29 lines
1.8 KiB
Markdown
29 lines
1.8 KiB
Markdown
|
X-Date: 2024-09-30T01:21:18Z
|
||
|
X-Note-Id: bb503005-a70b-4b26-903d-2eb721b78b89
|
||
|
Subject: SyncThing now has encrypted servers
|
||
|
X-Slug: syncthing_now_has_encrypted_servers
|
||
|
|
||
|
[SyncThing](https://syncthing.net/) is a file synchronization tool that allows you to sync
|
||
|
stuff across your computers and mobile devices. It doesn't have a "cloud" component, and
|
||
|
works peer-to-peer between devices you own.
|
||
|
|
||
|
Overall, it works quite reliably except in cases where there is no device that is always on.
|
||
|
In that case, if you change a file on two devices that were on and connected at non-intersecting
|
||
|
intervals of time, you'd get a conflict.
|
||
|
|
||
|
The way to solve this problem is to install an instance of SyncThing on a VPS. This will mean
|
||
|
that the VPS always contains up-to-date data and solves as a tie-breaker. But as soon as
|
||
|
you do this, your data will be available on the VPS's disk. If someone breaks into the VPS,
|
||
|
they can steal your data. Because the VPS is exposed to the internet a lot more than your
|
||
|
phone or desktop and runs on someone else's hardware, it has a higher risk of leaking data.
|
||
|
|
||
|
Apparently now SyncThing has [suport for untrusted/encrypted devices](https://docs.syncthing.net/users/untrusted.html).
|
||
|
In this mode, other instances will encrypt data when sending it to the untrusted device, and unencrypt on receipt.
|
||
|
This removes the problem of the VPS leaking sensitive data. Even if someone breaks into it, all they see is files
|
||
|
with what looks to them as random data, and with non-discernible names.
|
||
|
|
||
|
There are alternative synchronization options like [NextCloud](https://nextcloud.com/) which also have
|
||
|
end-to-end encryption, but most of them have a lot of functionality. And the more functionality there is -
|
||
|
the easier it is to exploit. So if you don't specifically need what NextCloud provides, you'd be probably
|
||
|
better off just using SyncThing.
|