fix E2EE, relay/discovery, IPs, both debian, separate networks

opsec/syncthingvpn/index.html

@@ -60,7 +60,7 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>XMRonly - 2024 / 10 / 30</ba></p>
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>XMRonly - 2024 / 11 / 01</ba></p>
 <h1>One-on-One Large File Sharing (Syncthing over VPN)</h1>
 <img src="0.png" style="width:250px">
 <p> </p>
@@ -77,7 +77,7 @@
 				<div class="col-lg-8 col-lg-offset-2">
           <h2><b>Introduction</b></h2>
 <p>
-While many methods of sending files online exist - methods such as email attachments, FTP, <a href=https://blog.nowhere.moe/opsec/onionshare/index.html target=_blank>OnionShare</a> and even <a href=https://blog.nowhere.moe/opsec/p2ptorrents/index.html target=_blank>torrenting</a> - all of these methods have one thing in common. Once a file has been sent, no further changes to that file are tracked. For the use-case where you want to not only send a file or a group of files but also receive any updates to the file(s), that is where Syncthing comes in. Syncthing is a FOSS continous file synchronization program that enables users to securely share files across multiple devices in a decentralized manner. It uses peer-to-peer technology to ensure that data is end-to-end encrypted and transferred directly between enabled devices, eliminating any need for centralized cloud services. Syncthing can be completely self-hosted and is very versatile as sync locations can be a home server, VPS, mobile device or even a friend's computer! In this article, we will explore how Sam can set up Syncthing to privately share large files with Larry and track changes to those files, all while using a VPN to hide his activity from his internet service provider.
+While many methods of sending files online exist - methods such as email attachments, FTP, <a href=https://blog.nowhere.moe/opsec/onionshare/index.html target=_blank>OnionShare</a> and even <a href=https://blog.nowhere.moe/opsec/p2ptorrents/index.html target=_blank>torrenting</a> - all of these methods have one thing in common. Once a file has been sent, no further changes to that file are tracked. For the use-case where you want to not only send a file or a group of files but also receive any updates to the file(s), that is where Syncthing comes in. Syncthing is a FOSS continous file synchronization program that enables users to securely share files across multiple devices in a decentralized manner. It uses peer-to-peer technology to ensure that data is end-to-end encrypted and transferred directly between enabled devices, eliminating any need for centralized cloud services. Syncthing can be completely self-hosted and is very versatile as sync locations can be a home server, VPS, mobile device or even a friend's computer! In this article, we will explore how Sam can set up Syncthing to privately share large files with Larry and track changes to those files, all while using a VPN to mask their internet activity.
 </p>
 
 				</div>
@@ -97,12 +97,15 @@ We start from the perspective of both Sam and Larry as both will complete these
 </p>
 
 <p>
-It is presumed that both Sam and Larry have already purchased a subscription to a <a href=https://blog.nowhere.moe/opsec/vpn/index.html target=_blank>VPN</a>. For this example we will use Proton VPN, but other <a href=https://kycnot.me/?t=service&q=vpn target=_blank>non-KYC VPNs</a> that accept Monero, such as Mullvad, may also be used. To start, they will sign in to their VPN client, ensure kill switch is enabled in the Settings, connect to their VPN and verify their IP address.
+Sam and Larry are both using Debian and are on separate internet connections geographically distant from one another. It is presumed that both Sam and Larry have already purchased a subscription to a <a href=https://blog.nowhere.moe/opsec/vpn/index.html target=_blank>VPN</a>. For this example we will use Proton VPN, but other <a href=https://kycnot.me/?t=service&q=vpn target=_blank>non-KYC VPNs</a> that accept Monero, such as Mullvad, may also be used. To start, they will sign in to their VPN client, ensure kill switch is enabled in the Settings, connect to their VPN and verify their IP address.
 <img src="1.png" class="imgRz">
 </p>
 
 <p>
-Syncthing can be self-hosted using the official <a href=https://github.com/syncthing/syncthing/blob/main/README-Docker.md target=_blank>docker compose</a> instructions as follows:
+Syncthing works by end-to-end encrypting files and sending them over the internet. To do this, Syncthing uses a <a href=https://docs.syncthing.net/users/stdiscosrv.html target=_blank>discovery server</a> to find peers and the Syncthing project maintains a global cluster of discovery servers for public use. If establishing a direct connection between devices is not possible, Syncthing will automatically use community-contributed publicly available <a href=https://docs.syncthing.net/users/strelaysrv.html target=_blank>relay servers</a> to route the file transfer instead. Because Syncthing is end-to-end encrypted, there is no need to trust these servers as they cannot read anything going through. With that being said, because Syncthing is fully open-source, it is possible to self-host both discovery and relay servers, but such configurations are beyond the scope of this article. 
+<br>
+<br>
+For self-hosting a working Syncthing instance, the official <a href=https://github.com/syncthing/syncthing/blob/main/README-Docker.md target=_blank>docker compose</a> instructions are as follows:
 <pre>
 <code class="nim">
 ---
@@ -268,16 +271,21 @@ Larry receives a notification that Sam wants to connect and share something with
 <img src="9.png" class="imgRz">
 </p>
 
+<p>
+Notice how the IP address that is shown to Larry is that of a Syncthing relay server like mentioned previously. If a direct connection had been established, Sam's VPN IP address would have been shown instead.
+<img src="10.png" class="imgRz">
+</p>
+
 <p>
 The file transfer starts.
 <br>
-<img src="10.png" class="imgRz">
+<img src="11.png" class="imgRz">
 </p>
 
 <p>
 Once finished, Larry has a complete copy of all of the files in <b>/home/larry/Sync</b>. Larry notices that Sam sent a Linux ISO that is broken. Larry fixes this broken Linux ISO and also adds a Linux ISO of his own to the shared folder.
 <br>
-<img src="11.png" class="imgRz">
+<img src="12.png" class="imgRz">
 </p>
 
 <p>
@@ -314,8 +322,8 @@ total 12G
           <h2><b>Conclusion</b></h2> </br> </br>
 
 <p>
-Sam was able to privately share 10GB of files and automatically receive changes to those files all while keeping his internet activity hidden from his ISP. Notice how Larry was able to overwrite a file that Sam originally shared. There may be cases where this is undesirable and this option can be changed under Default Folder -> Edit -> Advanced and selecting either Send Only or Receive Only.
+Sam was able to privately share 10GB of files and automatically receive changes to those files all while keeping his internet activity hidden. Notice how Larry was able to overwrite a file that Sam originally shared. There may be cases where this is undesirable and this option can be changed under Default Folder -> Edit -> Advanced and selecting either Send Only or Receive Only.
-<img src="12.png" class="imgRz">
+<img src="13.png" class="imgRz">
 </p>
 
 				</div>