Dear all, as Box doesn’t have a linux sync client, I am doing a POC with rclone in our dev environment to sync box files and folders to our RHEL server and while setting up the remote, I noticed that rclone requests to read/write to my box account and I know that its necessary in order for the core functionality of rclone to work but I have concerns about the privacy of the data being synced. While Box itself has signed a privacy agreement with our company, there is no such thing for rclone. How can I be sure that rclone does not read the data that its syncing from box to our Linux server ? and does rclone store any of the data being synced?
My questions is in the perspective of enterprise security so please let me know how I can justify using rclone to my secruity team? Thanks In advance
When you use the rclone app, no data is transferred to rclone servers - everything is just between you and box. You can check this easily enough with a tool like wireshark or tcpdump.
When you grant permission to rclone to access box, you are only granting permission for the rclone binary running on your computer to access the files at box. I can’t read your files, or even know that you are using rclone.