Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

Syncthing: a Free and More Secure Alternative to Dropbox, Google Drive, and Similar Services

Dropbox, Google Drive, Microsoft OneDrive, SugarSync, SpiderOak, Box, Apple iCloud, and a number of other services are great for maintaining identical copies of files on two or more computers. Word docs, PDFs, spreadsheets, photos, and any other digital assets can be available to you and your computers wherever you are.

One common use for these file copying (or file “replication”) services is to keep a desktop and a laptop computer and perhaps even more computers in synch with copies of important files automatically copied from one computer to the other(s). A slightly different variation is to keep identical copies of files on a computer at the office and also on a computer at home. Anyone who has a cottage, a summer home, or perhaps a college dorm room also can keep copies of important files on two or more computers so the files will be available whenever needed.

Of course, all of these systems do not have to be your own computers. Perhaps you want to share family photographs with a relative or perhaps financial information with a child who is a college student. Then again, perhaps you have a need to share files with co-workers or with certain customers.

Most file storage and sharing software allow you to do the same thing: share only selected files or folders with someone else. For example, perhaps your employer has 100 customers. It is possible to create 100 or more folders in a local hard drive and then allow each customer to have access with the one folder used for that one customer’s information. Each customer could see and exchange their own information without being able to see anyone else’s information.

Several of these file replication services also keep copies of the files in the cloud so that files may be retrieved from additional computers by using a user name and password. Perhaps the files are saved ONLY in the cloud, reducing the disk space needed on the local computer’s hard drive while still making the files available quickly to anyone with an internet connection.

In short, you no longer need to be sitting at your work PC to see your work files. With cloud syncing you can work on any file(s) from your smartphone on the train, from your tablet computer while on your couch, and from the laptop in your kitchen or hotel room. Using a replication service means there is no need to email files to yourself or to plug and unplug USB flash drives.

As good as these commercial services are, they also have significant drawbacks. First of all, most of them cost money. To be sure, many of these services do provide a limited amount of storage space free of charge as an enticement for new users to become familiar with the service; the intent is that users will then sign up and pay a fee for more storage space as needed.

Next, saving files in some company’s servers immediately brings up questions about security and online spying. Most of today’s online storage space providers claim to be totally secure to the point where even their own employees cannot read your files when stored on the company’s servers. However, some people still are not comfortable placing their personal data on someone else’s servers.

Do you trust the various online services to protect your data from credit card thieves, identity thieves, hackers? Most people understand the risks of credit card thieves, identity thieves, and hackers accessing their data, but what about government spies who may be armed with a court order? Online storage services based in the U.S. are REQUIRED to comply with court orders issued by their own government. For instance, Wikipedia states (at https://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court):

“The United States Foreign Intelligence Surveillance Court (FISC, also called the FISA Court) is a U.S. federal court established and authorized under the Foreign Intelligence Surveillance Act of 1978 (FISA) to oversee requests for surveillance warrants against foreign spies inside the United States by federal law enforcement and intelligence agencies. Such requests are made most often by the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI). Congress created FISA and its court as a result of the recommendations by the U.S. Senate’s Church Committee.”

Also:

“In 2013, a top-secret order issued by the court, which was later leaked to the media from documents culled by Edward Snowden, required a subsidiary of Verizon to provide a daily, on-going feed of all call detail records—including those for domestic calls—to the NSA.”

Do you want a secret U.S. court issuing top secret orders in order for Big Brother to spy on you or your company? Just ask Edward Snowden about his experiences when he told the American people what their government was really doing!

Suggestions

First, if you are concerned about the security of your sensitive documents, don’t use any online service you don’t trust. The fact is, you cannot trust any of them if you or qualified software experts cannot examine the source code of their file storage software. Who knows what problems lurk in their secret and proprietary software?

Second, if you are concerned about someone else being able to see your information, don’t save any of your files on someone else’s servers. If you don’t control the server(s), do you want your files stored there?

Finally, do you REALLY need to save your files on external servers someplace in the cloud? File storage elsewhere certainly is convenient and can be valuable in case all of your own computers get damaged or destroyed by fire, flood, hurricane, tornado, or other calamities. However, storing files on servers and computers you don’t control can be a security problem for many people and for companies.

In contrast, if you store multiple copies of all your files on multiple computers that you own or control, located some distance apart, you can avoid giving your files to someone else for storage.

The Solution

In reality, for many people the best solution is to use open source software to automatically copy files from one computer to other computer(s) that are located some distance apart. Doing so will mean you always have copies of your files stored in multiple places. Just make sure the computers are far enough apart so that one hurricane or one forest fire or any other single catastrophe won’t destroy all of them.

Next, only use open source software. This means that you or perhaps anyone else who is skilled in the programming language used, can examine the source code looking for software problems (bugs) or for “back doors” that allow hackers, spies, and other undesirable people to see the information in your files.

Finally, always use encryption. With encrypted data, in the unlikely event that a hacker or a spy does manage to access copies of your files, all he or she is ever going to see is something that looks similar to this:

jkjhjR/hD%06>)jkfgBNF/HdFFi8671Hvz%

That won’t reveal any secrets!

