From cdc40c8f3c43f1776f2e0a5e6722147fbb667ac6 Mon Sep 17 00:00:00 2001 From: Konstantin Nazarov Date: Mon, 30 Sep 2024 02:44:52 +0100 Subject: [PATCH] Publish a post about syncthing encryption --- .../note.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 content/posts/syncthing_now_has_encrypted_servers/note.md diff --git a/content/posts/syncthing_now_has_encrypted_servers/note.md b/content/posts/syncthing_now_has_encrypted_servers/note.md new file mode 100644 index 0000000..034ea5f --- /dev/null +++ b/content/posts/syncthing_now_has_encrypted_servers/note.md @@ -0,0 +1,28 @@ +X-Date: 2024-09-30T01:21:18Z +X-Note-Id: bb503005-a70b-4b26-903d-2eb721b78b89 +Subject: SyncThing now has encrypted servers +X-Slug: syncthing_now_has_encrypted_servers + +[SyncThing](https://syncthing.net/) is a file synchronization tool that allows you to sync +stuff across your computers and mobile devices. It doesn't have a "cloud" component, and +works peer-to-peer between devices you own. + +Overall, it works quite reliably except in cases where there is no device that is always on. +In that case, if you change a file on two devices that were on and connected at non-intersecting +intervals of time, you'd get a conflict. + +The way to solve this problem is to install an instance of SyncThing on a VPS. This will mean +that the VPS always contains up-to-date data and solves as a tie-breaker. But as soon as +you do this, your data will be available on the VPS's disk. If someone breaks into the VPS, +they can steal your data. Because the VPS is exposed to the internet a lot more than your +phone or desktop and runs on someone else's hardware, it has a higher risk of leaking data. + +Apparently now SyncThing has [suport for untrusted/encrypted devices](https://docs.syncthing.net/users/untrusted.html). +In this mode, other instances will encrypt data when sending it to the untrusted device, and unencrypt on receipt. +This removes the problem of the VPS leaking sensitive data. Even if someone breaks into it, all they see is files +with what looks to them as random data, and with non-discernible names. + +There are alternative synchronization options like [NextCloud](https://nextcloud.com/) which also have +end-to-end encryption, but most of them have a lot of functionality. And the more functionality there is - +the easier it is to exploit. So if you don't specifically need what NextCloud provides, you'd be probably +better off just using SyncThing.