BitTorrent Sync Reviewed by Third Party Security Firm

BitTorrent has a long history of putting the end user in control and we place privacy at a premium. This is our core mission and fundamental to creating a sustainable Internet.

Sync was born out of this philosophy and started as an idea: can we move data between devices without the need for the cloud? What resulted was an application that works faster and is more private than any alternative available.

Building Sync using a decentralized architecture solves most of the problems that face cloud based services. It doesn’t remove the individual responsibility for following security procedures at the local level. But it does eliminate the honeypot that passing data through the cloud creates; a tempting target for hackers and government agencies alike.

To ensure we are in turn held to the highest standards, we have strict processes in place to provide us wide cover in identifying and resolving any potential weaknesses in the system. Our formula includes rigorous testing of the product, formal channels for user feedback and community testing, and critically, submitting to rigorous review by third party professional security auditors. Prior to the release of Sync 1.4 for instance, iSEC partners had reviewed Sync’s security architecture, as noted below.

We take security and user privacy very seriously at BitTorrent. By design we don’t capture or store any user data on our infrastructure. Further, we have no way to gain access to user data or personal information. We believe that only way to promise users that their data is secure, is to not have any user data. We never see it, we never store it, and we can’t access it.

From the very first Sync Alpha we have relied on community testers to identify issues and we will continue to do so. We value responsible reporting of bugs and security-related feedback as it helps improve Sync and enables us to offer the best possible product.

When questions are raised, we will always work to address them as best we can and with transparency. Recently there have been some public assertions made questioning the integrity of Sync’s security. Though the community who made these assertions have made it clear they were not offering a professional assessment, we took it seriously and did a thorough review of the claims. Fortunately much of it was speculative, in part owing to a lack of understanding of how the technology functions. We have addressed their major points here. And while we believe their effort was well intentioned, much of their assertions could have easily been addressed by visiting our Help Center and/or by contacting us directly on that same page.

This is an ongoing effort for us, and the involvement of third-party security professionals will continue to be a core part of Sync’s development. And for the community at large, we continue to welcome responsible discussions on security and privacy.

BitTorrent Sync iSEC