BitTorrent Sync

Once upon a time, there was a great product called BitTorrent Sync. It allowed you to sync files between your devices — computers, phones and tablets; Windows, Mac and Linux, iOS and Android. It was released as a free preview in 2013. It wasn’t open source, but developers said:

Never say never :) We still consider this option.

The software used strong end-to-end encryption, so your files couldn’t be snooped on in transit or grabbed from a central server. Because it used peer discovery and peer-to-peer file transfer, it was often far faster — instead of uploading my data to the Internet and downloading it again, it just transferred it across my local network.

BitTorrent Sync basically did what many people used Dropbox for, without all the shortcomings and without supporting a company that employs pro-surveillance politicians.

Some hackers made noises about possible security issues, but BitTorrent responded appropriately.

And so many people started to use btsync, including me. It was slick — they put in the extra effort to make the user interface easy to deal with, and the Android app was very efficient with battery power. You could set up as many folders as you liked on as many systems as you liked, to keep your data synced however you wanted. As BitTorrent put it:

Beauty of real p2p solution, in opposed to marketed p2p solution (you name the company that claims they have p2p), is that we can’t control it. If tomorrow we want to charge you $100 for 10Kb transferred, will stop everything related to the app or will try to force you not to use the SyncApp, we just physically can’t achieve that.

SyncApp will work tomorrow exactly like it works today, no matter what we will do. And it will work exactly like today even 10 years from now, of course, if we will have computers in future :)

They released an API. People started to build secure messaging services on top of it. NAS devices were going to support it.

Sync 1.4 cleaned up the UI, adding easy options to share files with friends by sending them a URL which would give them instructions on installing and using Sync.

Everything looked great. And then earlier this month, BitTorrent totally screwed the pooch with their launch of BitTorrent Sync 2.0.

Suddenly there was license management DRM, and users had to register with BitTorrent to use the product and be assigned a unique identifier for license tracking. And suddenly the free version of sync was arbitrarily crippled to only support 10 sync folders. If you wanted the capabilities of version 1.4, you had to pay. And to add to the insult, it was a subscription — $40 a year per person for the software.

BitTorrent argued that their new terms were very reasonable:

Since Sync’s distributed technology bypasses the cloud, it means we do not have to invest in building big data centers to hold tons of servers and storage. This allows us to deliver a Pro version of Sync that’s very competitive on price.

Yes, $40 a year is pretty competitive compared to DropBox Pro at $99 a year — except DropBox Pro actually provides you with 1TB of storage and dedicated bandwidth for sharing, whereas with BitTorrent Sync you have to provide all your own storage and bandwidth. SpiderOak has encryption support and will let you share files with as many people as you like, not just up to 10. Google and Microsoft will give you 15GB of cloud storage for free, or 100GB for $24 a year, and of course you can share files with as many people as you like with those services too. And then there’s the fact that anyone with an Office license gets a free terabyte of OneDrive storage, and anyone with a ChromeBook gets a terabyte of Google Drive. If you want a flashy desktop sync client, there are products like Insync which you can buy once and use indefinitely.

But besides the issue of uncompetitive pricing, the (often highly technical) early adopters of BitTorrent Sync understood that BitTorrent’s only ongoing cost is maintaining a peer discovery server, which only needs a hundred or so bytes of bandwidth per user device each time there’s a change of IP address. So you were really paying a $40 a year subscription just for the software. And the arbitrary 10 sync folder limit really ticked people off.

The BitTorrent forums were soon filled with angry posts. Most people seemed to feel that $40 as a one-time fee would have been reasonable. Personally, I’m even willing to pay for rental software — it just has to be rental price, a few dollars. I pay to rent games on PSN and Steam for $10 or less, I pay the small annual fee for WhatsApp, I’ve paid for Evernote Pro, and LastPass Premium for $12 a year is reasonable too. But with BitTorrent Sync, there was a combination of sticker shock and anger at being lied to. Developer interest died.

