BitTorrent Remote Beta Privacy FAQ

I'm concerned that the BitTorrent Remote servers see and keep a record of all of my torrent activity. Why should I use a service that exposes my private information?

The BitTorrent Remote servers do not see the details of your torrent activity. If you add a torrent, for example, we know that a torrent was added, but not the torrent URL or infohash.
How is this so? BitTorrent Remote uses a cryptographic protocol called SRP, the Secure Remote Password protocol. SRP is an authentication and key-exchange protocol. In BitTorrent Remote, your web browser serves as the client and your BitTorrent client as the server. The BitTorrent Remote servers act only as a channel between the two.
When you log in to BitTorrent Remote, your browser uses JavaScript to authenticate to your client, without ever sending the password over the connection. As a byproduct of this authentication, SRP allows each side (browser and BitTorrent client) to independently arrive at the same value for a cryptographically-strong secret. This secret is then used as a session key to encrypt the body of the request (which contains the infohashes, URLS, etc.) using the AES encryption standard. This occurs entirely in your web browser, before the request is sent to BitTorrent Remote for proxying to your BitTorrent client.

SRP has two other features worth mentioning:

  1. An attacker or intermediary who has access to the entire SRP negotiation should gain no information which would enable him to recover the password. It is effectively a zero knowledge proof (http://en.wikipedia.org/wiki/Zero-knowledge_proof) to the server that the client has the password.
  2. SRP provides perfect forward secrecy: even if an adversary is able to somehow compromise your password, it will not allow the decryption of past sessions. If a session key is compromised, it will not allow an attacker to recover the password. http://en.wikipedia.org/wiki/Perfect_forward_secrecy

How can I be sure that what you say about BitTorrent Remote privacy is true?

The easiest way to check is to use a tool like Firebug. Observe the Ajax requests and note that each request and response body is hex-encoded ciphertext. If you set breakpoints in Firebug's JavaScript debugger, you can call the same encryption/decryption functions BitTorrent Remote does and recover the plaintext. This will confirm that we're sending regular BitTorrent WebAPI requests, subject to some modifications -- e.g. moving torrent infohashes and URLs out of the query string and into the request body -- in order to keep your data private.
You can also use a tool like Wireshark, but you won't be able to decrypt the bodies. You're also welcome to read the BitTorrent Remote JavaScript source to verify that it works as described.

I still don't trust BitTorrent Remote. I'm going to (not update/switch clients/use the regular WebUI).

We understand that BitTorrent Remote is not going to be a good fit for everyone. If you don't want to use it, just leave "Enable Remote Access" unchecked in your BitTorrent preferences and we won't send requests to the BitTorrent Remote servers. If you'd like to use the regular WebUI instead, do so. We plan to merge some of the BitTorrent Remote user interface improvements back into it so that our standalone WebUI users can also enjoy an improved BitTorrent Remote experience.
BitTorrent Remote is still in beta, so the details will continue to evolve. We've seen enough interest in the project and questions about privacy that we felt it was time to describe the general approach. We hope to help our users make an informed choice about their privacy by being transparent about our goals and making the preservation of our users' privacy a guiding design principle.