Creating a Secure, Inexpensive, Personal Sync Solution
Small Photo
Photo
As technology has evolved it has become increasingly commonplace for us as users of technology to expect our files to be where we are. With solutions like Dropbox.com, Google Drive, Box.com, OneDrive by Microsoft we are often allocated a moderate amount of space. Yet with recent revelations about surveillance and censorship by the NSA and others and the cost prohibitive nature of using these tools when larger volumes of storage are required I wondered if there wasn’t a solution that was 1.) Free and 2.) more secure. This led me to BitTorrent Sync. First, BitTorrent Sync is free, although not open source. It works on Windows, Mac, Linux, ARM, Intel, iOS, Android, and several others. It has both desktop and mobile based applications. You can even install it on a NAS device. 2. Your data is only stored on your devices. BitTorrent Sync makes the following security claims
“The system uses SRP for mutual authentication and for generating session keys that ensure Perfect Forward Secrecy. All traffic between devices is encrypted with AES-128 in counter mode, using a unique session key.The secret is a randomly generated 20-byte key. It is Base32-encoded in order to be readable by humans. BitTorrent Sync uses /dev/random (Mac, Linux) and the Crypto API (Windows) in order to produce a completely random string. This authentication approach is significantly stronger than a login/password combination used by other services.“
What BitTorrent Sync allows you as a user of data to do is to bypass the middleman on the internet as the image below illustrates. Much like traditional P2P technologies you are simply downloading files from other devices. However in the case of BitTorrent sync all the other devices are yours.
What I did to create a test case for this blog post was to use my Rasberry Pi and an attached External Drive to create a very low amp sync solution that runs on approximately ⅕ the wattage (Approximately 2 Watts) of a normal laptop computer at idle. This allows me to keep a low cost personal file sharing solution up and running at minimal cost. The entire cost of setting up this little device with the Raspberry Pi and an External drive was about $99 ($64 for the pi starter kit and $35 for a drive) giving me almost a terabyte of personally synced cloud space. I have been running a test of this system on 5 devices for about a month now and it has worked flawlessly.
BitTorrent Sync is an interesting alternative for NGOs and other organizations working under cost or security constraints. It should be noted that the devices on which the Sync is installed also need to keep up with their security as well to ensure that the broader ecosystem is not compromised. However, this problem is also faced by conventional sync solutions. As with any technological solution it is important to take into consideration your overall risk and make your corresponding decision in accordance with what types of risk you are willing to accept.
You can find out more about BitTorrent Sync Here
Topics