So today I was using Syncthing to sync some files with my phone (GrapheneOS) from a Linux computer. I was using Local Discovery and Nat Traversal as the options on both.
I am behind Rethink DNS app on android and I had to disable Always on VPN option on my phone and had to select Exclude from DNS and Firewall option fn the Synching-Fork on Rethink in order for it to work locally. But before I did that I saw some DNS connections Syncthing-Fork was making, to STUN providers such as stun.internetcalls.com.
I believe you can stop these connections by turning off NAT Traversal .
But this got me thinking how private is Syncthing? Are the STUN servers seeing what I am sending? And yes the transfer was happening locally. I saw TCP LAN in the transfer info.
Syncthing-Fork is from F-Droid.
NAT traversal isn’t seeing any of your data, its just a service to enable clients behind NAT to talk to each other and make a direct connection for data transfer.
Local Discovery probably uses broadcasts and maybe mDNS to discover other syncthing clients on the same local network.
Global discovery is essentially a database of clients so they can find each other over the internet. This lets your client connect home when out on your phone and such.
But all of the actual data transfer is happening directly client to client. As long as relaying is disabled.