Review

Syncthing Review – Secure File Synchronization


Disclosure: compensated affiliate: click here for more information

Syncthing Secure File Synchronization

Syncthing is a secure decentralized peer-to-peer (P2P) file synchronization program that can sync files between devices on a local network or over the internet. In many ways it is therefore similar to BitTorrent Sync, except that it is completely free and open source (FOSS).

Syncthing allows you securely to backup data without the need to trust a third-party cloud provider. Data is backed up to a computer or server that you directly control, and is at no point stored by a third party.

This is referred to in techy circles as a “BYO (Cloud) model”, where you provide the hardware instead of a third party commercial vendor. The encryption used is also fully end-to-end, as you encrypt it on your device, and only you can decrypt it. No-one else holds the encryption keys.

Visit Syncthing »

Pricing and features

Syncthing is free (in every sense of the word). Donations towards its development are, however, accepted via card (processed by Stripe) or Bitcoins.

The program is available for Windows, OSX, Linux, and Android, plus a number of less popular platforms. An iOS version is undergoing beta tested at time of writing, but no official release date has been published.

All releases are digitally signed, and the Android app can be downloaded from F-Droid for those who prefer not to use the Google Play Store.

One notable feature in common with cloud services is support for File Versioning.  If this option is used, Syncthing will archive older versions of files when they are saved over or deleted. They can that can be accessed at a later point. This is configured on a per-folder basis, and you decide how many previous versions of a file will be archived.

Privacy and Security

As already noted, Syncthing is very private, as data is saved directly to a location of your choosing. No third parties need be involved. Because the encryption is end-to-end, any relay servers used are unable to read your data.

On the technical front, your data is protected the Block Exchange Protocol v1. This uses TLS 1.2 certificate-based authentication in combination with a “strong cipher suite” and Perfect Forward Secrecy (PFS).

Strong Ciphers

The Diffie-Hellman cryptographic key exchange (DHE) has recently caused huge controversy over its re-use of a limited set of prime numbers, which make it vulnerable to being cracked by a powerful adversary such as the NSA. It does, however, allow Perfect Forward Secrecy to be used during TLS authentication, and if combined with RSA for key exchange (as it is in all the examples above) will guard against MitM attacks, and should be very secure.

Block Exchange Protocol v1.
Cipher
AES-128 or AES-256
Data Auth
SHA-256 or SHA-384
Handshake
DHE-RSA or ECDHE-RSA
Certificate Auth
TLSv1.2
Forward Secrecy
Yes
Logs & Legal
Connection
None
Traffic
None

In other words, all of the examples given are indeed strong encryption suites. Further details about the Block Exchange Protocol v1 used by Syncthing are available on its website. A discussion on many of the terms used in it can be found here (although the article discuses VPN encryption, much of what is said applies equally well here).

The Website and Support

Despite being volunteer-developed FOSS software, the Sycthing website provides a wealth of in-depth documentation and features a lively Discussion forum.

Visit Syncthing »

The Process

No signup is required. Simply download the relevant program files to  any device you plan to sync For this review I will sync files between my Windows 10 PC and my Android phone (and yes, I know that I should use Linux to achieve any real security on my PC, but most readers will be using Windows).

Once downloaded, the Windows files need to be unzipped, but do not require any further installation (other than creating a default folder to synchronize).

Syncthing PC start

When run, Syncthing will open up a web interface. When first run it will also create a default Sync folder

Syncthing PC add device

The first thing to do is to add a new device…

Syncthing Android

I have downloaded the app to my Android phone and shared its Device ID to my desktop via email.  A device ID is a unique, cryptographically secure identifier that is generated as part of the key generation the first time you start Syncthing. Device IDs don’t need to be kept secret as they are essentially part of the public key

Syncthing Android Add device

Both devices must be configured in order to talk to each other. I shared my PC’s Device ID with my phone by scanning a QR code using my phone’s camera. After pretty much every stage of the setup process it is necessary to restart Syncthing on both devices, but this only takes a few seconds to perform

Syncthing PC create new folder

Create a folder on one device (or simply Share with Devices if the folder already exists, as the default Sync one does)…

Syncthing Android create mirror folder

…and you will receive a notification on the other. On my phone this was a standard Android notification. You can choose where to place its paired sync it on the other device.  Be sure to hit the Save icon (top right) and not Create Folder when you are done!

