Is Syncthing over Tor slower than normal Syncthing?

Yes, significantly for large transfers. Tor adds latency (300-1000ms per circuit hop) and limits bandwidth to typically 1-10 Mbit/s per circuit. For document sync (small files, infrequent changes), this is imperceptible in daily use. For initial sync of large photo libraries or code repositories, allow extra time. Once initial sync is complete, ongoing sync of changes is fast because individual file changes are small.

Does Syncthing over Tor work on mobile devices?

Syncthing for Android (via F-Droid or Google Play) supports SOCKS5 proxies, making Tor routing possible. On Android, run Orbot (the Android Tor client) and configure Syncthing to use Orbot's SOCKS5 proxy (127.0.0.1:9050 or Orbot's configured port). iOS does not have an official Syncthing client; third-party iOS implementations vary in proxy support.

What happens if a peer's .onion address changes?

.onion addresses are permanent as long as the private key is preserved. If you recreate the hidden service directory without preserving the private key, the .onion address changes and all peers must update their configuration. Back up the Tor hidden service private key (hs_ed25519_secret_key) separately from the device backup. Consider this key as a long-term identity for the device's sync endpoint.

Can I use Syncthing's GUI over Tor for remote management?

Yes. Configure a separate hidden service port for the GUI (HiddenServicePort 8384 127.0.0.1:8384). Access the GUI at http://guionion.onion:8384 from Tor Browser. Protect the GUI with a password (set in Syncthing GUI Options). Do not configure the GUI to listen on a public interface - loopback only, with access via the Tor hidden service.

Does this work for synchronizing with a VPS-based Syncthing instance?

Yes, and this is a practical setup for backup or always-online sync: run a Syncthing instance on a VPS configured as a Tor hidden service. All personal devices sync to the VPS .onion address. The VPS acts as an always-online peer that ensures sync even when personal devices are offline. This provides cloud-sync convenience without cloud-provider IP tracking. Use a VPS with sufficient storage for all synchronized data.

Syncthing File Synchronization Over Tor Hidden Services

Syncthing is an open-source file synchronization tool that synchronizes files directly between devices without a central server. By default, Syncthing uses global discovery servers and relay servers to find and connect peers, which exposes device IP addresses to Syncthing's infrastructure. For users who need to synchronize files between devices without revealing device locations or depending on third-party infrastructure, configuring Syncthing over Tor hidden services provides private, infrastructure-independent synchronization. This setup creates a .onion address for each Syncthing instance and configures peers to connect through Tor rather than through Syncthing's clearnet discovery infrastructure. The result is a truly decentralized sync system where neither device's IP address is revealed to the other and no third-party infrastructure is required.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

Why Route Syncthing Through Tor

Syncthing's default configuration uses Syncthing's global discovery servers (announce the device ID and current IP/port), Syncthing relay servers (relay traffic when direct connection fails), and Syncthing's STUN-based NAT traversal (reveals public IP to STUN servers). Each of these reveals the device's public IP address to third-party infrastructure. For threat models where IP address exposure is unacceptable (journalists syncing sensitive documents between field and office, activists syncing across jurisdictions, researchers handling sensitive data), this default behavior is problematic. Routing Syncthing over Tor eliminates IP exposure: each device's Syncthing instance becomes accessible only via its .onion address, and connections are established through Tor circuits that hide the originating IP from the peer.

Creating Hidden Services for Syncthing

Configure a Tor hidden service for each device's Syncthing instance. In /etc/tor/torrc: HiddenServiceDir /var/lib/tor/syncthing/ and HiddenServicePort 22000 127.0.0.1:22000 (Syncthing's default sync port). After starting Tor, the .onion address is in /var/lib/tor/syncthing/hostname. Repeat on each device that participates in the sync. Each device gets its own .onion address. Share .onion addresses between trusted devices through an out-of-band channel (encrypted message, in-person, Signal). Do the same for Syncthing's GUI if you need remote management: HiddenServicePort 8384 127.0.0.1:8384.

Configuring Syncthing to Use Tor

In Syncthing's configuration (GUI at http://localhost:8384 or edit config.xml): (1) Disable global discovery: Options -> Uncheck 'Enable Global Discovery', (2) Disable relay usage: Options -> Uncheck 'Enable Relaying', (3) Add SOCKS5 proxy: Advanced -> Global Options -> SOCKS5 proxy: socks5://127.0.0.1:9050, (4) Set listen address to TCP: tcp://127.0.0.1:22000 (listen only on loopback, not on public interface), (5) In device configuration for each peer, set their address to tcp://peeraddress.onion:22000 explicitly (not 'dynamic'). After these changes, Syncthing connects to each peer through the Tor SOCKS5 proxy using the peer's .onion address. No traffic leaves through the clearnet network.

Performance Considerations for Tor-Routed Sync

Tor adds latency and reduces throughput compared to direct connections. Syncthing over Tor is suitable for: document synchronization (office files, notes, code), photo libraries (accepts slower sync), configuration files (small, infrequent). Less suitable for: large media libraries where initial sync involves hundreds of gigabytes, real-time collaboration where sync latency affects workflow. Tor bandwidth for a single circuit is typically 1-10 Mbit/s sustained, depending on the relays selected. Initial sync of large datasets will be slow (100GB at 1 Mbit/s = approximately 22 hours). For large initial syncs, use a clearnet transfer for the initial bulk sync and switch to Tor-based sync for subsequent changes.

Multi-Device Setup and Key Management

For syncing across more than two devices, each device gets its own .onion address and Syncthing device ID. Share .onion addresses between all devices that need to sync with each other. Syncthing's device ID (SHA-256 of the device's TLS certificate) provides additional authentication - even if a peer presents the correct .onion address, Syncthing verifies the device ID before accepting the connection. To add a new device: install Syncthing, configure the Tor hidden service, share the .onion address and device ID with existing devices, and add the new device in each existing device's Syncthing GUI. The sync topology is configurable: star (one central device syncs with all others), mesh (all devices sync with all others), or selective (device A syncs with B but not C). Mesh topology provides resilience but requires sharing .onion addresses between all N devices.

Related Services

Offshore VPS from $17.90/mo Dedicated Servers DevOps Services

Why Anubiz Host

100% async — no calls, no meetings

Delivered in days, not weeks

Full documentation included

Production-grade from day one

Security-first approach

Post-delivery support included

Bulletproof Hosting Providers

DMCA-Ignored Servers

Offshore VPS Hosting

Anonymous Hosting Solutions

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a Brief Romania VPS Mini