The µTorrent Remote servers do not see the details of your torrent activity. If you add a torrent, for example, we know that a torrent was added, but not the torrent URL or infohash.
How is this so? µTorrent Remote uses a cryptographic protocol called SRP, the Secure Remote Password protocol. SRP is an authentication and key-exchange protocol. In µTorrent Remote, your web browser serves as the client and your µTorrent client as the server. The µTorrent Remote servers act only as a channel between the two.
SRP has two other features worth mentioning:
We understand that µTorrent Remote is not going to be a good fit for everyone. If you don't want to use it, just leave "Enable Remote Access" unchecked in your µTorrent preferences and we won't send requests to the µTorrent Remote servers. If you'd like to use the regular WebUI instead, do so. We plan to merge some of the µTorrent Remote user interface improvements back into it so that our standalone WebUI users can also enjoy an improved µTorrent Remote experience.
µTorrent Remote is still in beta, so the details will continue to evolve. We've seen enough interest in the project and questions about privacy that we felt it was time to describe the general approach. We hope to help our users make an informed choice about their privacy by being transparent about our goals and making the preservation of our users' privacy a guiding design principle.