Website with public discosrv database

@Eddy2909 can you explain to me exactly why and how you think tor is relevant here?

I think Eddys point is that Tor is all about using untrusted people’s servers.

Which, to be fair, has proven to be a very bad idea multiple times. Running an exit node and inspecting all traffic for email or clear text credentials is fun.

But, and I’m repeating myself here, Syncthing is not and has never been about communicating anonymously. It’s about syncing files between your devices, or with devices belonging to your trusted friends.

3 Likes

Agreed. If someone wants to proxy discovery server connections through tor, that’s (probably?) possible. There’s no point in us reinventing the wheel for software which had much higher priorities right now.

Thanks Audrius. Please help me understand this.

When I look at the UI, I see that I can configure N>1.

However I am also suggesting a future enhancement where we can specify which discosrv is used on a per device basis.

2 Likes

Yeah. I think you could (today) use something like a public device that uses the official server, a private device that uses your private one, and a hybrid that talks to both. The hybrid one will be able find both of the others. The public server will never gain any knowledge about the private device.

Your “per device” setting would only control who to ask for what IDs, but it’s essentially free to ask a server that does not know about it, and doesn’t reveal any relevant information to the server.

The per device setting wouldn’t help with restricting announcements, so your private device still needs to talk only to the private discovery server.

1 Like

surely, you can sniff the packages of one or if you have too much time several exit servers or tor-relays - but you will never be able to take down the whole tor-network because its distributed. If you would like to disturb or take down syncthing “network” you only would need to attack one single point. in our example it would be enough to use one infiltrated discosrv - to gain all data right? thats why I DO LOVE the idea of @calmh with dht.

idea: what if there was a dht network of discos “above” all devices.

usecase: if I’m adding for example 5 discos to a devices settings. what if my device divides and spreads his id:ip hash of data or whatever it is called and sends it to those 5 discos. if some new devices want to join my devicenetwork they need to use the same 5 discos to get the whole and neccessary data. the problem: what happens, if one of them is down - they need to have a redundancy right?

would this be difficult/possible to realize?

As I’ve explained, there is no reason to do that, and I don’t see the value this would bring.

You are completely contradicting yourself. First you wanted anonymity, now you want DHT, which is the opposite of anonymity, as everyone knows everything without effort.

If we run 5 discos, having 1 disco up is enough for peers to find each other, given all devices use the same 5 discos.

It seems you just want to make people to implement something, without providing any justification, on a it sounds cool basis.

just read about dht, there are two ways:

  • spread and divide the data or
  • give all discos all data

is that false? if not I was talking about the first version - by that we would gain some kind of anonymity (by saving only useless data-parts) and security (by distribution).

You both have suggested some ideas that I will test. I have never configured N>1 discovery servers in my local device settings.
Thanks!

1 Like

I may be wrong, but my understanding about how his works is that you connect to a few nodes of the DHT and broadcast your queries to them, and they relay them towards the nodes that may have the answer and so on. I’m not sure how difficult it is to engineer this so that I control one of the devices close to you, to be able to intercept the queries and inspect them. It doesn’t seem infeasible, but I could be wrong.

1 Like

my current disco settings: one rpi running disco and the public one until the second rpi is online. then I will switch using both rpi-disco servers. just for reliability :wink:

Cool, that’s exactly the intention that people should be able to do that. Go for it.

yeah I will - but thats only a solution for me :confounded: what about Emiliy B. from A.?

you mean like dns?

Look, this is getting tedious and I’m checking out for the night. So, I’m implementing discovery over tls. I’ll look at adding a server or two, that doesn’t hurt. I’m not going to implement a DHT discovery, because I don’t see the point and i don’t understand it well enough. If someone else does and contributes it, and it’s provably superior in some way, I’ll happily merge it and use it.

I think that’s all on this topic from me for the moment.

I am back with my Private vs Public discosrv questions. I think a graphic will explain my issue, so here goes:

In the illustration above, devices A,B,C share some “top secret” stuff using a Private discosrv. Device C (that’s me) adds a 2nd discosrv (public), and shares some family photos with devices D and E. Everything works, and devices A and B can never discover D and E and vice-versa.

In the diagram below, the owner of device A (not me) later decides to add a 2nd discosrv (public) and share some music files with his friend F.

Now my question: Since both devices C and A are configured to use 2 discosrv’s (1 private + 1 public) … is it possible to configure so that the discovery between A-C continues via the Private discovery server only?

The way it is now (and that’s the way I’d like it to stay) is that it will look for everyone everywhere, concurrently.

So in the first case, C will look for A, B, E, D on both public and private disco, but obviously will only find them on the ones they are participating on. So the public disco will get a request for C looking for A but not get a response. Again, A’s ID is just a hash of some random piece of information, so you can’t pin it to anyone.

In the second case, same case will happen, though through which server C will resolve A will depend on latency and gods of random numbers.

This might not be exactly the way I wish it could be - but now I fully understand the way it is now.

Thanks for walking me thru this … :smile:

2 posts were split to a new topic: Proxy support

like calmh said, syncthing is for you syncing files with people you trust, if you don’t trust discosrv, then don’t use any discosrv, you don’t require a discosrv for connection, I tested it.

my 80+ computers running on both public and private network, and even with a discosrv running on a computer that connects with both network they just can’t communicate with each other, if you worry about your IP being transfer to malicious place, secure your own connection.