Security between untrusted/semi-trusted partners


I use syncthing for a few days and read the FAQ/docs but I did not find a satisfactory answer to this question.

I want to use synchting in scenarios where I share parts of data with semitrusted partners. Particular examples:

  • I want one share between my private computer and my work computer. While the work computer should not be able to sync this one folder, it should not be able to access anything else I have shared.

  • I want to have a shared folder for a group of friends. Clearly they should by no means be able to access my personal files.

Question: When I connect two syncthing instances (e.g. my computer and my friends), I can select under “Sharing” one particular directory. Will this ensure by all means (cryptographically) that my friends computer cannot access any other folders I shared?

Basically, yes.

This is not really about cryptography so much (although that too), it is about the fact that your machine only tells your friends’ machine about the folders it shares with that machine.

Say we have machines A, B, and C. We have folders foo and bar on A: foo is shared to B, and bar is shared to C. Not only has C no way of getting foo, in fact, C doesn’t even know that A has foo.

There are only 3 ways for C to get the contents of foo:

  1. A shares foo with C.
  2. B shares foo with C. There’s no way A can forbid that.
  3. C creates a folder qux that has the same folder ID as foo, and shares it with either A or B. If the user on A or B explicitly accepts it (or if “auto-accept” option is enabled, which by default it isn’t), then A’s foo and C’s qux become essentially the same folder for Syncthing, and C gets all of its contents.
1 Like