy of mobile apps, backup, and many other useful tools.
In my opinion, BitTorrent is a feature that doesn't offer the value of a platform. This feature is super awesome for a select use-case (maybe moving my media library across all of my home devices), but its no Dropbox killer. Its not a full platform at its current state.
It has a massive problem which Dropbox solves: the need for both computers to be on at the same time.
I have a laptop. I have a desktop. They are almost never on at the same time. With Dropbox this is _fine_ - the files go from one to the cloud, and then to the other when it's turned on.
With BTSync, this would mean that my files would never sync.
Exactly, this is the big issue that is never mentioned in the Forbes article nor the BT Sync docs. Maybe it's obvious in hindsight, but since they're comparing it to Dropbox and all...
However with the daemon running on a Linode instance or something like that, I suppose that's no longer a problem.
The same that distributed VCS systems liberated development from a single point of failure, this protocol allows any computer to become responsible of acting as "the always-on server". Now you can use a Dropbox-like thing paying someone else to do something much simpler: run an application to provide the service. Whoever provides the service can even offer redundant service very easily.
I solved this problem with a $35 raspberrypi and a 2TB external USB disk that I tucked away in a closet at home. It takes very little power so I can leave it on all the time. The btsync command line version for ARM has worked well for me so far.
true, but it is very unlikely event, to loose all of them at the same time, esp if n>2 and they aren't at the same location (e.g. 1 office, 1 home, 1 in transit)
theoretically, that could be solved by plugin to aerofs or btsync that would use freely available cloud storage at dropbox/skydrive/gdrive/etc to store diffs between you laptop and desktop during your commute or weekend. now, we need such plugin written.
Why does Sync deserve a security audit and Dropbox not? If anything I'd say Dropbox is the more risky, what with storing all your files on their own servers.
How does this article share both of these statements?:
"BitTorrent Sync Is A Dropbox Killer, Or Maybe Much More Than That"
"Maybe Sync is not an out-and-out DropBox killer, but it does look likely to broaden the scope of what we understand by file storage and change what customers expect from file storage services"
So is it, or isn't it?
Praise to the BitTorrent folks in any event. I've been using Sync for a few weeks now and I've been pleased with its performance thus far. I'm debating whether I want to shut off Dropbox, but Dropbox still has several great features, versioning in particular.
The article's author cleverly avoids the shame of Betteridge's Law by simply leaving off the question mark, but alas the result is the same. And in that you find your answer.
Hilarious article. "there is no need to route through the cloud which can slow things down" wtf, no editorial oversight of tech material at Forbes? The rest is shit too.
When you put a file into a Dropbox-synced folder/directory, Dropbox first syncs the file to their cloud storage in AWS. Once that sync is completed, Dropbox starts to sync to other devices. If you want to sync a large file, you must wait for the cloud sync to complete before it will start to copy it to other devices, which could take longer than copying with a flash drive.
I assumed that was the meaning behind the statement you selected.
I think it has to complete the cloud sync first before it syncs across the local network. It will take advantage of the LAN, but not as immediately as you'd like.
I didn't read the article but my first thoughts on seeing the headline on HN were "Linkbait!... Wait, why is a Forbes article being promoted on HN?"
I do not get it nowadays. Such articles from Forbes and other sites are mindlessly promoted over here and they don't follow any HN guidelines! Just there to get traffic and increase page views.
Although I didn't read the article, having just assumed it was shit based on the title and publication, "routing through the cloud" does slow things down with Dropbox, often dramatically.
I have gigabit fiber at home, and a 100Mbps link at work. BTSync syncs at about 5MB/sec which is close to real world SFTP speeds between those locations.
Dropbox sync speeds are on the order of a few hundred KB/sec, and sometimes an abysmal 50KB/sec. That's to the Dropbox cloud, and then it takes even longer to actually sync out from the Dropbox cloud to the other location.
One thing I've wanted to do is access files remotely without downloading them (streaming/virtual drives, etc). Do any of these services allow that (BTsync, dropbox, aeroFS), or am I forced to download files before accessing them?
