I don't trust anything released by BitTorrent. Sync was a huge let down and frankly I'm not going to waste my time on any more of their software after the ad/toolbar/bitcoin-mining infested installers they put out for uTorrent...
I don't trust a product which is closed source and closed protocol. It's ok to be closed source and closed protocol for a product which isn't focused on privacy, but for the product which is it's a showstopper.
Also, bittorrent did bait and switch with btsync, and had supplied utorrent with spyware. I just don't trust the company.
I totally agree with you that they are total scumbags. At the same time, I am amazed that they've been able to keep that company going for so long, probably close to 10 years. They've somehow stayed afloat and kept producing new products while so many other more worthy startups came and went that I can't help but give them some grudging respect. How do they stay alive?
Sync was great until it locked all my folders and demanded $39 to start working again. Their free tier makes it sound like you get 10 shares free but I think it actually turned out to be 10 folders including sub-folders within a share...
I think it actually turned out to be 10 folders including sub-folders within a share...
No. The documentation says it is 10 shares with any number of subfolders and that is also my experience - when the Pro trial expired, I could sync 10 shares with a large number of subfolders without any problems.
Of course, changing the number of shares from unlimited to 10 was a bait and switch move, and a scam because their website said that they wouldn't remove any functionality from the free version.
Also, it's very weird that they switched to a subscription model. You bring most of the infrastructure (bandwidth & disk space) and they bring mostly software (and some infrastructure). Why not just let people buy the software?!?
That's as dishonest as btsyncs statement, in it's own way.
Because it's closed source, we don't /know/ how secure btsync is. However, we do know that microsoft, google and dropbox will just hand your shit over if the US government asks.
Something is better than nothing. The only open source competitors in this space are owncloud, who /still/ won't let me upload to both a work and person cloud at the same time, and syncthing, which I have high hopes for but which currently has a workflow so bad I think I'd rather just use a thumb drive.
I've stuck with btsync 1.3.94, the version with the beautiful workflow, just before it went off the rails. It solves my need to avoid google/facebook etc. /Maybe/ it doesn't protect me from the US government, but that's still better than dropbox.
I think bleep's gonna struggle, because it requires me to get /other/ people to buy into my disquiet, which turns out to be really hard if my experiments with XMPP over skype tell me anything.
You know what I might actually pay for? A gateway to facebook/gtalk/skype. I'd be willing to pay $5 per month for a bleep-to-everything gateway, either from bittorrent or someone else. Half of bleeps value is simply in my not needing another account (e: I could say the same about btsync).
The problem is that there's no "something". All BitTorrent does is make a promise, and that is worth nothing. Thus, "something is better than nothing" doesn't apply.
Now if it were a verifiably half-assed solution, I'd agree with your statement.
They did let iSEC partners review their source code. So, it is not nothing.
But I agree that it would be far more trustable (and popular) if Bittorrent Sync were open source. And there is still a profit model with an open source BTSync: let people (who need it) get a tracker, relay server, and always-on (read-only encrypted) peer subscription.
Unfortunately, Syncthing only supports a subset of what Bittorrent Sync does:
- There is no tracker/relay server infrastructure. As a result, Syncthing doesn't work if two peers are behind a firewall/NAT without uPnP or manual port forwarding. The number of peers behind carrier-grade NAT is only growing (IPv6 migrations) and if you are often on the move (hotels, etc.) you have no control over the firewall.
- Syncthing does not support selective sync yet, let alone with the ease of BTSync where it is a Finder/Explorer extension.
- Syncthing does not support link-based sharing, which is handy if you quickly want to share something with family/colleagues.
- Syncthing is too hard to set up for most family/colleagues.
tl;dr Syncthing is great for synchronizing two machines on networks under your own control, but it is not a nearly-complete P2P replacement of Dropbox like Bittorrent Sync is.
Also they call it peer-to-peer (IIRC) and now it comes with an annual fee (how about, maybe a one time charge?). Also the software felt pretty complicated with the Pro update.
In the beginning it was all amazing. But we all know we can't have nice things.
Yeah I'm not sure what their target market is either.
Proprietary software is fine for a lot of things, but anything concerning security and privacy absolutely requires the additional transparency and scrutiny offered by open-source.
I guess they are planning to market it to people who are worried about privacy but not tech-savvy enough to be able to understand these fundamental deficiencies of proprietary software, but that just seems really unsavory to me... But then again this is the same company that tried to sneak crypto-mining software as a value added offer to their installers so I can't really say I'm surprised.
These concerns were amplified by the difficulty of auditing a closed-source product. Their argument that hashes are one-time secrets and not permanent keys is difficult to validate without access to the source.
Do you like Bittorrent?
Do you like Chatting with others?
Then You'll Love Bittorrent Bleep!
EDIT: I didn't say it was a good mindset. I just think Bittorrent is trying to leverage it's name into new markets, while alienating it's core users and promoters.
I am particularly annoyed by the name "Whisper" for the "25 seconds only" messages: It got me to read on because I thought they interfacing with WhisperSystem's protocol for TextSecure. Because, open protocols, federation and all that. Would have been nice, right?
Well, thumbs down for that.
Also, if you don't trust the other to not want to log your conversation, don't send sensitive stuff. But then again people do seem to like snapchat and thelike, so I shouldn't judge too much there maybe.
