Bittorrent Sync, a secure DropBox alternative

The company I work for recently had the requirement to securely exchange files between several computers, some on site, several others off site. This data consisted in part of sensitive data which is covered by the German Bundesdatenschutzgesetz. Somebody suggested using DropBox because it is so simple to use. I had to deny this request because DropBox stores the data "in the cloud" and we have no control where. Also, the data would not have been backup-ed.

One option would have been to use DropBox with e.g. BoxCryptor encryption but that was too complex to set up (for some mostly computer illiterate people). This also assumes I had to trust the company who produces this, but if that’s a problem, why should I trust Microsoft? (In fact, I don’t trust them, but I don’t have a choice.)

After looking into several alternatives (Strato’s HiDrive is not an alternative in my book), I found BitTorrent Sync (Edit 2021-06-25: Nowadays it’s called Resilio File Sync). This is a simple to install program which uses the BitTorrent protocol through an encrypted connection to synchronize files between several computers. Setup is as easy as DropBox or other file sync software. It features also the option to not only sync one folder but several. It comes in variants for Windows 32/64 bit, Linux, FreeBSD, Max OSX, Android and iOS.

When installed on Windows it can be configured to automatically start and then sit in the icon tray doing its job without getting into your hair. It just works.

BitTorrentSync

The Linux version comes with a simple web server for configuring the folders to sync and some settings. To sync with other computers all you have to do is transmit a “secret” which is a long string of characters. If you want to sync with mobile devices, it can also generate a QR code which you can then scan with the mobile app on that device (No, I am not going to show you a screenshot 😉 ).

There is only one drawback in my opinion: By default there is no central place to store the files. If a new computer wants to join into the folder sharing, one of the existing ones must be on line for the synchronization to work. (With DropBox the cloud storage is always available.). I worked around this issue by installing the Linux application on our server which is always available. This has the positive side effect, that the shared folders are automatically included in the daily backups. (If you don’t have a server there is also the option to install it on a Raspberry Pi which is connected to the Internet.)

Of course there is the trust issue again. Do I trust BitTorrent Labs? They could of course add a back door to their software which, despite claiming otherwise copied all shared files to a central server somewhere. The source code is not available, so there is no way to actually be sure. Do I trust them? Do I have a choice? Is there any alternative? I found none.

Update: As of 2015-04-08 I no longer use (and defintely don’t recommend) BitTorrentSync. There is an in my opinion better free and open source alternative called SyncThing.