Download security

Hi there,

the syncthing downloads reside at amazon cloud storage, the md5 sums to. How do you prevent anyone, eg federal intelligence, which easy can get access to amazons storage to change the downloads and checksums? I want to choose syncthing instead btsync, because syncthing is open source and may be more resistant to security letters. But Amazon isn’t. How i can be shure, the syncthing on Amazon is yours, and not modified without checking oit the sourcode from github for each system and buidling by myself? Sounds paranoid, but it´s known they do anything they can to get access to all what they can get.

Regards Steve

1 Like

Did you have a look at ?

No, sorry, I didn’t recongnise the link. Thank you very much.

Sincerelly, Steve

What you can do is make sure you verify the checksums using the correct PGP key. That way you know they haven’t been tampered with. The website linked above isn’t beyond tampering either, but the source is on Github and the key ID is mentioned in other places like here: the fingerprint of the key should be D26E6ED000654A3E.