If I use synology quickconnect service Am I putting my privacy in danger?

  • Brewchin@lemmy.worldEnglish
    6·
    9 hours ago

    Short answer: Eventually, yes. But it also depends on what you mean by “privacy” and “danger”, and what else you’re doing with your NAS.

    Longer answer:

    Your NAS can be used in the ways you want, and with the privacy levels you want, without signing up to or using additional cloud services. By choosing to use QuickConnect, you’re trading some of that for convenience.

    History shows that most providers will have a data breach. What that breach includes depends entirely on what you given them and what they’ve taken. Including what their ToS and Privacy Policy says, and has ever said the entire time you’ve used it. That’s assuming good faith and competence, as some services gather more. And then there are things like court orders, some of which you’ll never hear about.

    It also depends on their security model. It’s quite likely that they’re using their own certificates (as it does when you browse to your NAS’s web interface), so would mean they’ll be automatically decrypting and re-encrypting the traffic going through QC. This will often be stated as “end to end encryption”, despite not really being that.

    If your concern is filenames and such, then it’s likely visible to them. Whether they record them is up to their current policies. If your concern is the contents of your screen, video or audio, then it is unlikely. Especially with things like SSH or remote desktop that may have their own transport security.

    However, if you use your own remote connectivity option (eg. WireGuard, Tailscale), you’re not sending data through their servers.

    FWIW, I use Photos and Drive, and both naturally work seamlessly on my LAN. When I’m outside my network, I usually rely on what I’ve saved for offline use. But when I want something specific, I use WireGuard to VPN to my home network to get it. No cloud services and no “I hope they don’t get breached this week” garbage - just a secure point-to-point connection between my device and my home.

    tl;dr: It’s less about what a company says/does about their service, and more about not giving them the opportunity to get it wrong, do bad things, etc.