Ravidlow Posted November 21, 2014 Report Share Posted November 21, 2014 I am using Sync 1.3.109, since I have had too many difficulties with 1.4. I want to use my NeoRouter VPN with Sync's Predefined Hosts feature for transfers between my own and my family's computers. . I REALLY DO NOT want to use either the Tracker or the Relay. When I use Add Folder, the default settings for the folder's Properties (Use Tracker Server and Use Relay Server, etc.) seem to applied the instant the OK button is clicked and the new Secret is immediately registered with these servers, before I am given a chance to unselect them and prevent these servers from being used and knowing my Secrets. I use a work-around, which is to set my firewall to block all Internet access before using Add Folder. That way the defaults are not registered with the unwanted servers. I then unselect these servers and add my Predefined Hosts settings. The net result is that my folder's secret is no longer known to the Tracker and the Relay. My folder can now only be reached via my VPN and its authorized users, adding an important (to me) security layer. If my Secret is leaked somehow, my data cannot be accessed via Tracker or Relay. A simple UI change would remove the need for this work-around "hack". When clicking Ok, Just bring up the new folder's Properties dialog with the current default settings. Allow me to select what I want and defer any registration with your servers until I click Ok on this second dialog. Quote Link to comment Share on other sites More sharing options...
RomanZ Posted November 24, 2014 Report Share Posted November 24, 2014 @Ravidlow It would be highly inconvenient for users to review each folders settings once you create it: not all of the users need that. Also nor tracker server neither relay server "register" incoming IDs. They keep it in memory while at least one peer stays connected. Though we acknowledge that security-aware users may want Sync never connect to external servers - and did appropriate improvement in 1.4. There is a special set of advanced preferences in 1.4: folder_defaults.delete_to_trashfolder_defaults.known_hostsfolder_defaults.use_dhtfolder_defaults.use_lan_broadcastfolder_defaults.use_relayfolder_defaults.use_tracker They are applied to the folder right at the moment of creation so if you disable connection to relay / tracker / DHT - they are disabled from the very moment of folder creation. So I can advise to upgrade to 1.4 to use these settings. If there is some serious issue preventing you from upgrading - please let me know, it might be either already resolved with latest build or I'll help you to deal with it. Quote Link to comment Share on other sites More sharing options...
Ravidlow Posted November 29, 2014 Author Report Share Posted November 29, 2014 Thank you for your quick response. I am not sure I agree about the "more convenient" comment, but I have returned to version 1.4.103 to try out your suggestions on two of my computers. Let's call them "A" and "B". On both computers I set the folder_defaults.use_tracker and folder_defaults.use_relay to *false*. On "A" I used Add folder to create a new Sync folder. As expected the Tracker and Realy Preferences were turned off. I then tried the three following experiments. (1) I first used Share to email a share-link to "B", just using the default settings. I succeeded in linking the folder on "A" and "B". However, the Preferences for the folder on "B" still showed the normal defaults of using both Relay and Tracker. In other words, the folder created by the Share link did not use the global default settings. (2) On "B", after disconnecting and deleting the new folder, I used Add Folder to create a new folder, knowing that it would initially have its own and different full access secret. This folder now had the correct setting for Tracker and Relay. Then I tried to Update the key for this folder with a read only key from "A", but was told that I could only use a full access key when updating the key. Feels a bit like a bug to me, since to me, it would be surely useful to replace a full access key with a read only key at times. (3) Finally, on "B", I disconnected and deleted the folder just created. I then went to the global Preferences menu and selected Enter a key.... Using the read only key from "A" I was able to create a new folder on "B" in my selected location, with the correct Preferences setting and read only secret. from "A". FINALLY SUCCESS!! As a comment, I really think that the global Preferences menu is a really strange place for this functionality. On the way, I encountered these bugs and anomalies. (A) When using Share, you have the option to turn off the need for approval of peer connections. If you do, the target computer still says that confirmation is needed, but the source computer doesn't seem to respond to this. A bug, surely? ( When using Share, I tried to override the default location for the shared folder, but ran into cases where Sync garbled the name of the folder by adding something like 'undefinedName' to the actual 'Name'. Also looks like a bug to me. So, using the method in (3) above (which still seems like a clumsy work-around to me), I will now stay with Sync version 1.4 and abandon version 1.3. Quote Link to comment Share on other sites More sharing options...
RomanZ Posted December 1, 2014 Report Share Posted December 1, 2014 @Ravidlow (1) is a bug. I confirm reproduction in Lab - it will be fixed in future releases. Thanks for pointing to it.(2) This one is design. You can't change from RW to RO. (A) The target computer has no idea, if Link requires to be approved or not (this info is intentionally not included in Link as it can be transferred via insecure means). It understands that no approval needed only at the moment it actually contacts the Link owner peer. ( Can you plz provide a screenshot? Quote Link to comment Share on other sites More sharing options...
Ravidlow Posted December 1, 2014 Author Report Share Posted December 1, 2014 This is reproducible, but it is not clear to me how I send you a screenshot. Quote Link to comment Share on other sites More sharing options...
RomanZ Posted December 1, 2014 Report Share Posted December 1, 2014 @RavidlowJust capture it with any means (even making a picture / video on your cellphone will work) and send to me. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.