ckelly

Security concerns and questions with Synergy 2 (beta)

9 posts in this topic

I'm curious about the new sign-on, as regards application security.  I have not seen any discussion of this in the forum.  I'm not comfortable having a machine anywhere in The Cloud collecting data about my machines and whether I'm using Synergy on them and any other possible data that might be needed to use the new version.  I'm honestly surprised that this was the approach chosen for your new version.   Apologies if I've missed the roadmap for this somewhere.  But if you would point me to the documentation describing this interaction, or the reqs, it would be appreciated. 

There is of course the matter of using Synergy 2 in environments where connectivity to The Cloud is not permitted, which of course would mean not being able to use the new version.  Are there workarounds at least for this situation?

Thanks

Share this post


Link to post
Share on other sites

The only thing it does is log your local IP into the cloud, so not your internet based one. From there the clients know the IP address of other clients signed into your user, so it does not have to scan your network or simply send packets to a potential security risk by another device replacing the IP from the v1 client's method. I like it, but also have to take it with a grain of salt, as I can foresee some need for custom networks where I would want to specify IPs. The nice thing about the cloud one is that it works with DHCP no matter if having static or dynamic IPs always being given out. In v1, it was easier to use a static IP, with v2, that is not needed, but it does still function if static is being used.

Share this post


Link to post
Share on other sites

Great.  I'll try to verify that with a sniffer, if it isn't encrypted (as it should be). 

I still need to know if there's a workaround for people who don't have connectivity to Symless' servers, or who just want to bypass this "sign-on" feature, e.g., to use the old direct method that doesn't break when the network is down.

Edited by ckelly
adding explanation

Share this post


Link to post
Share on other sites

It was announced in another thread, that the final release will implement an offline usable method. For now at this beta stage it relies on the cloud sync. But will have the local option should internet access be lost, but your LAN still functioning.

Share this post


Link to post
Share on other sites

CLI is offline, as far as I know, also a permanent offline function is rumoured.

 

Share this post


Link to post
Share on other sites

Other concerns are no encryption (yet) and a troubleshooting guide which recommends completely disabling your firewall.

Share this post


Link to post
Share on other sites
On 9/22/2017 at 11:24 AM, IT Troll said:

[...] and a troubleshooting guide which recommends completely disabling your firewall.

Yikes... I realize this is a early access beta, but this is a terrible recommendation regardless. Why can't the required ports just be explicitly stated or is there now port randomization to take into account?

Share this post


Link to post
Share on other sites
On 22/09/2017 at 4:24 PM, IT Troll said:

Other concerns are no encryption (yet) and a troubleshooting guide which recommends completely disabling your firewall.

These issues will be fixed in beta5, which is due in about 4-5 weeks.

Share this post


Link to post
Share on other sites
2 hours ago, tekstrong said:

Why can't the required ports just be explicitly stated

It's a bug in beta4.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now