syncthing / syncthing

Open Source Continuous File Synchronization
https://syncthing.net/
Mozilla Public License 2.0
65.38k stars 4.3k forks source link

Prevent Syncing If 50%+ Files Are Suddenly Deleted (Failsafe) #9718

Closed Jazztache closed 1 month ago

Jazztache commented 1 month ago

Feature description

If more than 50% of the files are deleted at once, don't sync over the folder and instead warn the user. If the user wanted this change, they should be able to click 'Accept' on a dialogue box with the warning of 'More than 50% of files were deleted at once, was this change intentional? Click Accept to Sync'.

This kind of failsafe measure is extremely useful in making sure bugs from other applications don't affect people's sync, as some people use Syncthing for backups.

You could customise it to make it 40% 70% or something like that. The feature should be enabled by default but be able to be turned off. This is so that power users who are pruning large chunks of their filesystem at a time are not affected, but regular users or people who don't delete files often aren't screwed over by it being off by default.

Problem or use case

Recently, a bug with Audacity nuked one of the folders I use for my studies. This was on my main computer, and before I realised what was going on, the deletions synced over. I was very lucky that a much older device I was using had a mostly full backup, and my code was hosted somewhere else.

I lost a script for a voiceover today, and this week's work for that subject as well. I have already opened a request on their repo as well.

Alternatives or workarounds

I was lucky to have a backup, even if it was older. This is something that should be implemented to alieviate sudden incidents like this. I don't have any workarounds other than not running Syncthing 24/7, which I was very happily doing for a while recently.

bt90 commented 1 month ago

Having the complete folder wiped is a legitimate use case for many. Imagine a transfer setup where the content of the folder is ingested by another application.

https://docs.syncthing.net/users/versioning.html is the way to go in order to prevent accidental deletion of files.

acolomb commented 1 month ago

And Syncthing is not a backup tool. If your data is important to you, having proper, automated backups is essential, but independent of Syncthing. It can be used to sync files to a different host where the backups are kept, and the versioning feature is an easy way to safeguard from accidental deletion or changes. But I doubt we will integrate the suggested threshold, as there are better workarounds to keep your data safe.

tomasz1986 commented 1 month ago

Just for the record, other cloud sync solutions like Dropbox, Google Drive, OneDrive, etc. all do seem to have this kind of safety measures implemented. I think they usually trigger when emptying the folder completely though, not on a particular percentage.

Personally, I would like to have this mainly for the benefit of less tech-savvy users with an option to disable for those that don't need such additional protection.

er-pa commented 1 month ago

Personally, I would like to have this mainly for the benefit of less tech-savvy users with an option to disable for those that don't need such additional protection.

An opt-out for Syncthing to sync without user-interference doesn't sound very fail-safe either, nor works very well with how Syncthing is often used? This is guaranteed to cause 'unexpected behavior' the other way around.

I'd argue that we just enable some basic "Versioning" per default for new folders. This is almost a no-effort change and could potentially prevent dataloss in quite some cases. The tech-savvy people know how to uncheck it when creating a folder, the non-tech savvy people are now slightly more protected (although not completely).

Currently, versioning is disabled in 82% of the cases (of the incoming usage reports). That's a lot, and I doubt all of those 82% cases are intentional.

tomasz1986 commented 1 month ago

@er-pa There is https://github.com/syncthing/syncthing/issues/6164 regarding enabling versioning by default 🙂. If you read the discussion though, you will find that there are some strong opinions for and against it as well.

er-pa commented 1 month ago

@er-pa There is #6164 regarding enabling versioning by default 🙂. If you read the discussion though, you will find that there are some strong opinions for and against it as well.

I knew I already read it at some point, thanks.

But, I honestly don't see many arguments against that idea other than something along the lines of "eh, people should just read up first..it's not our problem if they don't, let's not bother the knowledgeable users with clicking twice extra because of it". It may be a strong opinion, but not a very good argument overall considering the minor impact opposed to the significant potential prevention it can offer.

But yeah, I won't reignite that spark at least.

imsodin commented 1 month ago

This just doesn't work with syncthing: It is "continuous file synchronization". There's no point in time where 50% files are suddenly deleted. It might just look to the user as if that's the case, because syncthing syncs continuously, while the typical user doesn't stare at it's interface continuously. To do something like this, we'd need to decide on some arbitrary delay, then queue up any changes during that time, then check if the changes amount to 50% files being deleted, and only then proceed or abort. Which is both undesired and complex, plus you can be certain there will be a case where the delay wont be enough. Then next problem if it aborts: This needs urgent user interaction to decide how to unblock - how do we do that? We'd had to add some notification mechanism (send email, sms, ...). Just the UI isn't enough, as it only notifies the user if they open it.

There is one way to avoid data loss of any kind, and that is having backups - plural. And yes, syncthing's versioning can be a first line of defense, but please, please do not depend on it as your only measure against data loss - it's more like a quirky wastebin, it lacks many properties of an actually safe backup mechanism.