Does rclone have access to its users data?

For example, when creating a remote for the Google Drive storage system, I am prompted for a client_id (described here) and, when choosing the default option to use rclone's client_id, I am then prompted with a web page to give rclone permission to use my google account.

Does choosing this option mean that rclone's maintainer's will have permissions to access my files? Or would only the client have the permissions?

Thank you! :slight_smile:

That would be a pretty big hole if clicking on that allowed rclone access to your data so it does not.

It allows the client you have configured access to the data.

So if anyone was to grab your rclone.conf, they have access.

The client_id is used to identify the program or organisation using the API only.

The actual authentication for accessing the data is the bit you do in the web browser.

So for someone to steal your data they would need your password to Google drive, or access to the rclone.conf.

No one but you has access to these.

Oh, I see! Thanks for the responses!

By the way, the docs on creating a custom client_id need some minor editing; seems the UI has changed a bit. I'd edit it myself, but as I'm not very familiar with the inner-workings of it all I'd rather not :wink:

might want to crypt the config file, so even it someone has access to it, cannot read the contents.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.