Syncthing
Syncthing is an open-source, continuous file synchronization program designed to synchronize files between two or more computers or devices in real time, operating via a decentralized peer-to-peer protocol that prioritizes user privacy by avoiding central servers.[1] It allows users to maintain control over their data storage and sharing, with synchronization occurring over local networks or the internet using unique device identifiers rather than IP addresses.[1] Developed primarily in the Go programming language, Syncthing supports a wide range of platforms including macOS, Windows, Linux, FreeBSD, Solaris, OpenBSD, and others, making it accessible for cross-platform file management.[1][2] Key features of Syncthing include end-to-end encryption using TLS with perfect forward secrecy to protect data in transit, device authentication via cryptographic certificates, and a web-based user interface for easy configuration of multiple folders and devices.[1] It employs efficient synchronization algorithms to handle file changes bidirectionally, supporting features like version control for conflict resolution and integration with network tools such as UPnP for automatic port forwarding.[1] Licensed under the Mozilla Public License (MPL) 2.0 since 2015—having transitioned from the GNU General Public License version 3—Syncthing is maintained as a free software project, with its source code hosted on GitHub under the Syncthing Foundation, which oversees community contributions and development.[3][4] Syncthing originated from initial development by Jakob Borg, with its first public release (version 0.1) occurring on December 22, 2013, followed shortly by version 0.2 on December 30, 2013.[5][6] The project reached version 1.0 in 2019 after five years of iterative improvements and version 2.0 in August 2025, evolving from an early prototype into a robust tool for decentralized file sharing, initially inspired by the need for a privacy-focused alternative to proprietary cloud synchronization services.[2][7] Today, it benefits from commercial support provided by Kastelo, while remaining community-driven through forums, documentation, and ongoing releases signed with ECDSA for security verification.[1]Introduction
Overview
Syncthing is a free and open-source continuous file synchronization program licensed under the Mozilla Public License 2.0.[4] It synchronizes files between two or more computers or devices in real time using a peer-to-peer model that operates without a central server.[1] Developed primarily in the Go programming language and maintained by the Syncthing Foundation, the software supports multiple platforms, including Windows, macOS, Linux, BSD variants such as FreeBSD and OpenBSD, Solaris, and Android via third-party applications following the discontinuation of the official Android app in December 2024. Multi-platform binaries are provided for easy deployment across these systems. Syncthing's initial public release (version 0.1) was on December 22, 2013,[5] and as of November 2025, the latest stable version is 2.0.11.[8] It is available in 68 languages to accommodate a global user base.[9] Syncthing prioritizes user privacy by implementing end-to-end encryption for all communications using TLS with perfect forward secrecy, ensuring that data remains protected from interception.[1] Additionally, no user data is scanned or stored on any external servers beyond the participating devices.[1]Key Features
Syncthing provides real-time continuous synchronization, automatically detecting and propagating file changes across connected devices as they occur, ensuring that updates are reflected almost instantaneously without manual intervention.[10] One of its core capabilities is file versioning, which allows users to maintain historical versions of files for recovery purposes; when a file is modified or deleted, Syncthing can archive previous versions in a designated folder such as.stversions, using configurable strategies like trash can (moving files with optional cleanup after a set period), simple (retaining a fixed number of timestamped versions), or staggered (keeping one version per escalating time interval up to a maximum age).[11]
For conflict handling, Syncthing automatically resolves simultaneous modifications on multiple devices by renaming the conflicting file—typically to <filename>.sync-conflict-YYYYMMDD-HHMMSS.ext—rather than overwriting it, preserving both versions for user review and preventing data loss.[12]
Selective synchronization is supported through folder-based sharing, where users specify exact folders or subfolders to sync with selected devices, combined with ignore patterns to exclude specific files or paths (e.g., via .stignore files using glob patterns like *.tmp), enabling fine-grained control over what gets transferred.[13]
Bandwidth and resource management features include adjustable global or per-folder upload and download rate limits (in KiB/s, with -1 for unlimited), which apply by default to non-LAN connections, along with ignore patterns that optimize efficiency by skipping unnecessary files and reducing CPU or I/O overhead.[13]
Syncthing offers broad cross-platform compatibility, running on operating systems including Windows, macOS, Linux, FreeBSD, Solaris, and OpenBSD, facilitating seamless folder sharing between heterogeneous devices such as desktops, laptops, and mobile platforms.[10]
As a fully decentralized tool, Syncthing operates without reliance on cloud storage or central servers, keeping all data on user devices while optionally using global discovery servers to locate peers over the internet.
