Open Thinkering


Moving on from SpiderOak Hive to BTSync

BitTorrent Sync

TL;DR: I’m now using a combination of BitTorrent Sync and Dropbox for my file sync and storage requirements. I use the former for private stuff and with the latter I just assume that everything in there is publicly-accessible.

Last month I wrote a post entitled Why I’m saying goodbye to Dropbox and hello to SpiderOak Hive. I learned so much in the 48 hours following its publication.

First of all, because the post hit the front page of Hacker News, this blog was overwhelmed with traffic. Whereas I get anywhere between 200 and 1,000 visits per day, on that I got more than 15,000 in just a few hours. It would have been more but I hadn’t configured my web hosting properly and so the server went down. That’s something I’ve sorted out, using the Quick Cache plugin for WordPress and signing up for the free version of Cloudflare.

Second, the comments I received on the HN thread and the blog post itself were eye opening. I’d assumed that SpiderOak’s commitment to encrypting my files using a password only I knew kept me safe. It turns out that’s not the case:

If SpiderOak had been compromised by the US government forcing them to install a backdoor, they would be forbidden by law from telling anyone about this. They would not be allowed to remove the clauses from their service description that claim no-one is able to decrypt your data.

This is the special risk of dealing with US-based companies. They can be forced to install decryption backdoors or hand over their users’ data while continuing to tell the users they are unable to do so. So you must assume no US-based service is truly secure.


I went down deep, dark holes investigating other options that I’ll not discuss here. What woke me up, though, was a couple of things. One person said to me something along the lines of:

Is the NSA a credible threat against you and your family?

To which I had to reply that while I feel uncomfortable about it all… no, they’re not. Their suggestion, therefore, was that political and social pressure to reform the NSA was probably better than trying to outgun a well-funded government body that has the force of law on their side.

Although there were some suggestions of some niche products, the most common suggestions were that I either encrypt my files before syncing with Dropbox, or that I use BitTorrent Sync. I’d already been experimenting with BTSync, so in the end I’ve decided to go with that. Having to unmount drives to ensure they’re synced with Dropbox in an encrypted state is an annoyance and something that I’m likely to forget to do.

So I’ve cancelled my SpiderOak account. They were really good about it, actually. And instead I’m syncing private files (like family photos, documents pertaining to money, sensitive information, etc.)  between my laptop, HP MicroServer and kitchen PC. Anything I’m likely to want to share with others and which is fine being in the public domain goes in my free 18GB Dropbox.

It’s working pretty well so far, especially now BTSync has both Android and iOS clients. 🙂

6 thoughts on “Moving on from SpiderOak Hive to BTSync

  1. Did you consider owncloud, and what were your reasons not to go in that direction? Just asking because I’m working with it and feel comfortable.

    1. I have got an installation of OwnCloud, but have found it temperamental. However, these things are always improving so maybe I should revisit. 🙂

  2. This is a “double comment”, since I first commented on SpiderOak post, however this is more of the right place for it:

    Syncthing definitely deserves a mention: It’s peer to peer syncing, open source, so no costs, no limits, no hidden backdoors. I use Dropbox for public collaborations, because that’s what other tend to have. For all private mirroring / cross-device usage – syncthing is it. If you’re running Linux, be sure to get the inotify-addon for FS-event based instant syncing – no poll-scan delays…

  3. Some security concerns have been raised about BT Sync

    At least Bittorrent Inc seem to be engaging with the concerns, which is more than most ‘secure’ software vendors do. Though as some commentators pointed out the initial response amounted to little more than ‘trust us’

Leave a Reply

Your email address will not be published. Required fields are marked *