Deleting files from a node before removing it

I have the following scenario.

I have a desktop at home, a desktop at work, a laptop and a phone. I want to sync various folders with various machines but not everything is to be on all the machines. I am thinking of using my home desktop as a “server” as it’s almost always on.

What I would like to do is to be able to erase everything on the laptop if it ever gets stolen or lost. I am willing to install syncthing as a service so it’s always running. Same with the phone. If the phone is stolen I want to wipe all the synced data.

Is this possible?

No

1 Like

You might want to buy Apple products ;-}

Look into disk encryption.

1 Like

Audrius,

If the laptop is stolen and the OP deletes all the files in that sync directory at his desktop, the deletion will propagate to the stolen laptop if the laptop comes back on the network. Isn’t that what the OP wanted? Could you help others understand your “no” response?

I can’t speak for Audrius, but it’s just a bad idea overall. Yes, if you do remove the data from your shared folder and rescan, and the devices connect, Syncthing will start to delete data. However if anyone actually cares about the data on your device, they will not login to your user account (with which password) and allow the device to connect to the internet (e.g. almost any phone vendor has services to locate lost devices). Syncthing is not meant to do this and even if it was, it would be totally inadequate at it. If you don’t want your data to be readable when stolen, encrypt it - period. Do not use Syncthing as any kind of theft-protection!

Quite the contrary, if your device was stolen, you’ll have to ensure that you remove that device asap from all your Syncthing instances. Syncthing is designed on trust between connected devices, and a stolen device is obviously no longer trustworthy.

3 Likes

Simon, the OP didn’t ask if it was a good idea or adequate or if there were better ideas, but rather if it was possible. As you said, “Syncthing will start to delete data,” which seems to indicate Audrius should have answered, “Yes” or “Yes, but it’s a bad idea.”

Also, you don’t have to remove a device if you don’t want to. Remember, the OP proposed to delete everything in the sync-directory at his desktop. I guess a bad-guy could put things into the sync directory if they wanted to sync malicious files to you, but the OP would notice that if it happened. If that happened, then I would choose to delete the device link.

I have accidentally done to myself what the OP proposed, so it is clearly possible, which is what the OP asked. I think that the OP’s proposal would work so long as the bad guy didn’t notice Syncthing running in the background and I think that’s why the OP proposed to run it as a service.

Nonetheless a “Yes” from a maintainer will be taken as an endorsement on the record. :slight_smile:

4 Likes

Perhaps this could be a feature request.

When I remove a computer from the sync list syncthing (optionally) should remove all the files synced to it before it removes it.

Syncthing is decentralised, so others being able to force your device to things seems wrong. This also could also be used maliciously, so I don’t think this fits into syncthing.

2 Likes

No.

That’s what the OP asked, and that Syncthing cannot do as outlined before - Audrius response was terse, but correct. Asking if something is possible is not equal to asking whether there are circumstances, where it can work. I consider my interpretation that whether in a reasonable case within the scenario asked, would it help, as a much more neutral interpretation. If you think it’s relevant, ask the OP what they actually meant.

I’d personally say you generally shouldn’t recommend hacks around a tool not designed towards a particular, security related need. However if you do it, you are better sure what you recommend works, or at the very least very clearly state the caveats (it only may help if the adversary logs in to your system, which is ridiculous in the context of data theft).

Of course not, if you like an adversary to have the ability to place any data onto all your connected devices, then go ahead, keep them syncing (I am aware of send-only folders - again: specify caveats if you do recommend shady things).

Sorry if this comes across as confrontational, but I can’t stand it when you state what “Audrius should have answered” (yes, I am annoyed specially because it is addressed at Audrius, as that happens way too often, but stating what other people should have said is almost never a good idea) and then use the intent of the OP as a justification: Again, how do you know their intent?

1 Like

Jakob,

Understood! I was think with the mind of an engineer and you’re thinking about relationships with customers.

Maybe the best response is “Although that is technically possible in many situations, it is way out of scope from the intended use of Syncthing, and the maintainers do not recommend it and can’t support any special features moving in that direction.”

Simon,

Syncthing can’t “delete everything on the laptop”, which (as you point out) are the words the OP typed. Because the first paragraph was about sync directories, I interpreted the question (perhaps incorrectly) as “delete everything on the laptop in the syncthing directories I just told you about”. After all, the context of this forum is Syncthing (not general laptop data destruction) and the title implied the OP knew that the sync node trust relationship would be eventually deleted, but the OP wondered if sync thing files could be deleted first surreptitiously by running syncthing as a service the bad guy didn’t know was operating. ~That~ idea is no different than the position reporting OS services that let you find your lost phone.

No, syncthing can’t delete everything on the laptop (docs, data, apps, the OS itself, etc). Yes, syncthing can delete the syncthing directory files. Guess we’d have to hear from the OP to know which question they meant.

Sorry to offend you. I referenced Audrius (as I try to always reference who I’m replying to) to keep track of which person I respond to in a thread. When I refer to “should have said” in my second reply (note my first post was a question to understand), I wrote as a technical engineer in a computer support forum. It would have been better if I just pointed out the technical reality and was more careful implying what someone else should or should not do. In context, these aren’t intended to be moral or professional debates - it’s a tech support forum.

Lastly, hacking around with tools and trying things out can yield goodness. Everything needn’t be a 100% secure production server. Original and wonderful ideas come from experimenters, hackers, and early adopters, stretching the envelope of what its possible. Since the late 1970s, this is how a lot has been learned in the computer software world. Jacob’s reply captured the thought - for project management reasons, there ARE reasons to deter risky ideas. But I think it’s okay that some people keep trying new things. Disclosure - my day job is a cyber resiliency expert on military weapon systems. Believe me, you MUST push boundaries in that context and try all sorts of “non-documented features” to stay ahead of adversaries which are doing so.

What should also be noted is that there’s a big difference between a secure delete and an insecure/fast delete. The majority of filesystems/operating systems only mark files as “free to overwrite” without actually removing the stuff (e.g writing 0’s). So it may be technically possible to restore the deleted data, at least partly (without meta-data for example).

As far as I’m aware Syncthing (or more specific, the Go runtime) only makes the “unlink()” system call which usually does not safely delete data (it’s even possible to prevent these deletions easily). Syncthing is simply not designed for this use-case.

This sounds like something that should be handled with a dedicated application, or even with a feature build into the OS/filesystem/hardware itself.

2 Likes

It’s not others though. It’s me. I set up the directory, I chose to share the directory with that computer. I can stop the sharing but that still leaves all the files on the computer. If my intent is for that laptop to no longer have these files on it then I should be able to delete the files before the laptop leaves the share.

This is a matter of opinion, and I for one disagree that this is a feature Syncthing should have. It would be a promise we can’t necessarily uphold and a footgun for the unwary. With twice the potential for unintended bad consequences and a rather niche use case to begin with, this is not a desirable feature.

2 Likes

Yeah, you should, by logging into the device you own and cleaning it up.

We are not solving “deleting stuff from devices I no longer own” problem.

Sure, you might have shared folder A with device X, but there might be a device Y which shared that folder before, why do you suddenly have the authority to tell it to delete stuff?

The whole nature of decentralised means nobody has the authority to tell someone else what to do. Namely forcing someone to remove all their files is a serious attack vector.

Sure, you kind of can, as others described theoretically do something like genuinely delete the content (which can be easily worked around), so some poor man solution of this is possible, but it’s not a usecase syncthing supports or wants to support.

If thats the feature you are after, syncthing is the wrong tool.

2 Likes