Jump to content

Security concerns and questions with Synergy 2 (beta)


ckelly

Recommended Posts

I'm curious about the new sign-on, as regards application security.  I have not seen any discussion of this in the forum.  I'm not comfortable having a machine anywhere in The Cloud collecting data about my machines and whether I'm using Synergy on them and any other possible data that might be needed to use the new version.  I'm honestly surprised that this was the approach chosen for your new version.   Apologies if I've missed the roadmap for this somewhere.  But if you would point me to the documentation describing this interaction, or the reqs, it would be appreciated. 

There is of course the matter of using Synergy 2 in environments where connectivity to The Cloud is not permitted, which of course would mean not being able to use the new version.  Are there workarounds at least for this situation?

Thanks

Link to comment
Share on other sites

The only thing it does is log your local IP into the cloud, so not your internet based one. From there the clients know the IP address of other clients signed into your user, so it does not have to scan your network or simply send packets to a potential security risk by another device replacing the IP from the v1 client's method. I like it, but also have to take it with a grain of salt, as I can foresee some need for custom networks where I would want to specify IPs. The nice thing about the cloud one is that it works with DHCP no matter if having static or dynamic IPs always being given out. In v1, it was easier to use a static IP, with v2, that is not needed, but it does still function if static is being used.

Link to comment
Share on other sites

Great.  I'll try to verify that with a sniffer, if it isn't encrypted (as it should be). 

I still need to know if there's a workaround for people who don't have connectivity to Symless' servers, or who just want to bypass this "sign-on" feature, e.g., to use the old direct method that doesn't break when the network is down.

Link to comment
Share on other sites

It was announced in another thread, that the final release will implement an offline usable method. For now at this beta stage it relies on the cloud sync. But will have the local option should internet access be lost, but your LAN still functioning.

Link to comment
Share on other sites

On 9/22/2017 at 11:24 AM, IT Troll said:

[...] and a troubleshooting guide which recommends completely disabling your firewall.

Yikes... I realize this is a early access beta, but this is a terrible recommendation regardless. Why can't the required ports just be explicitly stated or is there now port randomization to take into account?

Link to comment
Share on other sites

  • Synergy Team
On 22/09/2017 at 4:24 PM, IT Troll said:

Other concerns are no encryption (yet) and a troubleshooting guide which recommends completely disabling your firewall.

These issues will be fixed in beta5, which is due in about 4-5 weeks.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...