How secure is rclone?

haven · March 15, 2021, 7:53pm

What is the problem you are having with rclone?

I plan to use rclone to sync my cloud folder and this is probably a silly question, sorry if it is so.
I see this post: ..t/is-rclone-encrypted-or-not/11855 on security and encryption, but could anyone clarify whether the traffic from my computer to cloud and vice versa is safe?

Rclone uses https to do all transactions with Google Drive and OneDrive so the transmission of files is secure.

How can I make sure that my files are not uploaded or downloaded to somewhere else?

asdffdsa · March 15, 2021, 8:00pm

hello and welcome to the forum,

there are two issues with encryption.

encryption in transit, for upload/download files. as with a web browser, that uses https://.
encryption at rest. once the file is uploaded, if some was able to log into the cloud provider, they could steal the files. so for that we have this Crypt

nothing can guarantee that. so again encrypt the files.

haven · March 15, 2021, 8:17pm

nothing can guarantee that. so again encrypt the files.

Does this mean that using rclone without Crypt is not recommended?
If I understand correctly, this part

encryption in transit, for upload/download files. as with a web browser, that uses https://.

is given, while

encryption at rest. once the file is uploaded, if some was able to log into the cloud provider, they could steal the files.

depends on the quality of my password and security of my unique token on GDrive or OneDrive?

asdffdsa · March 15, 2021, 8:26pm

with gdrive, you can log into the website using an email address and password.
if someone gets that login info, they can login and download all your files.

without rclone encryption, they will be able to read every file.

with rclone encryption, they will NOT be able to read any file.
only rclone can decrypt the files.

haven · March 15, 2021, 8:50pm

Thanks, I'm still confused why rclone doesn't come with encryption as default then? Or is it still okay if I have a strong google or microsoft account passwords, and, say, two factor authentication?

I assume if someone gets hands on my account then without encryption on the files it's game over.

Still, how can I be sure that it's one way road when I sync my files via rclone?

asdffdsa · March 15, 2021, 9:01pm

yeah, it is confusing to understand and confusing to explain.
again, two separate issues. secure during transit and secure at rest.
rclone is always secure during transit.
for copying files in transit, rclone uses https:// encryption, same as any web browser does.
for example, when you login to this forum, your username and password are crypted, all data transferred is encrypted. for when you login to your bank, https://

well, that is up to you, how valuable the data is.
accounts using 2FA do get hacked. websites get hacked all the time, stealing customer's login info.
https://haveibeenpwned.com/

correct. has nothing to do with rclone.

to crypt files at rest, there is always an additional step.
AWS S3 has server-side and client-side encryption.
gdrive does not; so rclone can do that for you.

haven · March 15, 2021, 11:24pm

Thank you. I guess I'll start using it and then see about encryption of my files.

asdffdsa · March 15, 2021, 11:30pm

what is the cloud provider you plan to use?

haven · March 16, 2021, 12:32am

Probably Google Drive and OneDrive.

asdffdsa · March 16, 2021, 12:34am

start with gdrive, as i find onedrive painful and slow.
just today, i gave up on onedrive

haven · March 16, 2021, 12:44am

Yes, I checked some guides, it seems that synchronization with OneDrive can be troublesome.

I'm on Manjaro and for Google Drive, I was thinking of adding it to my online accounts, but I'm not sure how safe that is either.

system · May 15, 2021, 8:44pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.