Open camoz opened 3 years ago
I agree that such a notice should be in the documentation. Either (or even several) of the places you mentioned would be appropriate to add it, since they all already talk about IP addresses being published on the discovery servers, just not that this might have such real-world consequences.
A single additional sentence would probably suffice. PR welcome I'd say :-)
Thanks, will keep it on my list and will try to send a PR soon!
Knowing someone's IP address, one can infer information about someone's geolocation using public services like https://whatismyipaddress.com. You can usually determine exactly in what city the IP address is based. As I understand it (I'm not sure about this one), public discovery servers basically provide a public service for mapping device IDs to IP addresses. No prior pairing is required (again, I'm not sure about this one).
That would mean that if some device uses public discovery servers (which are currently configured + enabled by default), anyone who knows that device's device ID is able to track the device's geolocation. In case the device is a laptop or phone, and is often carried by the same person when travelling (which is probably a common scenario for many syncthing users), this means that one can create a (more or less detailed) location profile for that person, anonymously and from anywhere in the world.
If this is true, it is probably not a good idea to post one's device ID publicly in the internet (at least not using a real name or a pseudonym), as it would compromise privacy to a certain degree and can also affect security in some sense.
Thus, if this is true, I would suggest to reflect this somewhere in the docs, specifically in:
Currently, the FAQ (see link above) says "The IDs are not sensitive." While they are in no way as sensitive as e.g. a private encryption key, I'd still say their are (or at least can be for some individuals) sensitive information.
What do you think about this?