The docs are pretty clear that traffic via relays is safe from eavesdropping by the relay as it is end-to-end encrypted, but I’ve not found any definite answer for the traffic between each device and the relay itself, is that also encrypted? (I expect it is, given that relays run on port 443, but want to confirm.)
Assuming it is, then there’s an unexpected privacy benefit of using a relay over NAT trasversal: when roaming, it hides where you’re connecting to from the local (potentially untrusted) network you happen to be on. Depending on your risk profile, this might be a significant benefit.
In session mode, the relay sends everything it receives to where it’s going, byte-for-byte. In the documentation this is described correctly as a plain-text protocol.
Emphasizing that this is my opinion: there’s no need for the additional overhead of encrypting the connections for the already encrypted payload.
Yeah. There’s two parts to it. One is the negotiation between a Syncthing client and the relay itself (“this is my device ID”, “I want to connect to this other device”) which is encrypted in the usual way between Syncthing and the relay. The other is the actual relayed connection, when established, which is encrypted the same as any other device-to-device connection, with the relay just being another bump on the wire.