Data in transit is secured via TLS encryption with perfect forward secrecy, and management is handled through a responsive web-based GUI accessible via a browser on the local network.[10]
Technical Architecture
Core Technology
Syncthing is implemented primarily in the Go programming language, enabling straightforward cross-platform compilation and deployment across various operating systems without requiring extensive platform-specific adaptations.[4] The software's database backend transitioned from LevelDB to SQLite with the release of version 2.0 in August 2025, aiming to enhance performance, particularly in reducing RAM usage for large folder configurations.[7][8] This change includes an initial migration process upon first launch, which can be time-intensive for setups with substantial data volumes, potentially taking hours to complete depending on the size of the indexed folders.[7][8] For efficient data handling, Syncthing employs a block-based approach to file synchronization, where files are divided into fixed-size blocks and identified via cryptographic hashes, allowing only modified or missing blocks to be transferred rather than entire files.[14] This mechanism facilitates deduplication by avoiding the retransmission of identical blocks across devices and supports the reuse of unchanged blocks to minimize bandwidth consumption.[14] Additionally, Syncthing applies LZ4 compression to data packets during transfer, balancing speed and reduction in network overhead for compressible content.[15] Syncthing natively supports IPv6 addressing for both listening and connections, accommodating modern network environments with dual-stack or IPv6-only configurations.[13] For handling network address translation (NAT) scenarios, it incorporates STUN for hole punching to establish direct peer-to-peer connections and utilizes UPnP or NAT-PMP for automatic port mapping on compatible routers.[16][17] As an open-source project, Syncthing is hosted on GitHub under the Mozilla Public License 2.0, fostering community-driven development through contributions, issue reporting, and pull requests from volunteers worldwide.[4]Synchronization Mechanism
Syncthing employs a combination of periodic full scans and event-driven filesystem watching to detect changes in synchronized folders, such as additions, modifications, or deletions. Full scans occur approximately every hour, with intervals randomized between three-quarters and five-quarters of the configured period to distribute load across devices, while filesystem watchers trigger scans with a 10-second delay for most changes and up to one minute for deletions. During a scan, Syncthing checks file modification times, sizes, and permissions; unchanged files are skipped, but modified ones are rehashed to update their block lists and metadata.[18] The core of Syncthing's synchronization is the Block Exchange Protocol (BEP) version 1, which facilitates efficient peer-to-peer file transfers by dividing files into fixed-size blocks ranging from 128 KiB to 16 MiB, chosen to divide the file into between 1000 and 2000 blocks using power-of-two sizes from 128 KiB to 16 MiB, to balance overhead and parallelism. Each block is hashed using SHA-256 to ensure integrity, with these strong hashes stored in file metadata for verification during transfers. BEP version 1 operates over TLS 1.3 connections between devices, using message types such as Index for metadata exchange, Request for soliciting blocks, and Response for delivering them, allowing devices to form clusters and exchange data without a central server.[14] Propagation begins with the exchange of index information, where devices share metadata about their local file versions, including block lists and hashes, to identify discrepancies against a shared global state maintained in an index database. Once differences are detected—such as a file present on one device but not another—the needing device requests specific blocks from peers, pulling only the required data over established connections; blocks may also be sourced locally if matching hashes exist in other files on the same device. This index-first approach minimizes unnecessary transfers by enabling precise identification of needed blocks before any data is sent.[19][20] For large files, Syncthing's block-based division allows efficient handling by transferring only changed portions, with SHA-256 hashes providing quick integrity checks during receipt to verify blocks without full file recomputation. If a transfer is interrupted, Syncthing supports resumption by maintaining temporary files—named with a.syncthing prefix and .tmp suffix—that preserve partially downloaded blocks, enabling continuation from the last successfully verified block upon reconnection, typically within a 24-hour window before cleanup.[14][20]
Network Infrastructure
Device Discovery
