If you've tried BitTorrent Sync, then you probably like it. Not only can BitTorrent Sync users sync files between devices on a local network, but also between devices online via \u201csecure distributed P2P technology\u201d without the pitfalls of the cloud like file size limits, third-party snoopers and painfully slow transfer speeds. Although it was designed to give users both security and privacy, an independent security analysis casts some doubts on if it truly provides either.Sync \u201cgets its speed from the BitTorrent protocol on which it was built\u201d and it is fast. In October, BitTorrent conducted a speed test to see how well Sync held up against major cloud storage companies. \u201cSync performed 8 times faster than Google Drive, 11 times faster than OneDrive and 16 times faster than Dropbox.\u201dIt\u2019s easy to setup and use; as of August 2014 there had been over 10 million user installs that resulted in 80 petabytes of data transferred. In fact, many folks are using network-attached storage (NAS) systems and BitTorrent Sync \u201cto create a secure, easy-to-manage private cloud that is free of subscription fees.\u201dOne of the reasons BitTorrent Sync is becoming increasingly popular even while it is in Beta is because it was \u201cbuilt for trust\u201d and to give the user \u201ccomplete control\u201d of their files. \u201cFiles are never duplicated on to third-party servers. Every connection is encrypted and secured against prying eyes.\u201d The tech specs add, \u201cSync was designed with privacy and security in mind.\u201dWhen Sync 1.4 Beta was released, Erik Pounds, Vice President of Product Management for BitTorrent Sync, wrote, \u201cPrivacy controls including Read-Only\/Read & Write options, link expirations and approval settings, which all let you customize the level of access you want to provide. Your peer list provides you a record of all the devices you\u2019ve shared with. Each peer becomes a sender also, helping sync files with new peers if and when your device is not online.Another big plus to using Sync is that if you don\u2019t store your digital stuff in the cloud, then the FBI cannot gag a cloud provider via a National Security Letter (NSL) and spy on all your data. Right? Maybe not so much, according to hackers who conducted a security and privacy analysis of the program.Because BitTorrent Sync is a closed-source program growing in popularity, a group of hackers at the last Hackito Ergo Sum security conference in Paris wanted to provide a neutral analysis of Sync\u2019s security and privacy. Their results are summed up in the photo below:A long write-up on the Hackito blog includes the attack surface and potential attack vectors as well as some alarming security and crypto pitfalls. An example from those purportedly includes the fact that Sync "infrastructure is dependent on other, maybe insecure, infrastructure and deployments. If Amazon gets hacked, security of whole BTsync architecture is compromised.\u201dAccording to Hackito Ergo Sum's TL;DL and conclusions:There is a "probable leak of all hashes to getsync.com and access for BitTorrent Inc to all shared data." The analysis portion added, "GetSync.com server receives many (all?) hashes in clear-text when sharing the directory; it is used to share links amongst people, even though the previous BTsync hash sharing mechanism was better for security."There was a change of Sync\u2019s sharing paradigm after the first releases that introduced a vulnerability, which \u201cmay be the result of NSL (National Security Letters, from US Government to businesses to pressure them in giving out the keys or introducing vulnerabilities to compromise previously secure systems) that could have been received by BitTorrent Inc and\/or developers.\u201d The hackers even included a handy-dandy diagram from the ACLU to explain how the FBI uses NSLs."Leak about the private network addresses of clients that gives indication about where and what to attack."There are "probable multiple vulnerabilities in the clients.""Bottom line: Do not use for sensitive data."BitTorrent Sync is working on a \u201cdetailed answer,\u201d but for now replied on the BitTorrent forum:Researcher hasn't found anything bad, besides few crashes on random test. What he found is that we officially saying from the day 1 of the Sync.PS. Wording of "Probable leak of all hashes to getsync.com and access for BitTorrent Inc to all shared data." is very close to "I almost hacked Microsoft today."PPS. There is nothing even close to "Bittorrent Inc has access to all your \u2018encrypted files\u2019."Keep an eye out for Sync's detailed response.