Don’t leave your Syncthing open to the world…

And maybe also not running as root… The excerpt summarises it quite well.


I strongly support a disbarment of IT folks who operate such setups.

Wow. I guess that’s good advice. While we are at it, let’s warn people not to post their banking credentials to Twitter :roll_eyes:

In my opinion, using the phrase “rooted via syncthing” is almost defamation in this context.

1 Like

Is it not the first thing Syncthing tells you to do, to set an admin password for the GUI? :facepalm:

That’s probably still not enough, as some people will use a password called “password” or “12345678” :wink:. I think there was a feature request some time ago asking for calculating and showing the password strength, although I believe it was related to the “Receive Encrypted” password and not the GUI.