Files added to the folder on one device will now be synced to the matching folder on the other device. Files deleted from one folder will also be deleted from the other unless “Folder Master” mode is selected. In this case changes to the folder on other devices are ignored. This is handy for keeping “master copies” of files.

I will note that although it looks simple on paper, I did find the process of pairing folders very confusing in practice. It was so confusing, in fact, that I am unable to determine if the confusion was result of bugs in the program, or simply of myself being dim (and ever more confused).

For example, I created a second sync folder on my PC. On my phone the request for this pointed to the default folder. I solved this by manually changing the Folder ID of the request to that of my new PC folder, but then received a request to share the new folder back to the PC (the same one I shared with the Android from the PC in the first place)! Gah!

Syncthing syncing

Once everything is setup, though, it all works very well.

Syncthing advanced folder settings

By default, folders are scanned every 60 seconds, so there can be a slight delay before syncing commences. This can be manually changed. You can also determine the order in which files are synced (alphabetically, random, newest first, etc.), and set Versioning parameters.

Sycthing advanced folder settings

Speed tests

In order to give some idea of how long it takes to transfer data using Syncthing, I synced some test files of varying sizes. My methodology was simply to time how long it took the files to transfer from my PC to my phone using a stopwatch. These figures are therefore somewhat rough, but should provide a useful indication of how efficient the transfer protocol is.

Test were performed using a 50 Mbs / 3Mbs broadband internet connection and my home 2.5 Ghz IEEE 802.11n network. I have rounded up to the nearest second. A VPN was running on both my PC and phone. I converted download speeds to Mbps using the Google megabyte megabit converter.

20 MB = 5 seconds (32 Mbps)

100 MB = 15 seconds (53.3 Mbps)

512 MB = 72 seconds (56.9 Mbps)

1 Gb = 180 seconds (44.5 Mbps)

In other words, transfers of larger files occurred at pretty much up to the maximum speed of my internet. Color me impressed!

Conclusion

I liked

  • Free and open source software
  • Works flawlessly once setup
  • No need to trust third parties
  • Strong end-to-end encryption
  • Blazing fast transfers
  • File versioning

I wasn’t so sure about

  • Nothing

I hated

  • I found setup to be very confusing. This may or may not be the result of bugs in the process (after several eventually successful setup attempts, I think it is).

Once setup, Syncthing is a fantastic way to securely backup files between your all your computers and mobile devices. It is also a great way to simply transfer files between them wirelessly. This is done in a simple and intuitive way (just drop your files in the sync folder, and they will magically appear in the matching folder on the other device).

Syncthing, in fact, provides most of the advantages of using a cloud backup service such as Dropbox, except that no third parties have access to your files. Related to this is that Syncthing should be commended for its use of very strong end-to-end encryption.

Setup was an issue, however. After going through the process several times, I still find it confusing. I am increasingly convinced that this is a result of bugs in the way folders are authenticated on different devices. That said, once setup is complete, the entire file transfer process seems very stable, and is impressively quick.

If you are looking for an open source cloud-like backup solution, then Syncthing is pretty much your only option. Fortunately (once you get over any setup issues),  it works very well.

Visit Syncthing »


Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage

More

2 responses to “Syncthing Review – Secure File Synchronization

  1. Compare that to BitTorrent Sync paid version. No, you can’t, because there is no comparison, Syncthing is much more difficult to use.

Leave a Reply

Your email address will not be published. Required fields are marked *