Offline use or USB workaround?

I just found out about Syncthing and I read that a connection to the internet is not necessary, just a router is enough. (Can someone confirm this?)

I rent a room in a shared residence and we all access the same WiFi connection, so I don’t feel safe using that router (for anything other than casual browsing/YouTube) and potentially risk my sensitive files being exposed to others (as I sync them with Syncthing).

I’ve a spare WiFi router of my own (that’s obviously not connected to any internet connection). Can I use that (again, without connecting it to the internet cable) as the mediator each time I need to use Syncthing?

Syncthing doesn’t support USB syncing (does it?), as that would be the best solution for me. :confused:

Short answer: Yes. More detailed answer: Syncthing just needs a network connection in it’s original definition. A network connection doesn’t imply internet connection, just some network that is TCP/IP capable is enough. You do not even need a router, connecting two computers via Ethernet cable (or even WiFi direct and similar) would work too (altough it may require some amount of configuration).

Syncthing traffic is encrypted and authenticated, what exactly is it you’re worried about?

Yes, that’s possible. Again, any type of IP network will work. Depending on the exact network setup it will either require some configuration (for example static IPs in the computers or address configuration in syncthing), or it may even work out of the box.

You can tunnel pretty much everything over USB, wouldn’t be surprised if software exists that can do IP networking via USB. This may require third party software though, it’s not a feature syncthing has inbuild. In general it’s not something that I would suggest as the go-to solution, if it even exists.

[quote=“Nummer378, post:2, topic:16342, full:true”]Syncthing traffic is encrypted and authenticated, what exactly is it you’re worried about? [/quote]

Oh, I see. So, basically I could be at a Starbucks and use the public WiFi and my data would still be safe? (i.e., it would take hacking for someone to access them?)

Am I responsible for the encryption? Meaning, do I have to choose a strong encryption password?

Thanks btw

1 Like

As I work in the field of information security I simply cannot answer with a plain “yes”, but need to give a more differentiated answer:

Syncthing is protected using Transport Layer Security (TLS). That’s the same protocol https (and many others) use for encryption. This protocol is widely considered secure. We cannot guarantee that it is safe from any hacker, as undetected weaknesses (+ a bit of other weird stuff) are always possible, but it is “as secure as it gets”. TLS is state of the art encryption, so for most people a simple “yes, TLS is secure” should be enough, altough it is not guaranteed.

No. Encryption is always enabled and cannot be turned off, nor does it need any configuring. The only task that the user needs to do is first-time-authentication, but this is handled in a mostly user-friendly way:

When setting up syncthing you need to add your own devices to your syncthing installations (e.g on device A you need to add device B and vice versa). When doing this, syncthing will prompt you to either enter or confirm some Device ID. These are (cryptographically secured and unique) identifiers for your syncthing instances. For best security, verify that the device ids shown across devices match, as this authenticates the other device. You only need to do this once, syncthing will remember any authenticated device id.

The rule of thumb here is to only add devices you own and trust**. If you get a prompt for an unknown device ID, do not accept it. Other than that, you should be fine.

**(Adding an unknown/untrusted device is generally not a critical error as no sensitive folders are shared by default, still I wouldn’t recommend it)

1 Like

If you consider a private WiFi network to be safe, then yes. WiFi’s encryption schemes have historically not proven to be more secure than those Syncthing uses.

Tangentially:

USB is a massively asymmetric protocol, so you need at least one computer that’s capable of operating as a USB device, rather than a host. That aside, well, yeah. Smartphones can usually do this to share their cellular data connection with a computer.

I suspect the original intent was MSC devices, though.

So informative, thank you so much.

Ok so, since, technically, it is “as secure as it gets, altough it is not guaranteed”, and since I already have a router of my own (i.e., I won’t have to go and buy one), it is thus, by default, “safer” to just use mine each time I wanna use ST. Right?

Slightly off-topic question: In a situation where a router changes owner, and whether it has been used for ST exclusively, or for actual internet browsing as well, will the new owner have access to any data stored in it? In other words, does a router have any means to store history logs etc.? Will I have to destroy it (like an external HD), should I ever need to buy a new one?

Again thanks guys

It’s at least not worse. Generally yes, this will make it harder to get access to any type of data. Odin has already mentioned that the encryption of WiFi isn’t superb**, so I wouldn’t put all my trust into WiFi encryption, but I presume your intention is what we call the defense-in-depth principle: Have multiple layers of security. Your own router gives some level of security and syncthing’s encryption on top of that gives you another level of some security, thus adding to the overall safety of the system. Whether the hassle of switching between networks is worth the extra level of security is your decision.

**(things like the KRACK attack come to mind, plus a whole bunch of other issues but this forum isn’t really the place for an in depth discussion about WiFi encryption)

Yeah we’re really drifting here, but I would feel bad if I didn’t provide any answer at all: This depends on the router and maybe on its settings. I really stick my neck out by saying this, but I would presume that most routers do not save much (valuable) data, especially not after factory-resetting them (which should be an option on most models). I cannot give any guarantees for that though.

1 Like

Lol… How much storage do you think is hidden inside the router… If someone wanted to store the traffic that has passed through my router this week it would need over a TiB of storage hidden in it… Far easier and cheaper options out there.

Storage limitations are one of the reasons why I stated what I stated, but just to name a counter example: A router that does DPI could in theory store statistics about visited websites (far easier back in the days when everything was HTTP) for various purposes. Aggregated data can be stored with just a few KiB of memory and may still be considered sensitive (e.g list of websites I visited in the past 90 days). When I think about it I remember that Ubiquiti routers can do this exact thing if you configure them this way.

1 Like

:face_with_raised_eyebrow:, I misread the question to be about ST data specifically. You are quite correct sorry.

In my head the question was about the Syncthing data transferred while using the router. When your reading your responses my imagination ventured into the absurd:

If it is an off the shelf router and you do not suspect an agent is actively trying to steal the data in question specifically then no. It should not have any meaningful data left on it.

If you do suspect an agent is actively trying to steal the data in question then why ask the question on a public forum that could easily be manipulated? Throw it in a fire when you are done… and only use wired connections while using it… in a room without windows… or a hard wired power source.

Yes, once you step away from home routers this is common.

@sedovef242 The in transit encryption utilized by ST is accepted to be generally secure.

I would not bother setting up a separate network to do what you are describing unless it was going to be a wired only network. While defense-in-depth is a good idea (a very, very good idea), you get little benefit in setting up the second network… If Someone has the understanding to work around TLS they would have the skills to scoop the data out of the air from your network just as easily as the existing one.

Thank you all for the info. Kind regards.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.