I’ve been looking at Syncthing, but I wanted to know:
Can you allow a node access to the cluster but not let that node decrypt the data? So that it only serves it but can’t access it? … Just a relay basically.
When files change between different hosts, is there a way to save a certain number of versions for a certain number of days? (like Time Machine on the Mac, for example)
Just wondering! Thanks
Encryption no, versioning yes (there are two different implementation).
bigbear2nd
November 19, 2014, 12:14am
3
Welcome to Syncthing!
benguild:
Can you allow a node access to the cluster but not let that node decrypt the data? So that it only serves it but can’t access it? … Just a relay basically.
This is currently not implemented, but very well considered and discussed. You might find the guite long discussion here:
opened 03:07PM - 04 Apr 14 UTC
closed 08:13AM - 13 Apr 21 UTC
enhancement
So I have had a look at BitTorrent sync, syncthing and alternatives and what I a… lways wondered about was the possibility to not only sync between resources I own and trust, but also external resources/servers which I do NOT trust with my data, up to a certain extent.
One way to do this is using ecryptfs or encfs, but this has many obvious downsides: it is not an interoperable solution (only works on Linux), the files are actually stored in encrypted form on the disk (even if the resource is trusted and this is not necessary, for instance because of the file system being encrypted already), etc.
What I propose is somehow configuring nodes which are only sent the files in an encrypted format, with all file contents (and potentially file/directory names as well; or even permissions) being encrypted. This way, if I want to store my private files on a fast server in a datacenter to access them from anywhere, I could do this with syncthing without essentially giving up ownership of those files. I could also prevent that particular sync node from being allowed/able to make any changes to the files without me noticing.
I realize that this requires a LOT of additional effort, but it would be a killer feature that seems to not be available in any other "private cloud" solution so far. What are your thoughts on this feature?
EDIT: BitTorrent sync mentions a feature like this in their API docs: "Encryption secret
API users can generate folder secrets with encrypted peer support. Encryption secrets are read-only. They make Sync data encrypted on the receiver’s side. Recipients can sync files, but they can’t see file content, and they can’t modify the files. Encryption secrets come in handy if you need to sync to an untrusted location." (from http://www.bittorrent.com/intl/de/sync/developers/api)
There is even a bounty (currently at 110 $) on the feature:
https://www.bountysource.com/issues/1474343-support-for-file-encryption-e-g-non-trusted-servers
benguild:
When files change between different hosts, is there a way to save a certain number of versions for a certain number of days? (like Time Machine on the Mac, for example)
Yes, there are .
2 Likes
Cool! Thanks for the info.