Syncthing employs a decentralized approach to device discovery, allowing peers to locate each other without a central authority, primarily through local network announcements, global discovery servers, and manual configurations. Each device is identified by a unique 256-bit device ID, which is the SHA-256 hash of its X.509 certificate in DER format, incorporating the public key for authentication during connections.[21] This ID ensures secure peer verification and is used across all discovery methods to announce and query for compatible devices.[22] Local discovery enables devices on the same local area network (LAN) to find each other automatically via UDP announcements. When enabled, each Syncthing instance sends periodic Announcement packets containing its device ID and available connection addresses, such as TCP endpoints. For IPv4 networks, these are broadcast to the address 255.255.255.255 or link-local specifics on port 21027/UDP, while IPv6 uses multicast to ff12::8384 on the same port. Announcements occur every 30 to 60 seconds, or immediately upon detecting a new device or restarting the service, allowing peers to populate a local table of discovered addresses without requiring replies or solicitations.[22] This mechanism is enabled by default but can be disabled to reduce local network traffic or enhance privacy.[23] For devices outside the local network, Syncthing relies on Global Discovery Servers (GDS), which are third-party HTTPS endpoints operated by the Syncthing community to facilitate internet-wide peer location. Using the Global Discovery Protocol version 3, devices announce their connection addresses—such as dynamic source IPs resolved to public endpoints or static ones—via POST requests to the server's /v2/ path every 30 minutes when enabled. These announcements include the device ID for certificate-based authentication and are responded to with a 204 No Content status, along with a reannouncement interval header. To query for a peer, a device issues a GET request with the target device ID as a parameter, receiving a JSON array of announced addresses if available, or errors like 404 Not Found if none exist.[24] The protocol enforces rate limiting via 429 responses and verifies server identity through pinned certificate fingerprints rather than standard CAs, ensuring secure operation over public networks. Default servers like discovery.syncthing.net are used, but users can configure custom ones or run their own.[25] Users can bypass automated discovery by manually configuring device addresses in the Syncthing configuration file or web interface, providing static IP addresses or DNS hostnames for reliable peer connections. In the device element of the config.xml, multiple tags support formats like tcp://192.0.2.42:22000 for IPv4 static IPs, tcp://[2001:db8::23:42]:22000 for IPv6, or tcp://hostname.example.com:22000 for DNS-resolved endpoints, alongside the dynamic keyword for fallback discovery. This approach is essential in environments without local or global discovery, such as firewalled setups or when integrating with dynamic DNS services.[13] For enhanced privacy, especially in setups avoiding third-party involvement, users can disable global discovery entirely by setting the globalAnnounceEnabled option to false in the configuration. This prevents announcements to GDS servers, ensuring no external mapping of device IDs to IP addresses occurs, though it requires manual address configuration for remote peers and limits automatic internet discovery. Local discovery can similarly be disabled to avoid LAN broadcasts, further isolating the setup. Both options prioritize user control over metadata exposure, as discovery servers could otherwise infer device connections from announcements.[23]Connectivity and Relays
Syncthing establishes direct peer-to-peer connections between devices using the Block Exchange Protocol (BEP) over TCP on port 22000, secured with TLS 1.3 to ensure reliable and encrypted data transfer.[14] For NAT traversal, Syncthing employs UDP hole punching on port 22000, leveraging techniques such as STUN to predict and maintain open paths through firewalls and network address translators, enabling connections without manual port forwarding in many cases.[26] Additionally, since version 1.2.0, Syncthing supports QUIC as an alternative UDP-based transport for direct connections, which can offer improved performance on high-latency networks by reducing connection establishment time and handling packet loss more efficiently.[27] When direct connections cannot be established—often due to symmetric NATs or restrictive firewalls—Syncthing automatically falls back to relay servers via the Relay Protocol version 1, which operates over TCP.[26] This protocol uses a two-mode structure: a TLS-secured protocol mode for device identification and session setup using device IDs, followed by a plain-text session mode that relays opaque, end-to-end encrypted bytes between peers.[28] Relays act anonymously, routing traffic without access to the decrypted content, as the TLS encryption remains intact throughout the path; they only learn the endpoints' IP addresses and device IDs.[28] The protocol includes mechanisms like Ping/Pong messages for basic liveness checks during session establishment.[28] The global relay pool comprises community-operated servers distributed worldwide, with Syncthing selecting relays based on low latency (grouped into 50ms buckets, prioritizing the fastest available).[26][29] Users can configure private relays by running their own instances, which join the pool automatically or can be specified manually via URIs likerelay://host:port/?id=relayID, providing options for dedicated, low-latency paths in enterprise or privacy-sensitive setups.[30]
