I’m considering using this tool to keep files in sync between a live server and a hot-spare, across the iNet. A sync tool should only need to talk to its sync partner. Imagine my horror to see it gleefully telling me its blabbing to a half dozen (approx.) other machines.
Just like malware! Hi CnC what mischief should I do today?. So I’m trying to determine if I can trust this software enough to recommend it as a solution.
I want this software to never talk to any machine other than its sync partner. No updates, bug reports, usage stats, shouting about its location, … dead silence, except to its sync partner.
I already feel violated with its malware like behavior. I’m hoping someone here can lay my fears aside and tell me how to shut it up. I don’t want to spend too much time with it in a sandbox under the inspection of WireShark. Or having to vet its software, which would require learning Go.
To be honest, this isn’t really the best attitude, especially considering that Syncthing is a free and open source piece of software also available at no cost (and with no guarantees, as per the license). This topic, however, has been discussed very thoroughly quite a few times, on the forum as well. As the first step though, please check the Docs if you’re interested why and what kind of connections Syncthing makes (e.g. see https://docs.syncthing.net/users/faq.html#why-does-syncthing-connect-to-this-unknown-suspicious-address and also everything related to “global discovery” and “relaying”).
In short, Syncthing is designed to be usable by average computer users without having to tweak its default settings (e.g. to automatically connect their desktop, laptop, and mobile phone with each other wherever they are located). If you’re that worried about privacy and similar, you will either need to disable global discovery, relaying, etc. and use Syncthing inside LAN only, hard-code IP addresses, or set up and connect through your own discovery and relay services.
You can turn off anything but sync connections. This does come at a cost, however: This functionality is there for a reason - it provides connectivity in less-than-perfect network setups.
However, if you feel you are a power user who can configure the network by itself, you are free to turn (basically) everything off:
Turn off global discovery
Turn off local discovery
Turn off NAT traversal
Turn off relaying
Turn off upgrade checks (if enabled in your build)
Deny usage reporting
Turn off crash reporting in advanced options
Configure static addresses for syncthing to connect to
Enjoy your “silent” syncthing. It will however be unable to connect to any peers not reachable via a direct, manually configured, connection.
Nope. Right attitude. I haven’t been p0wned yet. And if I or my clients get p0wned I have only myself to blame. So due-diligence is an absolute must! In these days an even higher level of suspicion is required. Since only a fool asks the conman if he’s being honest and believes him, I have to question my own wisdom in even bringing this up for discussion here.
BUT I believe that your project is above-board (unless it gets poisoned by cyber-thugs) and so I bring this topic up, as I said, in the hope the feedback will settle my concerns.
Believe me I have and I searched here. But either due to simply missing it and/or not having thought up the right keywords to submit to the forum I have not found what seems to be a complete list or set of instructions on how to keep the silence, or if you prefer go incognito. What @Nummer378 posted seems like a pretty good start if not 100% complete. I won’t know for sure until I test.
Yup, I am. Yes, this starts to answer the question. And yes I will add more counter-measures. But “etc” and vagaries are not helpful to newcomers to your project who want to harden their installs.
Thanks for your time, just the same. And I leave you with a thought:
You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code.
– Ken Thompson @ '83 Turing Award
Yes, I read that.
Good to know. Its my job to make the network perfect.
Frankly, if you are poweruser enough to set up the network in such a way that you do not need the various ways Syncthing provides to create a connection under the even most adverse conditions, it would probably been less of a hassle to set up Unison to do the same thing as Syncthing than writing to this board complaining about all the features syncthing has, which are not to your liking.
Syncthing’s code and documnetation is perfectly open about all that and, as has been mentioned, allows to turn it all off.
And please tell us about how you yourself wrote all the code you run on your machine.
@jafcobend I think you are truly paranoid. This is not bad, but you could try Air gap networking and keeping your machines in sync. Those third-party machines like relay servers and discovery servers are there for a reason as already mentioned. Syncthing is a proffesional run opensource project. Even when keeping files in sync with OpenSSH and Rsync you have an OS you need to trust. But getting it to work periodicaly scheduled needs cron, and this wont work nicely on Windows or macOS. There is other alternative software which is mostly freeware, opensource or payware. It depends how you trust one of those. Good luck with your choice.
