Having run Syncthing for a bit I started noticing some things I’d consider odd. Hopefully they are just misunderstandings and could possibly be resolved by having better defaults?
My end goal is a process which is seen but not heard. Is that possible? One where any config is largely static. I’m not interested in public discovery servers, usage reporting, stats reporting, etc. I’m not a fan of TLS either due to SNI leaks. Though I can’t find any conclusive document of such an environment nor how to disable those.
None the less, one of the biggest surprises was how much data is leaked. To be clear, I consider any data I haven’t allowed, to be a leak. I’m well aware there are some things which are required for basic connectivity (public IP and port for example) - I’m not refering to those.
That is the normal mode of operation for Syncthing.
Provided that you either 1) have a static IP on at least one device in every pairing (which Syncthing is configured to use), or 2) communicate only over a local network which allows discovery using UDP broadcast, you can disable Global Discovery.
This defaults to off, with a single prompt to enable.
You’ll have to clarify what exactly you’re worried about. Syncthing uses “syncthing” as the server name.
To disable Global Discovery, go into Settings -> Connections, and uncheck “Global Discovery”
To disable Usage Reporting, go into Settings -> General, and change “Anonymous Usage Reporting” to “Disabled”
You cannot disable TLS. Syncthing is intended to be secure.
By default, Global and Local Discovery are enabled, and Usage Reporting is disabled. If discovery was not enabled by default, then Syncthing would not work out of the box for the vast majority of users, in particular those who are less technically inclined. Those who require more specialised setups can simply click on “Settings” and uncheck a couple of checkboxes.
Think our definition of static differ. What I mean is static config, static keys, etc.
Which I have It can be disabled but not by default. The instructions on how to do that are not obvious.
Isn’t off with any verson I’ve used and isn’t when running an RC version. Even then it requires knowing about the existance of them.
Defaults to “Version 3”
Which is sufficient to know what is running. I realize TLS is used all over the place including HTTP itself. I’m also aware of the political reasons behind it.
They are broken for the same reasons.
Which requires running the syncthing service for GUI access (or API if you know).
See above, TLS is not really secure.
Usage reporting is enabled. Disabling such things after doesn’t negate the data that was already sent. Can this be disabled by default / on first run?
Indeed, I have. Pretty frightening. I fully understand different people have different risks. It doesn’t say anything about how to actually disable nor secure syncthing though.
Usage reporting is disabled by default on everything which isn’t a release candidate / beta build.
You should realize that Syncthing is, primarily, optimized to work, out of the box, for mostly normal people. Granted, we currently only work well for the slightly geeky, but that’s not the end goal. If you are paranoid (and I use the term in the most affectionate way) you will need to adjust the defaults, and possibly test them in a walled off sandbox before deploying. You are not the primary target audience and you never will be.
?
(connect was refused becuase it’s blocked locally)
I’m trying to get to that point yes. What I’ve found so far though doesn’t match.
That is something quite alarming tbh. You’re basically saying it works because no one audits it? Just to be clear, my intention was not to shame anyone, it’s nothing personal. It was not meant as a security audit.
My usecase is certainly not unique. Syncthing is frequently cited as an alternative to other technologies but I’ve never really found a review behond simple install instructions.
Doesn’t match what? “Works because no one audits it”? So far I haven’t seen a single legitimate technical complaint from you. You make vague assertions about choosing TLS for political reasons and it being broken, which is patently false on both accounts. You are wrong about usage reporting. You are randomly “frightened” by stuff but don’t say what. All in all, I feel this is slightly insulting and not constructive.
A clean install of a release version does not do usage reporting by default. I don’t know what you’re running if it does.
Sync connections are attempted to all configured devices, when the address is possible to resolve. The sync connection is based on TLS 1.2. The TLS certificates are sent in clear text (as in HTTPS etc), meaning that the certificate Common Name (by default syncthing ) is visible.
Nothing wrong with that, thus why I’m asking what reports you’re refering to and what I see. As I said, the line above is literally from the syncthing client after a clean install.
I have, quite clearly said what is frightening. Sorry you feel that is not construcive? I asked you in PM how you wanted to proceed.
