I'm so glad to be subscribed to your channel. I've been happily using Syncthing for more than 5 years now and I'm pretty sure this new feature would pass me by if it wasn't for this video. Keep up the great work.
So the folder gets synced to the untrusted device but the folders encrypted on that one? Can I use this is to sync a folder in my Google Drive folder but encrypted, so that those files are backed up on my Google Drive but only an encrypted version, yet still synced?
Hello tom , thanks for demo , -i have question about encryption so its safe to use it for 2 site sync i men not cloud it will be safe ?! - and can i change port of gui or any port for best bracts ?
Hi, I have a distro based on DEBIAN Q4OS I need to connect 4 hard disks with windows and mac backups and I would like to create a server with raid sharing of all hard disks and including a continuous and incremental backup also of smartphones and ipads in the family ... I was thinking about nextcloud and openmediavault but something else would probably be missing to perfect everything and example the folder search on different file systems I forgot ... I also have nvidia shield which can act as a nas if it would be enough without paying plex .Advice? Thank you.
@@LAWRENCESYSTEMS thanks Tom. That is exactly what i did a couple months ago. however when click update in TrueNAS GUI it is not updating to latest version. I tried "iocage upgrade SyncThing" via command and it is asking me for target release. what would be a target release ?
What is when you have a Documents folder and you have your own devices A, B and C, obviously a send and receive directory... Then there is device Z, which maybe is owned by a friend, you don't trust people, not even your parents, so, the owner of Z might steal your stupidly created passwords.txt file which is within your documents and contains e.g. your Bitcoin Secrets. So what do you do, you use this feature of Untrusted Devices. But there might be still a problem, the directory is marked send and receive, cause you have your own devices ABC. So Z might delete the encrypted files, what could go wrong? You might loose your passwords.txt. Nobody read it, but nobody includes you, so your Bitcoin are gone, congrats. Maybe before Z is deleting the files, hesheit changes all files like 20 times, so all versions gets overridden, if you use versioning. Soo, are there things Syncthing might do to prevent that? Sadly there is no option to say send only with device x... But in encrypted case, it would be technically possible to do send receive, when ABC are validating the files, and disallow changes by the filesystem of Z, only when valid things are pushed to Z.... I mean A B offline, C pushes changes to Z, C offline, A online, A gets changes from Z, but validates signatures and integrity of them, that the changes are made by C and doesn't screw up everything, or something like that. Does Synchting do something like that?^^ Or could Z corrupt files of ABC?
Great video! One thing that is missing is how would we make use of the data on the untrusted device, if our trusted one is lost or damaged. How would we restore(decrypt) the data...
BTW, I already found the practical use of this new feature. I recently brought my old HDD to my local church and put it into their own backup server (that already had Syncthing installed for backing up church staff PCs). Then I configured it as untrusted Syncthing node and implemented a reliable encrypted off-site backup of my most important data from my home Synology server to my church Syncthing node :)
This would be a nice way to sync all your backup-to-disk files to the cloud as a disaster recovery plan. All you need to get it back is the password and in the meantime you can be sure that nobody else can access your data.
Passwords usually aren't secure, they should get rid of the them, it's not needed, they should just generate a key per untrusted node per directory and share that keys with all trusted devices which have the directory unencrypted, so they can access the data on untrusted devices as well. No user interaction needed and much more secure.
.... so send the key over an (usually) unencrypted network to be stored on an untrusted server. You do not want to access the encrypted data on an untrusted device. That is the whole point of encryption
Would this be a good solution to send offsite backups easily to the remote location and not worry about encrypting it yourself? I understand there is a risk of ransomware encrypting the source syncthing files thereby destroying the offsite backup. Just trying to see what is a good solution to run to backup important files between friends' servers but are easy to manage and doesn't give access to other people's files
@@LAWRENCESYSTEMS ah too bad, yea it would be nice if the logs were cryptographically signed so that if the "untrusted" device was compromised it couldn't mess with your trusted ones in that way. i think i'm probably gonna write my own software on top of libp2p then thank you ! :)
I'm a little late to the party but I am considering SyncThing for SynologyAndroid syncing. A problem I have run into with other syncing solutions is that the Android device loses date & time metadata. I.e. The date from Windows is lost and Android shows the date/time of the transfer. If this true with SyncThing?
You can put in a thermostat controlled exhaust fan to exhaust hot air and pull in cooler air from air conditioned space. I set my closet thermostat at 5F warmer than max set temp of main thermostat.
I tried to sync 2 shared folders used by a dc and none of the security principled synced to the other side. I think it takes the as owner the user who controls syncthing.... I thought it would be more like robocopy If what I noticed is true and cant be changed by properties what is the point of synchronizing folders with different credentials from source to destination
