I might be misunderstanding what you mean, but maybe the .stignore[1] file is what you're looking for? Apologies if it isn't :-)

[1] https://docs.syncthing.net/users/ignoring.html

Oh no worries, yeah that works like gitignore, I’m talking more like how Nextcloud and Dropbox let you like, have a list of folders and checkboxes where you can be like “this machine doesn’t need my family photo collection synced to it” kinda thing. Which to my knowledge syncthing doesn’t have.

Don't apologize tho! I appreciate the help!

“This machine doesn’t need my family photo collection synced to it” is .stignore. It’s a bit confusing because .stignore is more like .git/info/excludes than .gitignore in that it’s not synced between machines[1]. (If you wanted a synced ignores file then you need to #include that file from each machine’s .stignore manually.) And what’s ignored on one machine doesn’t then need to be ignored on the others, which will still sync it between themselves in that case. So no pretty checkboxes, but echo /Photos >>.stignore on the machine in question and you should be good (including to delete the Photos subdirectory on that machine).

[1] https://docs.syncthing.net/users/ignoring.html

Oh! Holy shit, that's SO useful. Thank you for taking the time to explain!

You can achieve this by having multiple sync folders instead of one folder with everything. Then you can configure exactly what you sync where.

My main concern is that the actual criminals will always find a way around those measures. They're more motivated than anyone to gain the technical expertise to do so. And I use the term expertise loosely here.

For example, from what I've read this proposal was about scanning images and URL's, not text (for now). But it's not hard to split up an URL in several pieces so that the regex doesn't recognise the set of strings as an URL anymore, it'll just be plaintext which won't get scanned. And it's also not hard to send pictures as base64 encoded text, which again would fall outside of the scanning scope.

In my opinion, as with many of these measures, you end up hurting the innocent, the criminals will be fine with (semi) technical workarounds, and we end up on that way too slipperty slope of mass-deployed surveillance for nothing.

Technical measures can and will be circumvented, always, by those motivated to do so. And if you're a CSAM criminal and your prospect is going to prison tagged as a child molester, I imagine your motivation is as high as it gets.

I don't think there's a technical solution to this.

I've started donating to EDRi[1] for this reason.

[1] https://edri.org/about-us/who-we-are/