Skip to main content

Bittorrent Sync is not FOSS

Bittorrent Sync has been getting a lot of press lately for being a really good file synchronisation solution. I was thinking about installing it on my systems today, to act as a secure, decentralised alternative to Dropbox. Then I had a sudden thought: "Wait, is Bittorrent Sync open source?".

Turns out no, it's not.

Well, crap.

It sounds like such a good system, and just because it's not FOSS doesn't mean it's not a really good piece of software, and as perfectly secure as it's possible to be these days. After all, Dropbox is closed and everyone (including me) trusts them to a certain extent (with non-critical stuff), though it doesn't exactly have the strongest reputation for security. The problem is that anyone who knows anything about computer security and cryptography also knows that a security solution that no-one else can inspect is a potentially insecure solution.

While I would probably never do any more than glance at the source code if it was open, I would feel much safer in the knowledge that people much more clued up than me about security had most likely pored over the code looking for bugs and security holes. I trust KeePass with my passwords because anyone can check the code to make sure it's not transmitting all my passwords to the NSA, GCHQ, GCSB, any other alphabet soup agency, Google, Facebook, or the Russian Mafia (to list just a few possible nefarious organisations). Likewise for the other open source software I use, I trust that there's enough people looking at the code that someone would raise a stink if something was awry.

Looking through the Bittorrent forums, this has all been debated to death. The BT Sync team have stated that they're considering the option of taking it open source. I hope they do. In the meantime, I figure I might as well go ahead and use it; the only files of mine that really require strong encryption is the aforementioned KeePass database, and that's already encrypted.

However, if I do ever find myself in a position where my life and liberty depend on secure communications, I won't be using anything that isn't open source.