docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon syncthing

Mention the possibility of geotracking someone based on their IP address

Open camoz opened this issue 2 years ago • 2 comments

Knowing someone's IP address, one can infer information about someone's geolocation using public services like https://whatismyipaddress.com. You can usually determine exactly in what city the IP address is based. As I understand it (I'm not sure about this one), public discovery servers basically provide a public service for mapping device IDs to IP addresses. No prior pairing is required (again, I'm not sure about this one).

That would mean that if some device uses public discovery servers (which are currently configured + enabled by default), anyone who knows that device's device ID is able to track the device's geolocation. In case the device is a laptop or phone, and is often carried by the same person when travelling (which is probably a common scenario for many syncthing users), this means that one can create a (more or less detailed) location profile for that person, anonymously and from anywhere in the world.

If this is true, it is probably not a good idea to post one's device ID publicly in the internet (at least not using a real name or a pseudonym), as it would compromise privacy to a certain degree and can also affect security in some sense.

Thus, if this is true, I would suggest to reflect this somewhere in the docs, specifically in:

  • https://docs.syncthing.net/users/faq.html#should-i-keep-my-device-ids-secret
  • https://docs.syncthing.net/users/security.html#in-short
  • maybe somewhere else in https://docs.syncthing.net/users/security.html

Currently, the FAQ (see link above) says "The IDs are not sensitive." While they are in no way as sensitive as e.g. a private encryption key, I'd still say their are (or at least can be for some individuals) sensitive information.

What do you think about this?

camoz avatar Nov 18 '21 01:11 camoz

I agree that such a notice should be in the documentation. Either (or even several) of the places you mentioned would be appropriate to add it, since they all already talk about IP addresses being published on the discovery servers, just not that this might have such real-world consequences.

A single additional sentence would probably suffice. PR welcome I'd say :-)

acolomb avatar Nov 20 '21 15:11 acolomb

Thanks, will keep it on my list and will try to send a PR soon!

camoz avatar Nov 28 '21 17:11 camoz