Sync connections are attempted to all configured devices, when the address is Usage reporting server itself may expose the client as running Syncthing. The reported data is protected from eavesdroppers, but the connection to the Off but the GUI will ask once about enabling it, shortly after the first Server, currently hosted by The contents of the usage report canīe seen behind the “Preview” link in settings. The report is sent as an HTTPS POST to the usage reporting When usage reporting is enabled, Syncthing reports usage data at startup and The upgrade check (or download) requests do not contain any identifiable The actual download, should an upgrade be available, is done from This can be disabled only by compiling Syncthing with This is by an HTTPS request to theĭownload site for releases, currently hosted by upgrades default to on (unless Syncthing was compiled withĮven when automatic upgrades are disabled in the configuration, an upgrade checkĪs above is done when the GUI is loaded, in order to show the “Upgrade to …”īutton when necessary. Startup and then once every twelve hours. When automatic upgrades are enabled, Syncthing checks for a new version at When turned off, devices with dynamic addresses on the local network cannot be Syncthing with local discovery enabled, and what their device IDs are. Local discovery defaults to on.Īn eavesdropper on the local network can deduce which machines are running The packets contain theĭevice ID and listening port. (IPv6) packets to the local network every 30 seconds. When local discovery is enabled, Syncthing sends broadcast (IPv4) and multicast If a different global discovery server is configured, no data is sent to theĭefault global discovery servers. IP addresses, and deduce which devices are connected to each other. The operator of the discovery server can map arbitrary device addresses to Syncthing with global discovery enabled, and what their device IDs are. When turned off, devices with dynamic addresses not on the local network cannotĪn eavesdropper on the Internet can deduce which machines are running The discovery serversĪre currently hosted by Global discovery defaults to on. Private between the device and the discovery server. The discovery server is encrypted using TLS and the discovery serverĬertificate is verified, so the contents of the query should be considered Servers containing the device ID of the requested device. Not been seen on the local network, a query is sent to the global discovery Also, when connecting to other devices that have Minutes to the global discovery servers so that they can keep a mappingīetween your device ID and external IP. When global discovery is enabled, Syncthing sends an announcement every 30 Incoming requests for file data are verified to the extent that the requestedįile name must exist in the local index and the global model.įor information about ensuring you are running the code you think you are andįor reporting security vulnerabilities, please see the official security page. In a human-friendly encoding, called Device ID. Theįingerprint is computed as the SHA-256 hash of the certificate and displayed To a preset list of acceptable devices at connection establishment. To prevent uninvited devicesįrom joining a cluster, the certificate fingerprint of each device is compared Currently thisĪll device to device traffic is protected by TLS. Possible to extract private information from intercepted traffic. Possible for an attacker to join a cluster uninvited, and it should not be Security is one of the primary project goals.
0 Comments
Leave a Reply. |