- Blog
- TLS, device trust, and untrusted devices
TLS, device trust, and untrusted devices
How TLS, device pairing, and Syncthing’s untrusted-device model work together in a hosted file sync setup.
TLS in transit#
Syncding terminates TLS for the control plane and web surfaces you use day to day. Syncthing’s own device-to-device sync remains governed by Syncthing’s pairing and certificate model — we keep instances updated and monitored.
Untrusted devices#
Syncthing’s untrusted device feature lets you store ciphertext on a peer you do not fully trust. On Syncding, that pattern can map to encrypted-at-rest expectations on our side when you configure it — check the docs for the exact product guarantees on your plan.
Checklist#
- Pair only devices you recognize.
- Prefer untrusted where you want server-side ciphertext.
- Rotate credentials and review device lists periodically.
For registration and verification flows, see the docs.