@e_es @innerand Yes, they are. It’s great that this feature exists in #SyncThing. It’s just a solution for a completely different problem.
@MacLemon
Also, to my knowledge, there is nothing that supports untrusted peers which will see the data only encrypted.
I use this feature of resilio sync for offshore backup / desaster recovery. If I loose all my devices all I need to recover is the key of that share.
@innerand @MacLemon untrusted peers are possible in #syncthing, as far as I understand?
Kinda astonishing that there’s still no open source reimplementation of the old #BTSync/#ResilioSync applications/protocol.
There’s lots of private sync solutions… but nothing that allows for easy, “anonymous”, selective, large dataset distribution. “anonymous” as in “I don’t know who is downloading”. (trackerless, ad-hoc, BitTorrent)
And since I can already hear people typing… “but #SyncThing…”.
NO, it does *not* cover that use-case, and explicitly doesn’t want to.
James Valleroy
and 4 others
boosted
the #Syncthing Android drama is exploding.
https://github.com/researchxxl/syncthing-android/issues/16
@fdroidorg at this point is being used to push out an app with sensitive permissions that's been taken over by an unknown individual who refuses to engage with its large community of users and developers.
I STRONGLY recommend disabling updates from Fdroid, if not uninstalling and manually installing 2.0.11.2, or installing the Google Play version which has a different maintainer.
this is extremely shady and it's just looking worse as time goes on. I'll link to the Syncthing forum thread from about where I left off last time in a subsequent post.
deutrino
boosted
re: the #Syncthing Android kerfuffle:
there's now been a post from former maintainer Catfriend1's account on the forum megathread:
my personal take: there's still no way to verify this isn't someone controlling Catfriend1's account, and I still won't install updates of Syncthing-Fork from F-Droid
happyborg
and 4 others
boosted
SyncThing Android users!
I am struggling to work out what has actually happened (as opposed to what is alleged or speculated to have happened), but there appears to be concern about a change in control of the SyncThing Android GitHub repo:
@rupdecat @mario_angst_sci
So, update report, after carrying around 2 phones for a few days (the new one, and the old naughty googly one):
I've been missing Google calendar and Google maps a lot - turns out I use them quite a lot.
The unexpected ones: Google contacts and Gboard - both things I thoroughly took for granted to the extent that I didn't really think about the fact I was using them.
I've just caved and set up Google calendar and contacts access BUT I've done it through #davx5 and am using the default calendar and contacts apps which came with #lineage.
Long-term I think it would be fun to move away from having #Google manage that data for me (maybe using #radicale and #syncthing? https://forum.syncthing.net/t/how-to-sync-contacts-and-calendars-between-desktop-and-android-without-root/21326) but that can be an adventure for another day.
F-Droid
boosted
Unsere Einschätzung zu einem aktuellen Thema: Syncthing-Fork.
Der Code wirkt nach dem Maintainer-Wechsel unauffällig, teils sogar sicherer. Das Vertrauen hinkt jedoch hinterher: Schlüsselübergabe wenig transparent, Governance offen. Praktisch bleiben drei Wege: alte Version einfrieren, neuen Zweig bewusst nutzen oder auf nel0x warten. Vertrauen lässt sich nicht einfach vererben. 👇
Stefano Marinelli
boosted
What's going on with Syncthing for Android?
It seems like the project suddenly disappeared and the maintainer has set his profile on github to privat.
However, it seems like another github account has taken over the project. There has been no communication why the project has been handed over. This is worrying, since the new account has access to the signing keys of the app and at least theoretically it could be possible to add malicious code to this widely used app.
I would like to keep thinking that Syncthing is still trustworthy, but to be honest, as long as we don't know what's going on, I'm not sure.
deutrino
boosted
here is how to pause updates of Syncthing-Fork from F-Droid until the situation becomes clearer
based on code reviews done by people in the Syncthing forum, any version up to the one currently available on F-Droid is probably fine. however, nobody really knows the person in control of the repo, so you probably want to disable updates for now.
to do that:
1. open the Syncthing-Fork listing in F-Droid
2. open the menu in the upper right
3. make sure "ignore all updates" is checked
posting this separately because the thread I started about it yesterday is becoming a hellthread
deutrino
boosted
@nazokiyoubinbou @fdroidorg yes, I was referring to linsui's response on the ticket. I don't know what their position within F-Droid is but they and Licaon_Kter are acting as the de facto face of F-Droid in that Gitlab issue. IMO it's worth noting these are the same two who responded flippantly and dismissively in a major controversy about F-Droid marking Bible and Quran apps "NSFW" and hiding them from search a couple months ago, and they are now responding dismissively here. their pattern of behavior does not help build trust in F-Droid.
anyway, my interpretation of what's going on:
1. #Syncthing does not maintain an Android app which most people use, and instead leaves this up to random enthusiasts for better or for worse
2. Catfriend1 was the random enthusiast who maintained the Android app Syncthing-Fork; nel0x is the random enthusiast who maintains the Android app on Google Play
3. A couple weeks ago Catfriend1 seemingly disappeared without a trace and a brand-new entity named researchxxl popped up controlling the Syncthing-Fork Github repo and claiming that Catfriend1 had passed the development torch to them, while providing no evidence that this was true beyond their control of the signing key
4. When people started raising concerns given Syncthing-Fork's direct access to user data, researchxxl got defensive, provided a number of non-answers, locked Github issues, and did not join the Syncthing forum despite repeated requests
5. When people started raising concerns given Syncthing-Fork's direct access to user data, #FDroid contributors were dismissive and stated that waiting for evidence that malicious code had been shipped was their preferred approach
6. Some users as a result have understandably decided that the Syncthing-Fork app on F-Droid can't be trusted
7. Some users as a result may be questioning the judgement of F-Droid contributors
Unsere Einschätzung zu einem aktuellen Thema: Syncthing-Fork.
Der Code wirkt nach dem Maintainer-Wechsel unauffällig, teils sogar sicherer. Das Vertrauen hinkt jedoch hinterher: Schlüsselübergabe wenig transparent, Governance offen. Praktisch bleiben drei Wege: alte Version einfrieren, neuen Zweig bewusst nutzen oder auf nel0x warten. Vertrauen lässt sich nicht einfach vererben. 👇