My experience

This week I found a solution that seems to “tick all the boxes.” That is, it is safe and secure open source software that will automatically encrypt and copy files between various computers with no data ever being stored on any servers owned or controlled by anyone else without your permission.

Since it is open source software, it is also available free of charge for personal, business, or any other use. (Donations are accepted.) The free version is the only version: there are no artificial limitations or “upgraded” versions. The free version includes everything.

As stated on the Syncthing web site at https://syncthing.net/:

Secure & Private

Private. None of your data is ever stored anywhere else other than on your computers. There is no central server that might be compromised, legally or illegally.

Encrypted. All communication is secured using TLS. The encryption used includes perfect forward secrecy to prevent any eavesdropper from ever gaining access to your data.

Authenticated. Every node is identified by a strong cryptographic certificate. Only nodes you have explicitly allowed can connect to your cluster.

Also:

Simple. Syncthing doesn’t need IP addresses or advanced configuration: it just works, over LAN and over the Internet. Every machine is identified by an ID. Just give your ID to your friends, share a folder and watch: UPnP will do if you don’t want to port forward or you don’t know how.

Powerful. Synchronize as many folders as you need with different people.

Keep in mind that Syncthing only copies files from computer to computer. It never copies your files to any servers in the cloud. It also only copies files to the other computers that you specify, never to anyplace else.

What I like is that Windows computers may share files with Macintosh or Linux or even Android computers and vice versa. For most applications, Windows computers have applications that can be opened and used on Macintosh or Linux computers and vice versa. A DOC file is a DOC file on any computer while an XLS file is an XLS file on any computer and so on. Syncthing makes sharing files amongst different computers simple.

I am enthused with Syncthing, available for Windows, Macintosh, Android, as well as for many versions of Linux and BSD UNIX. I installed Syncthing into two of my computers a couple of weeks ago and found it worked well. I then installed it on a third system (a Macintosh laptop). I plan to install Syncthing on a fourth system that is in my summer home when I arrive there in a couple of weeks.

In my case, all the computers are under my control; so, I gave myself full access to all the files. However, I also have one folder of old family photographs and plan to give permission to my daughter to access that folder and have it copied automatically to her computer(s). If she wishes to do so, she can install Syncthing on her computer(s), and the photos in that one folder will automatically be copied to her system(s). Even better, if either of us adds more photographs, the newly-added photos will also be copied to the other computer(s).
Not bad for free software!

Disadvantages

Of course, nothing is ever perfect, There are pluses and minuses in all products and software. Here are a few of the possible issues that I see when using Syncthing:

There is no customer support. You cannot pick up the phone or send an email and ask the software producer for assistance. Of course, this is normal for free software. Support is available only via discussion forums on the Syncthing web site at: https://forum.syncthing.net/.

I found Syncthing to be rather easy to install and configure but, then again, I am an experienced computer user. I have been installing software for more than 50 years (sigh!), starting back in the mainframe days when computers filled entire rooms and demanded heavy-duty air conditioning. You might not have as much experience.

I suspect any experienced computer user can install and configure Syncthing, but I would discourage computer novices from attempting an installation. There are numerous buzzwords involved. If you do not understand these words and the technology they refer to, you may find yourself overwhelmed. If you do not understand the instructions, ask a techie friend to help you out!

You and your friend might want to first read the Syncthing documentation that is available at: https://docs.syncthing.net/. You can also watch a YouTube video about Syncthing at https://www.youtube.com/watch?v=8bHdcfVzrgk.

Next, while Syncthing is available for Windows, Macintosh, Android, and many versions of Linux and BSD UNIX, it is not available for Chromebooks or for Apple iOS (iPhone, iPad, or iPod touch). If you own one of these systems, you need to decide whether or not you ever want to access files or add files when using one of those systems. This will be a show stopper for some people while others won’t care about such a “limitation.”

Finally, storing files on a server in the cloud is a mixed blessing. While Syncthing NEVER stores files on a server in the cloud, that also means that you cannot download files from a server in the cloud in the same manner as you can with Dropbox, Google Drive, and many other file storage services. If you find yourself in a hotel room and without that important file you need for tomorrow’s meeting, Syncthing does not have the ability to simply go online and download the file you need.

Summation

In short, if you need a product that safely and securely copies (replicates) files amongst multiple computers, check out Syncthing at https://syncthing.net/ and especially the Syncthing documentation at https://docs.syncthing.net/.

I am using Syncthing ONLY for the files that are content sensitive, such as my credit card numbers, bank account information, and similar items. I feel those are high risk so I don’t want them stored on any file servers in the cloud, such as in Dropbox, Google Drive, and the others. However, the majority of my files are less sensitive, such as copies of my past articles published in this blog, I am still using one of the cloud-based file storage services to store less-sensitive files. Your needs may be different than mine, however.

If Syncthing appears to meet your needs, you may download this free application at https://syncthing.net/ onto each computer that wish to have included.

Categories: Online Privacy & Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.