Indeed. If that’s what you think is broken, and for a political reason, then clearly we’ll agree to disagree. Back to you not being the target audience, if the fact that an eavesdropper on the network can tell you are using Syncthing is a blocker for you.
My Syncthing doesn’t do that, and neither does other people’s Syncthings. So I think you’ve made a mistake, either in enabling it and then forgetting, or in running something that is not a release build. If it’s a candidate build it will say that usage reporting is enabled, both on the console and in the settings GUI.
I said go wild and talk on the forum. We’re doing that. I can still feel insulted when you are essentially saying our work is crap - work that we do without getting paid, for fun (supposedly), for your benefit, by the way.
I am pretty sure you are running a non-release build, hence why usage reporting is force enabled.
STNOUPGRADE is there for legacy reasons, nowadays upgrades are configurable from the UI via a proper config flag.
You are misunderstanding the target audience. The target audience is people who install it and it works out of the box, with relaying, discovery and all. There is less people that do not want these than people who would not be able to find settings to enable them, or even dismiss syncthing not working and go bitching on the forums or issue tracker.
If you think things working out of the box is the wrong stance, then I am sorry, you are using the wrong software.
As you said, you find it wrong that any data you did not allow to be leaked being leaked, but this means syncthing would not work out of the box, and we have less technical people complaining on the forums. We don’t want that.
(As an aside, the number of support threads on the forum went down drastically after relaying was introduced and enabled by default. I can only imagine the support burden – and the number of frustrated users who give up before posting on the forum – if we disabled global discovery by default).
Sure, but github also has pre-releases published. If the version that gets printed on startup has rc suffix, you are running a pre-release.
This was an old way of disabling upgrades. We added a config setting which people use now, but it seemed wrong breaking everyones setups by removing the env var, so it’s still there, but we don’t advertise it as people should be using the config setting
Well, so far I understood that you are not happy that syncthing connects to relays and discovery servers by defaults. If that is not it, you should really quantify what you are talking about. So far we have 3 people replying to this thread, we none of us still understand what issue you are talking about.
Perhaps you should make a list of bullet points of what syncthing should or should not do, in terms of functionaly (“should not connect to relays” and not expressions like “be privacy respecting” as it does not explain what action within syncthing causes to be in this state).
Glad that is clarified… I think. I mean Github publishes whatever it’s told to. Initially I thought you meant I was running a git version or something.
Where is it advertised not to though?? That is from the -help output on syncthing itself… As are quite a few other options.
I never said that though… what on earth?
It’s hard to quantify that when you’re deflecting the answers I’ve given as non-answers. At no point have any of you said you don’t udnerstand what I’m saying.
You’re taking things out of context here. Way out of context. Why not start with of what I’ve said above, do you not understand? Or at least tell me what “respecting privact”, means to you and or Syncthing??
I came here at the request of calmh not to get shit on.
My end goal is a process which is seen but not heard. Is that possible? One where any config is largely static. I’m not interested in public discovery servers, usage reporting, stats reporting, etc. I’m not a fan of TLS either due to SNI leaks. Though I can’t find any conclusive document of such an environment nor how to disable those.
Sorry, but I still don’t understand what we are discussing here.
Your claim was that there were some privacy issues, I am asking what particular actions you think leads to us having issues.
So far I saw:
Usage reporting, which you claim is on by default. I’ve explained under what circumstances it’s on by default.
SNI issue. Yeah, it does leak things, but it’s better to leak things that not to encrypt, or roll out our own crypto transport. You can use a self-generated cert with a custom SNI if you wan’t, you’ll just have to do additional configuration on other peers to accept that certificate.
What else needs to be discussed?
I don’t want to talk about who said what etc, I am here to answer your questions and finish the discussion.
That is the only thing you are concerned about? OK, let’s tackle it.
How is the config not static? I set Synching up and leave it: I don’t touch the config.
I think we’ve agreed that global discovery should be enabled by default? I’ve told you where you can easily turn it off. I think that aspect is resolved?
Usage reporting. I think we’re almost at the bottom of this one: are you or are you not running an RC release?
You’re not a fan of TLS. Fine. I think the point about Synching not keeping its presence a secret has already been addressed, but if you have a credible technical proposal for an alternative to TLS, please tell us.
It can be disabled but not by default. The instructions on how to do that are not obvious.