Can you discuss how you may be better then they are? I am actually a bit unhappy with them, as I occasionally have strange behavior where a file refuses to upload, or the cache sometimes quits updating. However, my version is a few years old, so perhaps they fixed these issues. I have thought of buying their new version, but I am open to hearing why I should switch.
I think it is an all around better product. No need to tweak settings to make it work. It's generally faster, licenses are cross platform, we support more protocols. It's less expensive. We care :)
Checkout Bitcasa [https://www.bitcasa.com/]. If I understand you correctly it does what you want. Their website is frustratingly scarce on technical details but I've tried it and it works as they describe it.
So I understand that data transfer is not done via online services, but can BitTorrent Sync be used entirely locally?
For example, I have a desktop at home, one at work, and my laptop.
I would love to have my music collection available all the time on my work desktop, but I don't want to waste the bandwidth at the office.
My ideal use case would be that while I am at home, my laptop and home desktop sync across the LAN, when I get to work, my laptop and office desktop sync.
You want to control the topology of your own network? Not really.
BitTorrent Sync allows for LAN syncing, yes. When a direct connection between hosts is not possible, it will use a third-party server as first a matchmaking server for NAT hole punching. If that fails, it will route all sync traffic through the third party server acting as a relay. (These third parties are controlled by the BitTorrent Sync developers)
You may need to have some way of killing the btsync daemon on your home machine if you want to sync directly from your laptop to your office machine.
Any clue why their previous undertaking, btapp.js, disappeared into oblivion? Aren't the apps listed on http://torque.bittorrent.com/labs/ incredibly useful? (They forgot about Linux, so I didn't even have a chance to run these things)
I would love to see something like this that allows you to serve a website on localhost to specific people. The browser control could be embedded so you could control how resources are loaded (through torrent instead of normal URL).
You'd still have to open up ports on any firewall you're running, and there's no user access control, but it's a quick way to serve up a directory over a LAN.
Although this may be a little blunt, I don't see how a company that caters to media theft is going to compete with Dropbox. Although Dropbox intentionally lets people register many accounts to they can do more or less the same thing. (Ever know someone with 20 dropbox accounts?)
This is the 800 lb gorilla in the cloud storage room. Providers like Dropbox, Box, SkyDrive, GDrive dont want to be cast in the light of Megaupload or BitTorrent, lest their business come under scrutiny. Hence they keep their data caps fairly low so you can't store a DVD on their service.
I dont use torrent software because Im not interesting in illegal content. I dont think regardless of their traffic stats BTSync is going to matter much to mainstream users.
I pay for dropbox for dedicated storage. it will be there. How long until the first stories of people not being able to get their files back out of BT Sync.
Also they don't talk about the hidden cost, that I assume you have to use a lot more of your HD to store other people's stuff and a load of your bandwidth.
Remember this system works by using all the clients as the server farm. And for that kind of system you need more redundancy than normal, so you're probably paying many X gb in harddrive space what you are storing on it. Want to store 10gb on it? got 30 or 40gb to spare? if not, stick with trusty reliable no hidden costs dropbox
That's what I thought it was, too, at first glance. It would be some gnarly math to figure out how to make the storage reliable, since clients could arbitrarily connect and disconnect at any time (carrying a portion of your data with it). I suppose it would be an algorithm similar to RAID, except that there would be an algorithm that would detect damage, such as not enough backups online for a certain time, and the risk the data would no longer be available, and then in response create another RAID node.
Bandwidth could be an issue, too. Maybe clients could get bandwidth and storage karma, if they accept a lot of data from other users and a lot of changes to that data.
Interesting idea, anyway.
Edit: maybe you could even sell your processing power for karma, too. And maybe even extract that karma to sell/trade/give to others.
But unfortunately it's not open source, so it comes down to an issue of trust--which, in the end, is the same issue with Dropbox and really the entire point of moving to self-hosted for me.
Do you trust BitTorrent to properly encrypt your data as they promise? To not send it to someone else on the sly? Etc. etc. I acknowledge the possibility of funny business is remote at best but it's one of those "on principle" things for me.
(Yes you could use another layer like Encfs or something before putting it in your BTSync/Dropbox folder but that's a pain and not really the point.)