Resilio always puts your security first – that’s why we made Sync even safer than it was before. Instead of using keys like its 1.4-predecessor, Sync 2.x makes use of the X.509 digital certificate, which ensures that such operations as adding peers, sharing folders, revoking access to folders, etc are done in a secure way. SSL is used to provide security for peer data exchange over the network.
Here are some of the key security and privacy properties of Sync:
* Sync only transfers data by establishing a direct connection between peers you select. This allows data to exist at rest exclusively on private infrastructure.
* Sync keeps ALL your data private. Other solutions may keep your files private, but store login, usage, and access information on public servers.
* Sync uses cryptographic security instead of a password-based system, and all your data is AES-128 encrypted in transit.
* Sync uses X.509 digital certificates for mutual authentication and validation of file modification requests.
* Insecure, but easy-to-use tools (like email) can be used to securely sync folders with Sync.
* Each device has full control over how it communicates with other peers and services can be limited to increase privacy.
* Resilio collects usage statistics from Sync to help us improve the product. This information is sent in the clear so you know what we are gathering.
Resilio Sync is a cloudless solution, which means that your files are stored only on your devices and not on any third-party servers than can be hacked.
Only those who you give links to your share can access the files. You can see who's trying to connect and approve or disapprove of this connection if you set up security precautions on sharing dialog. Others will not be able to get your files, provided, of course, the devices themselves are protected with a fair level of security (at least password protected) and are not left in public unattended.
Reading: What if a device is stolen?
Resilio Sync team cannot see your files. However, there are several points of contact with Resilio Inc. infrastructure:
Tracker - This service allows for peers to find each other under normal network conditions. Once peers learn each other's address, they try to connect to each other directly. Peers communicate their IP addresses and listening ports to the tracker, together with a share's ID. Peers know the share's ID from the share's link. So a random device won't know your address unless it has the same shareID communicated to the tracker.
Relay Server - If the peers cannot establish a direct connection due to a Firewall or NAT rule, the Relay server can be used to connect peers. Files are not stored there and are passed over encrypted.
Check for Update - This service lets the client know if it has the current version and will update if the client is set for auto-updates and the update itself allows for auto-update.
Link landing page - When someone clicks a link to get a folder or a license, Sync provides a link landing page to ensure the user has a chance to install Sync if they don't already have it, and to seamlessly pass the link to their Sync client if it is already running. Our server counts the number of links and licenses that are clicked, but we use the anchor tag (#) mechanism in the link so that our server never sees your unique folder identification information.
License Purchase server - When you purchase and upgrade Sync Pro license, you give us your email address. We only use this email to administer your Pro account. See our Privacy Policy.
All of these options can be turned off while using Sync – either in share preferences or in power user settings. If you don't use any of these, we will not get any information about you.