So today I was using Syncthing to sync some files with my phone (GrapheneOS) from a Linux computer. I was using Local Discovery and Nat Traversal as the options on both.

I am behind Rethink DNS app on android and I had to disable Always on VPN option on my phone and had to select Exclude from DNS and Firewall option fn the Synching-Fork on Rethink in order for it to work locally. But before I did that I saw some DNS connections Syncthing-Fork was making, to STUN providers such as stun.internetcalls.com.

I believe you can stop these connections by turning off NAT Traversal .

But this got me thinking how private is Syncthing? Are the STUN servers seeing what I am sending? And yes the transfer was happening locally. I saw TCP LAN in the transfer info.

Syncthing-Fork is from F-Droid.

  • FauxLiving@lemmy.world
    5·
    2 days ago

    But this got me thinking how private is Syncthing? Are the STUN servers seeing what I am sending?

    https://en.wikipedia.org/wiki/Syncthing

    The network of community-contributed relay servers allows devices behind different IPv4 NAT firewalls to communicate by relaying encrypted data via a third party. The relay is similar to the TURN protocol, with the traffic TLS-encrypted end-to-end between devices (thus even the relay server cannot see the data, only the encrypted stream). Private relays can also be set up and configured, with or without public relays, if desired. Syncthing automatically switches from relaying to direct device-to-device connections if it discovers a direct connection has become available.

    Here’s a post on the Syncthing forums where a developer answers the “What could a malicious discovery or relay server do?”: https://forum.syncthing.net/t/what-could-a-malicious-discovery-or-relay-server-do/21986