See this or read below.

Whether one utilizes this discovery server or the default ones (or even one you run in a datacenter yourself) an adversary with access to the discovery server can easily correlate machines to users. This discovery server is slightly better than the defaults from a privacy perspective because it is located in a private business, not in a datacenter. This means the only risk is a bad operator (and internet level surveillance). A datacenter discovery server opens privacy risk to the datacenter owner in addition to the server operator (and mass monitoring).

This website has no tracking, no cookies, no Google Anayltics or anything similar, and the access and error logs are sent to /dev/null (/dev/null discards data). The website is firewall rate limited so iptables (a Linux firewall) will keep IP addresses in RAM briefly in order to enforce rate limits.

The discovery server log file itself is sent to /dev/null and the disk on which is the discovery.db is stored is encrypted. However being that this server is on 24/7 the disk being encrypted doesn't achieve much.

All this being said anyone using a Syncthing discovery server really doesn’t have much to worry about. Solely correlating machines carries limited risk and can probably be done other/easier ways. iMessage and many other services utilize discovery that could correlate machines and or people to each other. Bottom line if using discovery servers, anywhere, just be aware of the risks and decide if the convenience outweighs manually mapping devices.

How To Use

Replace "default" with below address in the "Global Discovery Servers" option:


Started running this discovery server publicly when the default servers were blocked in some countries. Not much else to it.

Already had everything it place and only needed to turn the discovery server on since ran (privately) previously. Realized wouldn't fulfill need and turned off because Syncthing nodes within same network as discovery server register local IP's (10.0.0.*, 192.168.1.*) with the discovery server.

Currently runs on port 8443 so will not work when only port 80 and 443 outgoing allowed.

If many find useful might run as proper community contribution by moving to dot com with SSL certificate (making device ID not necessary) on port 443.