Device Groups (Was: "People" over "Devices")

I’ve just realised that I don’t actually share in terms of devices, I share in terms of people – I want my “documents” and “backups” folders to be available to me whatever device I’m on; I want my “photos” folder to be shared with my dad regardless of which of his numerous and ever-changing devices he uses; I want my “taxes” folder to be shared with my accountant and I don’t want to have to manually update my syncthing config when she gets a laptop to replace her desktop; etc etc.

I don’t want to spoil people’s imaginations by suggesting solutions, so leaving this first post here as just a user-story to spark ideas :slight_smile: (I can come back and spam implementation ideas in the comments later)

1 Like

Personally, I definitely work in terms of devices: I don’t sync my ‘Videos’ folder to my phone!

Neither do I – but I have my videos folder advertised to my phone, so that I can access it if I ever need it.

So for clarity – when I say “I want my photos to be available on all my dad’s devices”, that doesn’t mean that all his devices should be forced to accept that share; just that they should have permission to access it if he wants them to.


Glad you clarified that in your last post - I was just about to tell you that your idea was a security nightmare. LOL

We should never have the power to push sync data to all the devices owned by another person. Too many potentially unintended consequences with respect to privacy. For example, the confidential tax folder you sync with your accountant could theoretically end up on the tablet he gave to his 8 year old daughter.

In the case you cited, once your Dad has a folder in sync with you, he already has permissions to propagate the folder across all his devices where ST is installed.

So - what’s missing?

As I understand it, if my PC shares with his PC, then his PC can share with his laptop; but if his PC goes offline then there’s no link between my PC and his laptop (unless we use the ‘introducer’ functionality, which I think would introduce everyone I know about and everyone he knows about; not just all the devices I own to all the devices he owns)

Also, once all of his devices are added, then when I add a new folder I want to share with him, I need to tick “dad-pc”, “dad-laptop”, “dad-phone” etc rather than just ticking “dad”

Aha! Now I understand the problem you’re trying to solve. Thanks for clarifying this.

So where another person uses multiple devices, and none of the devices are always on, your desire to have instantaneous sync with that “person” is not guaranteed. OK, I get it.

The best you can do today is create a mesh network connecting all your devices with all your Dad’s devices and apply the appropriate folders to all the devices in the mesh. Inconvenient? Maybe … but it will handle your use case.

Let’s see what others have to say. Adding “persons” (aggregation of devices) to devices and folders in the protocol is probably not that small a task.

Maybe the concept is evolving into one of ‘device groups’? If you share a folder with a group, then any member of that group may choose to synchronize that folder. By sharing a folder with a group, you trust all devices in that group, and all devices which may be added to that group in the future.

This differs from the ‘introducer’ functionality in that devices within a group would not appear as individual devices: you would not (immediately) have the option of sharing a folder with all devices in a group, just with the group itself (unless you added individuals within that group as separate devices).

I can see this being very useful for office scenarios, where a set of folders are shared with multiple employees.

Hiccup points:

  • Group IDs
  • Group synchronization status? Wut?

Does that capture roughly what you’re envisioning?

Yup, that sounds like it would cover my use case and several others :smile:

This also opens up the possibility of a device being in multiple groups, which seems more useful than my initial idea of a device having one owner, but possibly has other complications. Or maybe it doesn’t, if device groups work at the same layer as the introducer currently works – dynamically updating the device list, but if two groups add the same device to the list, then that’s still only one device.


Covering several use cases at once might make writing documentation a little awkward, as the use-cases use very different terminology even if they’re the same thing under the hood:

  • “share this folder with the members of the UI design team (and allow the UI design team to freely add and remove team members)”
  • “share this folder with all my dad’s devices (and allow dad to buy and throw away devices, don’t hassle me to update my list, just sync with whatever he owns)”

But I guess we could just officially support the abstract “device groups” and then have separate tutorials which turn that into real-world examples.

I would add to the list of potential “hiccups” … Group ownership, and permissions. If you intend to create a “device group”, how do you prevent non-authorized devices from joining the group and accessing the content? I envision the need for some kind of login or authentication for this concept to be secure.

Good point. Presumably we don’t want a central registry of group members - that would somewhat defeat the point of a distributed sync tool. The simplest solution would be to go btsync-style and allow membership to anyone who has got their hands on a magic key, although this is a big step backwards in terms of security from Syncthing’s current device <-> device approach.

(Renaming topic for better searchability)

Right now, if I share with dad’s PC, then he can re-share with anyone he likes and I won’t even know about it. If we say “any device in the device group can add other devices to the group”, then that seems equivalent in terms of security and gives the option of better visibility.

So from user view:

  • make an introducer which doesn’t introduce all devices, but only devices in a group. So I can add “Dad’s PC” and tick the “introducer” checkbox and his PC will introduce me to his phone and laptop, but it won’t introduce me to his co-worker’s desktop.
  • It wouldn’t be automatic from his end – when he gets a popup saying “Shish-PC is trying to connect [accept] [block]” there’d need to be options for “Only sync Shish-PC here”, “Also introduce Shish-PC to the devices in ‘my stuff’ group”, “Also introduce Shish-PC to the devices in ‘my office’ group”
  • When being introduced to a device in this way, automatically advertise folders to the introduced devices that are currently advertised to the introducer device.

Under the hood possibility:

  • A device has one private key for itself uniquely and one private key for each group it is a member of
  • Adding a device to a group = offering the group private key to that device
  • “Introduce Shish-PC to devices in the ‘my stuff’ group” = “Send Shish-PC the ‘my stuff’ group’s public key, so that he may automatically accept connections from anyone with that group’s private key”

I think that your understanding of introducer function is wrong. Introducer works on “per folder” basis, example:

You share folder Photos from My PC to Dad’s PC. So My PC knows Dad’s PC. But your dad share Photos with his other devices like Dad’s Phone and Dad’s Laptop. My PC doesn’t know those two. But if you set Dad’s PC as introducer (on My PC), devices Dad’s Phone and Dad’s Laptop will appear in My PC’s device list. None of dad’s co-worker’s devices will be introduced, unless he share Photos with them as well.

Introducer function only uses information about other devices that this folder is also shared with which are sent in handshake every time devices connect. Otherwise that info is simply ignored.