Publish a post about syncthing encryption

content/posts/syncthing_now_has_encrypted_servers/note.md

@@ -0,0 +1,28 @@
+X-Date: 2024-09-30T01:21:18Z
+X-Note-Id: bb503005-a70b-4b26-903d-2eb721b78b89
+Subject: SyncThing now has encrypted servers
+X-Slug: syncthing_now_has_encrypted_servers
+
+[SyncThing](https://syncthing.net/) is a file synchronization tool that allows you to sync
+stuff across your computers and mobile devices. It doesn't have a "cloud" component, and
+works peer-to-peer between devices you own.
+
+Overall, it works quite reliably except in cases where there is no device that is always on.
+In that case, if you change a file on two devices that were on and connected at non-intersecting
+intervals of time, you'd get a conflict.
+
+The way to solve this problem is to install an instance of SyncThing on a VPS. This will mean
+that the VPS always contains up-to-date data and solves as a tie-breaker. But as soon as
+you do this, your data will be available on the VPS's disk. If someone breaks into the VPS,
+they can steal your data. Because the VPS is exposed to the internet a lot more than your
+phone or desktop and runs on someone else's hardware, it has a higher risk of leaking data.
+
+Apparently now SyncThing has [suport for untrusted/encrypted devices](https://docs.syncthing.net/users/untrusted.html).
+In this mode, other instances will encrypt data when sending it to the untrusted device, and unencrypt on receipt.
+This removes the problem of the VPS leaking sensitive data. Even if someone breaks into it, all they see is files
+with what looks to them as random data, and with non-discernible names.
+
+There are alternative synchronization options like [NextCloud](https://nextcloud.com/) which also have
+end-to-end encryption, but most of them have a lot of functionality. And the more functionality there is -
+the easier it is to exploit. So if you don't specifically need what NextCloud provides, you'd be probably
+better off just using SyncThing.