The files are encrypted in transport (similar to https) with pretty good cryptographic primitives and much better than usual https authentication. What is not implemented yet is end-to-end encryption so that some computers only get AEAD (authenticated+encrypted) files, so that they can act as untrustworthy relays/servers.
How does Syncthing actually work and does it really work entirely without centralized servers?
How it works: please read the docs. By default it uses two kinds of centralized servers: discovery servers and relay servers. I’ll go into more detail below.
Is it definitely safe to use Syncthing from a security perspective and if so why?
Overall the security is rather tight, but as always it depends entirely on your usecase. From the way you are asking this question I assume that you are neither protecting nation state secrets like nuclear codes nor are you in charge of IT security at a billion dollar company which needs to protect itself against nation state level espionage.
In short: your files won’t ever touch another computer in an unencrypted state and the level of sophistication and funding needed to break it (access your files) is really high. What isn’t protected by default is the fact that some device on your IP using syncthing and who else you are sharing files with (their IPs). Your IP releals your general location (as in city name) to everyone and your complete identity to your ISP and (your countries and probably others) national security services .
It is definately not designed for settings where complete anonymity and untraceability is required. But for such extreme requirements you should use mixnets (and not onion routing as in TOR) anyways. However fulfilling these requirements would make Syncthing pretty much unusable for everybody else, because it would become really slow for several different reasons. But I won’t go into any more detail here, as that would require a ~20 page scientific essay.
For example: to make the setup and everyday use as easy as possible for the home user some people in the community provide relay servers (take a look at the documentation and http://relays.syncthing.net/), which make it possible to shuffle data between two devices which can’t make a connection e.g. because both are behind routers/firewalls forbidding incoming connections. There are also discovery servers, which enable such devices to “meet” and create direct and relayed connections in the first place.
If you want to maximise security (without going completely overboard) you should (roughly in this order):
-
Use file based encryption like ecryptfs (preferred, but works only on linux and maybe macs) or EncFS (not so great but afaik the only thing that reliably works cross-platform) on all your devices. This means even if someone were able to break the transport encryption or the authentication your files are still protected by a second layer of encryption. The strength of this is directly dependent on the strength of your password (I recommend at least 5 word long diceware passwords, 7/8 is much better and 10 is great).
-
Disable the anonymous usage reporting, relaying and global discovery. But then you have to make sure the routers of all involved devices are configured to let syncthing traffic trough AND you have to have fixed IPs or dynDNS addresses at which the devices can be reached on a regular basis. You also have to configure the addresses of all devices you want to connect to on each device (you might instead want to use one device as a server to setup your own relay and discovery server and use the introducer feature). The problem of not having fixed IPs can be avoided if you use VPN tunnels between your devices, which also adds another layer of transport encryption. Such VPNs however require either fixed IPs, dynDNS addresses or centralized infrastructure themselves. And the VPN will slow your connections down.
The most likely way of breaking syncthing security is by not actually breaking syncthing security. Sounds strange? It is, but let me explain:
The encryption and authentication are basically the strongest links in the chain between your computer and the other computers you want to sync files with. Your operating systems drivers, network stack and libraries as well as the firmware running in your network card however are much easier targets. That’s why it would be way easier to tunnel your connection e.g. by acting as a malicious discovery server which waits until you connect by chance. Then it’ll inject some specially crafted packets which create an error in one or more of the components mentioned above. This error can then be exploited to get complete control over your whole computer (and obviously also your files). If your files are encrypted as described above they can be read as soon as you mount them to access them yourself.
PS: nation state adversaries don’t need to pose as relay servers or discovery servers to do this kind of stuff