Yes, indeed! But I try to be moderate about it. Most people aren’t taking cyber security seriously, including those who write software claiming to be secure. I won’t bore you with the problems I routinely run into. But I will leave you with a truly scary thought: IBM provided computers and programming knowledge that made it possible for Germany to commit mass-genocide (WWII holocaust), and all they had were relays and punch cards! IBM’s excuse: they paid us. Imagine what would happen if g00gle’s data and/or services gets weaponized!
Unfortunately, unless I can afford to string and maintain a cable from the west to the east coast (USA) “air gapping” is not an option. I do find it amusing, that while I came here to, as I said, have my fears assuaged, most of the feedback I received is trying to push me to other software. I’ve already found a config recipe that remains quiet within my cyber-borders. I’m still looking for other options. But I’d say I’m about 70% settled on Syncthing.
I could use rsync, csync, lsyncd, unison, … but this requires too much scanning and too much time between scans to keep the load low. Probably the best solution for what I want is a clustering filesystem… but since the machines I’m cloning were not setup for this in the years prior, it would require unacceptable downtime. So I’ve been looking for an inotify based solution. Syncthing meets this criteria. I can delay the full system scans so they happen only during the usual nightly backup cycle, since this would be replacing the current rsync based backup.
I saw something else on your “alternative software” list that looked like a good candidate. So I still have a couple of other options to vet and consider.
Last thought - commercial vs open source: While in his presentation in '83 Thompson said that “no amount of source level verification would protect you” being able to scrutinize the source is still better than not being able to see it at all. Frankly I think the only hope for the average user to be able to survive in the cyber-future will be Open Source.
Well… I’ve burned up my time here. So I’m off to go play with some “sync thingies”.
I’m not so sure people here actively tried to push you to other software, esp given that a solid configuration-idea was supplied. But, your way of wording is in a sense quite hostile; even if you don’t mean it to be. You practically started by calling Syncthing’s behaviour malware-like. From a social point of view, what kind of response did you expect?
I do understand your concerns and it seems like you’re well on the way to make a well-informed decision, so in that area not much more is needed but just be aware of how your attitude can be received. I mean, bringing up the holocaust? That’s miles away from any attempt of a good-faith argument.
Personally, when someone metaphorically enters the forum by kicking in the door and yelling that all we’ve done is shit and/or malware and/or horrific, then I’m happy to see them use some other software better suited to their tastes.
To come here and complain about Syncthing’s defaults without even reading the Security Principles page that has a section that deals with --exactly-- whats being complained of (Information Leakage) is just downright rude.
You assume. It was because of the various security related documentation I thought I could broach the subject. But its become clearly obvious this project can not be trusted.
It’s much less WHAT the original issue was, but more HOW it was expressed. Of course it was a valid question, but if you have such a high need for security, then maybe start reading up on what a software does BEFORE executing a random executable you found on the internet.
This is not a commercial tool (so no staff in that sense either), the devs do not owe us users anything. The least you could do is show some respect for somebody else’s work that they provide for free, instead of stating you feel “violated” and writing that it behaves “just like malware” in a more than polemic way. Most people that come to this forum do not need to be educated about that.
The code is open and the most important bits are documented quite clearly. Anything from default behaviour to the used protocols and encryption. It’s clear what Syncthing does, why it does it and what protocols and mechanics are used. I’m honestly not sure where that distrust comes from. Anyone is able to audit the whole project . Feel free to dig around.
What happened here is that the user in question seemingly is not interested in many of Syncthing’s default features which are beneficial for easily connecting to other devices and keeping Syncthing up-to-date - something Syncthing seems to be revolving around. That’s fine. But just word it decently without calling it malware-like - it really is that simple. As explained in this topic, basically everything mentioned can be turned off.
If one doesn’t understand why an approach like here, where calling some of the main features malware-like before asking for help in turning these off, triggers defensive reactions, then I’m not sure what to say. Basic communication skills? Social interaction? Idk. An approach like this never works well. Not if you’re a security engineer (your coworkers are going to hide stuff instead of owning up to mistakes) and not if you’re asking for help in an open source project.
but just be aware of how your attitude can be received. I mean, bringing up the holocaust? That’s miles away from any attempt of a good-faith argument.
. Feel free to dig around.
