Data Privacy using rclone for enterprise

Dear all, as Box doesn’t have a linux sync client, I am doing a POC with rclone in our dev environment to sync box files and folders to our RHEL server and while setting up the remote, I noticed that rclone requests to read/write to my box account and I know that its necessary in order for the core functionality of rclone to work but I have concerns about the privacy of the data being synced. While Box itself has signed a privacy agreement with our company, there is no such thing for rclone. How can I be sure that rclone does not read the data that its syncing from box to our Linux server ? and does rclone store any of the data being synced?

My questions is in the perspective of enterprise security so please let me know how I can justify using rclone to my secruity team? Thanks In advance

Great!

When you use the rclone app, no data is transferred to rclone servers - everything is just between you and box. You can check this easily enough with a tool like wireshark or tcpdump.

When you grant permission to rclone to access box, you are only granting permission for the rclone binary running on your computer to access the files at box. I can’t read your files, or even know that you are using rclone.

BTW rclone has a privacy policy here: https://rclone.org/privacy/ - it only really covers the website though. I thought I wrote a document about the binary itself, but I can’t find it at the moment!

1 Like

Thank you. That clarifies. Sorry I’m not near my laptop, but can you clarify what port/ports rclone uses? And whenever you can, it would be helpful if you can share the privacy policy for the binaries.

Great!

It depends on the provider, but for box, everything will be on port 443 and be https traffic.

I’ll dig around and see if I can find what i wrote as this isn’t the first time this has come up.