How to limit which folders are accessible on your phone in BitTorrent Sync

I love the idea of syncing files to the phone. But the Sync's 2.0 model is such that every linked device has the ability to pull every folder I have in my folder list. You no longer need to share each folder with every device specifically. This is great for convenience, but sucks for security, the classic trade-off.

The problem is that I have a dozen folders of varying level of sensitivity. Some contain accounting stuff for my company and personal notes. Some contain photos. There's an e-book folder and a folder with my phone's Titanium backups. Plus a bunch more. I only want the phone to have access to the e-books and Titanium backup folders. But by default, my phone is still authorized to pull the company accounting files and photo archives and everything else, even though I don't want my phone to have access to these (they are there to be synced to my laptop and another desktop).

The official procedure for a lost phone is this. It basically tells you to remove every folder and re-add to all the other devices. A major pain if you have tons of folders and devices.


Here's an easy work-around that can be used today. Instead of linking your phone to your main identity, create a new identity for it. Then make the trusted home desktop the owner of the folder, and share it with the phone in "Read & Write" mode.

That's it! This gains you two things: first, your phone can no longer sync every folder available to you, but only those folders which you specifically shared with your phone. Second, if you lose your phone, you simply Disconnect that peer (and never use that phone's identity again). That's it!

If you link the phone to your main identity then you can't disconnect it; that's just how this security model works. But if the phone uses a separate identity, you don't even have to recreate those folders that were shared with the phone. Disconnecting the peer is sufficient (or so I believe).

There's only one problem with this: if you paid for BTSync then only your main identity has the extra features. But so far this works fine for me; the phone is unlikely to exceed 10 shared folders, and I only need the (pay-for) "change peer access rights" feature on the main identity anyway.

There's got to be a better way?

I'm not sure. I think there's a good reason for why you basically have to recreate all your folders on a new identity if you lose your phone. A linked device has your identity's private key (or so I think), and there's no fix for "my private key has been stolen" other than "stop using it and create a new one".

One approach might be to derive a sub-identity from my main identity, so that it's still me, but with limited access rights. But this sounds pretty complicated, both in terms of code and also from the user's perspective. So... I'm not holding my breath for any better approaches than what I've described above.