I guess it's a slight reassurance, for example if I want to send a password to someone I trust, I could do it with whisper knowing if someone picks up their phone in a weeks time it will be gone.
That screenshot protection thing is kind of dumb. As they show in their website, you take 2 screenshots and there you go, name and message.
You can say you make it harder to take screenshots but you cant promise a secure way to prevent people from saving the data you send them. That's unfeasible, its promotion of false security.
Apparently "all platforms" means Mac, Win, IOS and Android. Not to be snarky, but that's not even close to "all", even if we exclude esoteric ones with extremely few users.
Warning: This is going to sound mean. Feel free to skip it if mean words upset you.
They claim to support "all major platforms" then completely skimp out on Linux and BSD.
Bleep isn't open source.
They claim to provide privacy, and their testimonials read:
Software Engineering at it's finest. If you haven't read
the blog post on this app then you need too. Once you see
how it works your gonna want it. Most secure messaging
I've seen yet.
That's great, now show me the source code so I can decide whether or not it's the most secure messaging _I've_ seen yet.
Publish the git repository. Make it run on GNU/Linux and *BSD.
Or get the fuck out and stop making claims you cannot back up.
DDDD i t h TTTTT h i sss
D D ttttt ccc h T h s
D D i t c hhh T hhh i sss
D D i t c h h T h h i s
DDDD i tt ccc h h T h h i sss
BBBB U U L L SSSS H H I TTTTT !
B B U U L L S H H I T !
BBBB U U L L SSSS HHHH I T !
B B U U L L S H H I T
BBBB UUU LLLL LLLL SSSS H H I T !
I'm very intrigued by Bleep, I think that attempting to leverage the bitorrent protocol in a chat platform is a unique take, that I would like to see continue to evolve.
However, I think it's important that they open the source up for this project and even potentially offer the ability for me to install and run my own server. I think until they take those steps, it will be difficult for them to gain any kind of large following.
Run your own server? From my understanding there is no server involved. It is peer to peer and peers find each other by using DHT. It's closed source though, so you have to take their word on that.
My understanding is that you don't need a tracker when using the DHT. I'm not sure what the bootstrap method is to find the initial peers to start accessing the DHT, but once you've found one peer, it's easy enough to find more. Feel free to correct me.
Thats nonsense. The clueless torrent news sites like to boast that you dont need a tracker for dht, just a 'bootstrap node'. Whick is exactly a tracker.
Its one simple node which address is hardcoded in the clients. So, it is a tracker, just not a full bittorrent tracker.
In principle this is not a problem in a peer to peer network as long as there are peers. You simply store the message encrypted on enough peers that are in the swarm.
It seems though that they store the message on the sender's device until the peer becomes available:
There is no way to make a service that guarantees that messages are erased with current mobile technology that doesn't allow you to make another client that saves the message. Snapchat and the FTC had a conversation about this.
Another benefit is that it's P2P, which doesn't do much in terms of privacy (although Bleep's website claims that it does somehow...) but it can help with censorship - think Turkey, Iran bans of apps and services. I think even Brazil wanted to ban Whatsapp at some point.
I wouldn't consider it a top 5 priority right now, but I do hope OWS takes into consideration making Signal P2P as well in the future (perhaps with some new technologies that may appear or mature by then).
My own priorities for what I want to see in Signal/Textsecure next:
1) integrated Android app
2) desktop client (ideally web/browser-based, but if that's not too secure, I could live with a native app, too, maybe one that works only through Windows 10's store for the sandbox security and digital signing benefit, as well as for the new auth features)
Some things are highly valuable but just don't make sense to monetize. Bit Torrent is a great example of that.
BitTorrent Inc is evidently scrambling to find a way to monetize the core technology having raised money and promised investors it would do that.
They just laid off a %age of their staff, which indicates to me the end of the road might be nearing and Bleep maybe one of the last attempts they have to pull something off.
I love Bram, but IMHO Bit Torrent should return to being a true open source technology developed by the community.
They could potentially have sold BitTorent technology/software to companies that needs to move lots of data across multiple nodes. Instead most of them use libtorrent.
I don't think that makes sense. It is kind of like selling TCP/IP before the internet age ; network standards should be just that - an open standard that is open to all players.
One thing that is missing from the marketing copy: even if you accept a closed-source messenger and forget the whole uTorrent saga, what's the monetization model here? What costs can we expect in the future and where?
(The cynic in me thinks: Bleep 2 offers many new features, buy Bleep 2 Pro if you communicate with more than 10 contacts.)
What are the limits on implementing the bittorrent protocol? A open source sync alternative seems doable (even if I had to resort to port knocking or something), maybe build it on top of owncloud and get the best of both worlds?
Telegram should be avoided. They do weird things with their security and ignored criticism on it. The key verification requires checking an image, so you can't do it over the phone. Plus closed source, so you're very likely entirely depending on trusting Telegram.
Their response to using AES IGM? It's along the lines of "yeah this strange mode no one uses has issues but not in the way we use it so whatever. We've got math PhDs, so trust us."
I'm no expert, but I get a really bad feeling about them, since it's the totally wrong attitude to take.
I can't comment on the other arguments, but the client of Telegram is certainly FOSS [1]. Their service being open source is irrelevant, since you couldn't verify it anyway.
We don't know what the truth is. We know what we're being told though. And Kik is telling us that their messages aren't encrypted end to end, whilst bittorrent are telling us their messages are.
