Why not just directories? (No nodes or devices)

I’m transitioning from Bysync 1.4, which has only shared directories with an ID hash (well, two actually - one RO and one R/W). Any computer with an ID hash can sync to any other computer running BTSync with the same ID hash.

Why does SyncThing have the overlaid structure of “computer nodes” in addition to the sync directories inside those nodes? What advantage does this offer? Why the extra complication?

No crisis. I’ve just learned that when I understand the architecture of a new program, I can use it better.

Security/privacy/trust. You may want to share a folder with a friend, but may not want your friend to be able to have their friend—or a person who stole the key from them—connect to you without your consent.

This probably a simplification, but it’s a reason I came to appreciate quickly.

J King,

Generically, going through more hoops does offer more security. In this case, I think the security issue is answered by getting a confirmation from the computer that sources the directory hash code. BTSync 1.4 did this.

Or alternately, if my friend is giving away my hash codes, then he could just give away the files and skip the extra complication, so any super security would be kind of moot anyhow.

Also, I would see an unwanted computer pop up on the peer list and be able to address the issue.

Isn’t that almost a non-issue: Your friend can share your folder with any other device and you will receive any changes originating from them via your friend. You may not have these “third-party” devices directly connected to you, but you still are connected to them via your friend.

Also bare in mind, that even the BTSync folks think that this wasn’t the best idea so they changed it in v2 to be more like Syncthing ;).

Our way of doing it has no shared secrets. I don’t like shared secrets, because they can leak.

3 Likes

Jakob (@calmh),

I’ve read a lot of your replies on the forum and it’s clear you spend a lot of time thinking about architecture of Syncthing. Thank you. However, you’re out ahead of my brain. Can you tell me a bit more about no shared secrets?

“Folders only” in BTSync are not shared secrets any more than folders and devices are in Syncthing. In both bases, they’re simply unique identifying hashes. Of course, if you don’t have the hash, I guess it could be called a “secret”, but they’re still both the same in that way.

It just seems the overlaying of both concepts (devices and directories) seems redundant. You can’t ever have a directory sync without a device, so what’s the point of specifying a device? And you can’t specify a device only without knowing what directory to sync, so devices can’t stand alone. Directories ~can~ stand alone without specifying a device. Directories are ideological data sets, which is what we’re trying to share. Forcing knowledge of what device syncs the data is sort of the antithesis of “the cloud”.

What is accomplished with device ID#s that can’t be done with only directory ID#s?

Wweich (@Community MVP), …yes… I noticed the changes in BTSync v2, so somebody did think this was a good idea over there, but my understanding is still missing what feature or capability this ads.

The point is that you can revoke individual device access if one of them is malicious, yet you cannot revoke anything if all he needs to do is have a folder id.

Yeah. Knowing a device ID doesn’t give you access to anything. It just lets you know who to ask for access. They can say no, and they can change their mind later. If your device is accepted, adding new folders requires no exchange of cryptic hashes. Revoking access is also as easy as removing a checkbox on the other side.

With the omnipotent folder ID concept, there is no way to control access once the ID is “out there”. (My understanding is that the folder “ID” is not a mere hash but also includes the encryption key required to interpret the data, but I could be wrong/out of date.)

Got it. Specifying node ID#s lets me revoke access or never give it. Folder-only architecture would require me to revoke that folder ID# and re-issue a new one to everybody I ~want~ to sync with.

I realize I live in a clean world where all my synchronized nodes are trustworthy and do not pass on folder IDs nor do I expect that they will need to be revoked.