To ensure connection persistence, Syncthing implements keep-alive pings every 90 seconds over established BEP connections, helping to sustain NAT bindings and detect failures promptly.[14] Upon disconnection or during relayed sessions, it employs reconnection logic with exponential backoff and periodic retries for direct connections—typically every few minutes—automatically switching back to direct mode if successful to minimize latency and bandwidth overhead from relays.[26] This prioritization of direct over relayed paths optimizes overall network efficiency, as relayed connections inherently introduce higher latency and reduced throughput due to the intermediary hop.[26]
Usage and Configuration
Installation and Platforms
Syncthing can be installed via official precompiled binaries available from the project's GitHub releases page or the downloads section on the official website, supporting major platforms including Windows, Linux, macOS, and FreeBSD.[31] For Linux distributions like Debian and Ubuntu, users can add the official APT repository and install viaapt-get install syncthing, ensuring access to updated stable releases.[32] On macOS, installation is facilitated through Homebrew with the command brew install syncthing, which handles dependencies and enables easy updates.[33] Other Linux package managers, such as dnf on Fedora or pacman on Arch Linux, provide Syncthing in their repositories for straightforward integration.[34][35] For advanced users requiring custom builds, Syncthing can be compiled from source using Go, involving cloning the repository and running go run build.go after installing prerequisites like a C compiler for optimal performance.[36]
Platform-specific installation steps vary to align with operating system conventions. On Windows, users download the syncthing.exe binary or use the community-maintained Syncthing Windows Setup installer, which supports both 32-bit and 64-bit architectures and can configure it as a service during setup.[37] For Linux, after installation via package manager, Syncthing is typically run as a systemd user service by enabling it with systemctl --user enable syncthing and starting it with systemctl --user start syncthing, allowing automatic startup on boot.[38] On macOS, the binary can be executed directly, or users may opt for the official macOS app bundle from the community repository, which provides a native launcher and integrates with system preferences for autostart.[39] For Android, the official Syncthing app was discontinued in December 2024, with the final release (v1.28.1) in December 2024; users now rely on third-party options like Syncthing-Fork, available via F-Droid or GitHub, which embeds the Syncthing binary and offers additional mobile-specific features.[40][41]
Upon first launch, Syncthing generates a unique 56-character device ID, such as 6FOKXKK-SKUBWFW-GSKX6IQ-ZC4SYUZ-5IEVZKE-TC42AAX-HW7IBW4-GAZFAQ7, which is essential for connecting devices and displayed in the logs or Web GUI.[10] The service starts automatically after installation, running as a daemon, and users access the initial setup through the Web GUI at http://127.0.0.1:8384/ (or localhost:8384), where they can configure folders, add remote devices by entering their IDs, and set basic options like the listening port.[10]
Mobile deployments require attention to platform constraints for reliable synchronization. On Android, battery optimization features like Doze mode can interrupt background syncing, so users must exempt Syncthing-Fork from battery saver restrictions in device settings and select appropriate power policies in the app, such as syncing only on Wi-Fi or when charging, to balance performance and drain—typically limiting continuous operation to avoid excessive consumption.[42] iOS lacks official Syncthing support due to stringent background execution limits, relying on third-party apps that enable on-demand syncing but cannot maintain persistent connections, often requiring manual triggers or limited to Wi-Fi scenarios for file access.[43]
Syncthing maintains a lightweight footprint, with no persistent data beyond its configuration directory, making it highly portable—users can relocate the entire folder to another device for seamless continuation.[13] Uninstallation involves removing the binary executable and deleting the config directory: on Linux, ~/.local/state/syncthing; on macOS, $HOME/Library/Application Support/Syncthing; on Windows, %LOCALAPPDATA%\Syncthing; ensuring all synced data remains in user-specified folders unaffected by the removal process.[44][13]