What an incredible software! @ncw I am still in awe after months of use.
Two somewhat related questions. The first is really dumb but just trying to make sure:
I take it that the changelog on 1.35 regarding Amazon Drive that added “support for server side move and directory move” does not mean that server-side copy ( e.g., this [thread] (Is it possible to add encryption during a “Server Side Copy”)) is unaffected.
Assuming that there is no fundamental change to server-side on Amazon, I have a small “privacy” question regarding the encryption “on the fly”:
rclone copy acd:unencrypted secretacd:
I normally use my own dedicated server for this process but for practical reasons I need to use another one for a couple of weeks and I am more concerned about snooping sysadmins.
My question: since rclone must first download from acd:unencrypted before encrypting and reuploading, I am wondering whether sysadmin/networkadmin/others could see the content during the download stream? And is rclone using a tmp/cache folder that could be spied on before the encryption is done?
I have of course no intention of leaving anything locally but I am curious about the down-stream and the local visibility before thinngs are encrypted and returned to Amazon.
Data is transmitted via HTTPS over the wire so the upload/download cannot be intercepted.
I’m pretty sure there are no tmp/cache writes for remote to remote. It’s all done in-memory. In theory, a privileged user could inspect the memory contents and grab data. But if you have to worry about that, you have bigger problems.
I had read that “chunks are buffered in memory” but - alas - I could not quite follow the implication all the way. One last question: in the case of server-side copy -such as dropbox- is the encryption done on the server’s memory or does it still require a local download to memory?
I agree, needless to say, that this extreme kind of snooping - such as reading the memory content - is unusual. Thankfully I am not in that worst case situation, but I would not dismiss the scenario altogether.
I hope @ncw does not mind my making a tiny suggestion. The first line after the header on “server side copy” starts with “Drive”. Many of us are used to “Drive” as “Google Drive” but since Amazon Cloud Drive is gaining attraction, it would not hurt to make it “Google Drive”
in that case.
A server side copy is when you copy a file entirely on the server. Not all remtotes support that. The file remains encrypted if you do that.[quote=“persianphilosopher, post:4, topic:631”]
he first line after the header on “server side copy” starts with “Drive”. Many of us are used to “Drive” as “Google Drive” but since Amazon Cloud Drive is gaining attraction, it would not hurt to make it “Google Drive”
in that case.
[/quote]