I waited a while to see if BitTorrent would do a hurried U-turn, but they didn’t. So this weekend I spent some time migrating all my file syncing from BitTorrent Sync to Syncthing.

The Syncthing phone app‘s user interface currently leaves quite a lot to be desired, and it’s not always good about keeping the display updated with the state of what’s happening behind the scenes. The browser-based desktop app is better, but it still has a few rough edges. But the thing is, I don’t need my file sync app to be pretty — in fact, ideally I never have to look at it once I’ve set it up. That initial setup is a bit more fiddly with Syncthing — you have to assign unique names to each share, and then map those names to folders on each system. Sharing with other users doesn’t have the slick UI of btsync either. But once you get past the UI, everything else is better with Syncthing.

For starters, Syncthing is half the size of BitTorrent Sync on my phone:


It also uses around half as much memory, on desktop as well as mobile. That’s a plus because I keep not getting around to maxing out the RAM on my home server, and on private servers you have to pay more if you want abundant RAM.

Functionally, everything I need is there. I have one-way sync of photos from my phone, and two-way sync of documents, all via IPv6 so it works even when I’m out of the house. Syncthing will compress data in transit to save mobile bandwidth, and so far it looks as if its battery requirements when idling are minimal. The laptops and server are set up to keep N days of old versions of files, in case I delete something I didn’t mean to.

Unlike with BitTorrent Sync, Syncthing gives you the option of running your own host discovery server, or specifying internal IP addresses for hosts. This means Syncthing is more usable in a commercial environment. Best of all, Syncthing is open source. The protocol is documented (and based on standards like TLS). Security experts can check it, and I might have a go at assisting with improvements.

So, if you liked the idea of BitTorrent Sync, I suggest trying Syncthing. And If you’re someone I convinced to try BitTorrent Sync, then I’m sorry — I’ve seen enough examples of companies breaking promises and playing ‘bait and switch’ with early adopters that I really should have known better.

US vs UK

A US court has ruled that authorities cannot force people to incriminate themselves by divulging their encryption passwords.

This is in marked contrast to the UK, where the Regulation of Investigatory Powers Act (RIPA) makes it a crime to decline to hand over all your incriminating files if the police demand it. If the case doesn’t involve national security, you can be put in jail for two years. If it does, five years.

Of course, the authorities would only use that power if absolutely necessary to fight terrorism, right? Well, the first person to fall afoul of section III of RIPA was an animal rights protester. She claims she didn’t have any encrypted files.

Got any old encrypted e-mails for which you no longer have the key? The RIPA has no limit, they can demand keys for files years old. Lost or forgotten the key? Someone sent you something encrypted with the wrong key? Off to jail you go.

Great political U-turns #94

I was writing the other day about how politicians who are in opposition will speak out against something they agree with because they feel they have to, because it’s their job as the opposition; once they get into power, they’ll make a 180 degree turn and do the exact thing they denounced. Therefore the only way to predict a politician’s actual behavior is to examine his past voting record when in power, and completely ignore anything said when campaigning. Case in point:

There is a concern that the Internet could be used to commit crimes and that advanced encryption could disguise such activity. However, we do not provide the government with phone jacks outside our homes for unlimited wiretaps. Why, then, should we grant government the Orwellian capability to listen at will and in real time to our communications across the Web?

The protections of the Fourth Amendment are clear. The right to protection from unlawful searches is an indivisible American value. Two hundred years of court decisions have stood in defense of this fundamental right. The state’s interest in effective crime-fighting should never vitiate the citizens’ Bill of Rights. […]

The administration’s interest in all e-mail is a wholly unhealthy precedent, especially given this administration’s track record on FBI files and IRS snooping. Every medium by which people communicate can be subject to exploitation by those with illegal intentions. Nevertheless, this is no reason to hand Big Brother the keys to unlock our e-mail diaries, open our ATM records, read our medical records, or translate our international communications.

—John Ashcroft, October 1997.