this post was submitted on 30 Apr 2024
71 points (98.6% liked)

Open Source

31544 readers
589 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I'm curious about

  • editing on desktop
  • editing on mobile
  • whether or not you need to self host it
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 7 months ago (2 children)

I will never use a non self-hosted notes service. I think it's ridiculous. You can never fully trust such a system and it's unnecessary power usage (DNS, all the middlemen, the server, its office etc). You can encrypt the files before sending them to a third party service but ehh that's additional steps and good luck recovering the files in case you lose the key. And I don't really have quite the amount of money, time and neural cells for a home server so I prefer my way. No offends against syncing though. It has its advantages but ONLY if it's self-hosted. And tbh I'm just too old school for your unnecessarily overcomplicated syncing stuff. Analog items ftw.

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago) (1 children)

I will never use a non self-hosted notes service. I think it’s ridiculous. You can never fully trust such a system and it’s unnecessary power usage (DNS, all the middlemen, the server, its office etc).

quoted from https://syncthing.net/

Private & Secure

Private. None of your data is ever stored anywhere else other than on your computers. There is no central server that might be compromised, legally or illegally.

Encrypted. All communication is secured using TLS. The encryption used includes perfect forward secrecy to prevent any eavesdropper from ever gaining access to your data.

Authenticated. Every device is identified by a strong cryptographic certificate. Only devices you have explicitly allowed can connect to your other devices.

If you have a security concern, please see the security page for details and contact information.

Open

Open Protocol. The protocol is a documented specification — no hidden magic.

Open Source. All source code is available on GitHub — what you see is what you get, there is no hidden funny business.

Open Development. Any bugs found are immediately visible for anyone to browse — no hidden flaws.

Open Discourse. Development and usage is always open for discussion.

Easy to Use

Powerful. Synchronize as many folders as you need with different people or just between your own devices.

Portable. Configure and monitor Syncthing via a responsive and powerful interface accessible via your browser. Works on macOS, Windows, Linux, FreeBSD, Solaris, OpenBSD, and many others. Run it on your desktop computers and synchronize them with your server for backup.

Simple. Syncthing doesn’t need IP addresses or advanced configuration: it just works, over LAN and over the Internet. Every machine is identified by an ID. Give your ID to your friends, share a folder and watch: UPnP will do if you don’t want to port forward or you don’t know how.

[–] [email protected] -3 points 7 months ago* (last edited 7 months ago) (1 children)

Listen it's just my personal position that I want to OWN my notes completely and without exceptions. And about the security:

  1. Are there any independent studies on the forward secrecy?

  2. If 1 is false, how about bad actor attacks? Yes I know they can hack your home server but hey you can make it LAN only right?

EDIT: Imagine downvoting personal preferences

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago)

quoted from here https://docs.syncthing.net/users/security.html

Security Principles

Security is one of the primary project goals. This means that it should not be possible for an attacker to join a cluster uninvited, and it should not be possible to extract private information from intercepted traffic. Currently this is implemented as follows.

All device to device traffic is protected by TLS. To prevent uninvited devices from joining a cluster, the certificate fingerprint of each device is compared to a preset list of acceptable devices at connection establishment. The fingerprint is computed as the SHA-256 hash of the certificate and displayed in a human-friendly encoding, called Device ID....

Relay Connections

When relaying is enabled, Syncthing will look up the pool of public relays and establish a connection to one of them (the best, based on an internal heuristic). The selected relay server will learn the connecting device’s device ID. Relay servers can be run by anyone in the general public. Relaying defaults to on. Syncthing can be configured to disable relaying, or only use specific relays.

If a relay connections is required between two devices, the relay will learn the other device’s device ID as well.

Any data exchanged between the two devices is encrypted as usual and not subject to inspection by the relay.

Web GUI

If the web GUI is accessible, it exposes the device as running Syncthing. The web GUI defaults to being reachable from the local host only.


In Short

Parties doing surveillance on your network (whether that be corporate IT, the NSA or someone else) will be able to see that you use Syncthing, and your device IDs are OK to share anyway, but the actual transmitted data is protected as well as we can. Knowing your device ID can expose your IP address, using global discovery.

Protecting your Syncthing keys and identity

Anyone who can access the Syncthing TLS keys and config file on your device can impersonate your device, connect to your peers, and then have access to your synced files. Here are some general principles to protect your files:

If a device of yours is lost, make sure to revoke its access from your other devices.

If you’re syncing confidential data on an encrypted disk to guard against device theft, put the Syncthing config folder on the same encrypted disk to avoid leaking keys and metadata. Or, use whole disk encryption.

^ quoted from here https://docs.syncthing.net/users/security.html

I don't know of any particular security audits off the top of my head, but I know of a lot of very intelligent computer people who think Syncthing is reasonably trustable (as far as you can trust computers....).

Yes I know they can hack your home server but hey you can make it LAN only right?

Yes, Syncthing does not require internet just a local network, you can build a cabin in the middle of Alaska with no reception of any kind, hook up a solar panel, plug in a router, connect computers and phones with Syncthing software on them and BOOM you are in business. The devices will likely just show up as nearby device_ids that you can just click on in the web gui interface. It is enragingly simple given how obtuse, incompatible or insecure most other alternatives are.

[–] [email protected] 2 points 7 months ago (1 children)

Syncthing is entirely self-hosted and end to end encrypted. Data only lives on your machines.

[–] [email protected] 1 points 7 months ago

As I said in one of the replies, I do not have the money, time and neural cells for my own server