What do we need to make the Untrusted Devices feature stable?

Syncthing got the Unstrusted Devices feature in version 1.15.0, 4 years ago. The docs say that the feature is at beta testing quality. What do we need to make this feature stable?

There are still a few issues if you search for “encrypted” or “untrusted” on the Syncthing’s GitHub page. Most of them shouldn’t prevent you from using the feature though.

I think the only “breaking” bug is https://github.com/syncthing/syncthing/issues/7808, because it actually leads to data loss (because the affected file will not be synced), and the user can do nothing to fix the problem.

Thanks! I was hesitant to use the feature because the warning makes it sound like the encryption could be compromised. That’s the one thing that must work correctly.

On the issue tracker I only see a couple of minor issues, no different from other Syncthing features that are not marked as beta in the docs. Based on this I feel the warning could be removed. If there was not the major windows issue you linked. Although it only affects Windows so the warning could say that the feature is not ready for that operating system but works on others.

Why was the idea of a simple prefix character dismissed? Or are there other cases besides Windows reserved names?

I think there are two aspects:

  1. Security of the approach/crypto.
    I think that’s not “beta” from our side in the sence that we want to improve anything, but also it hasn’t been formally independently reviewed. So always good to think about your threat level and compare that with the state (e.g. this lack of formal independent review, the principles/limitations outlined in the docs, …).

  2. Implementation stability/backwards compatibility guarantees
    While we don’t give any guarantees beyond “can talk to each other and sync accross versions” (at least that I am aware of), we do go to great lengths avoiding user action/retransfer/… when doing changes in general. That “beta” label for encryption is an escape hatch in my mind. Don’t get me wrong, I don’t want to cause user hassle, but if the tradeoffs are right we might do it. There are a few known rough edges of the encryption features (some already pointed out, also filename length and I kinda think there was a third). So worst case that means you need to recreate your encrypted folders (on the receiving end). Whether or not, and when, that will happen nobody knows :slight_smile: