Given how rock-solid Syncthing has been, I wonder how hard it would be to bolt encryption onto it so anything that some specific nodes receive is always encrypted.
Unfortunately that's harder than just always leaving a Raspberry Pi on at home, especially given that I want to be able to sync files to my phone, where EncFS probably doesn't work at all (or easily).
I'm unfamiliar with syncthing, but could you run two daemons, one that does encrypted sync to e.g. dropbox, and one that does plain sync to your phone and such? Or would the two instances stomp on each other or get into an infinite loop? e.g.:
Some syncthing nodes could host only the encrypted data, without the keys to decrypt them. This adds the benefit of having some nodes host the data, without being able to access it. Think: VPS, etc. that have very good availability track record, but some doubts about whether your hosting company can spy/might be coerced into spying.
Exactly. If I could be sure that the VPS couldn't read or mess with my files without me knowing, I'd definitely add a SyncThing node on my VPS and have increased availability along with security without any hassle.
The ability to have untrusted nodes is the one feature that has kept me using Resilio Sync.
[0] - https://github.com/syncthing/syncthing/issues/109