Hi all, I'm an engineer at Proton and would like to provide some information to people using our service with rclone and how we currently keep rclone functional.
Changes to the upload flow
We do not intentionally introduce breaking changes that would disrupt third party clients.
In early 2024 we rolled out a new data‑integrity mechanism for file uploads. The feature is mandatory and is designed to protect users from many potential causes of data corruption. Rclone lacked support for this mechanism, which caused upload failures for its users. After detecting a spike in failed uploads, Proton made a temporary exemption that exempted rclone from this validation. We then provided guidance on implementing the new validation. Although we've seen that pull‑requests have been opened to add the extra validation, none have been merged or released to date.
The temporary exemption remains in place to continue supporting rclone functionality, as a gesture of goodwill to the rclone community.
Handling file uploads is a complicated multi-step process, where any step can get interrupted or fail. Proton Drive has the added complexity of being end-to-end encrypted, meaning the client has to encrypt the data and the server has no way to verify the integrity of the encrypted files. Client-side bugs in the encryption may lead to data being impossible to decrypt later. This is one of the reasons why Proton is developing an SDK, to make it as easy as possible for everyone to perform end-to-end encrypted uploads safely. The SDK is already being integrated into the official Proton Drive apps to ensure one uniform upload process across platforms.
Version‑header handling
rclone sends the HTTP header x‑pm‑appversion with the value macos‑drive@1.0.0‑alpha.1+rclone. We use this header to identify the app version and to upgrade clients with known issues or to support important new features such as Proton Docs. While the alpha version of the macOS Drive app that rclone masquerades as is officially unsupported, we allow it to ensure rclone continues to work. External apps should identify as external-drive-<project>@<version> (a pull request has been submitted to GitHub to inform the rclone maintainers about this https://github.com/rclone/rclone/pull/9189). External apps are not officially supported, so use at your own risk. Remember that with end to end encryption, there is very little data validation that can be done; we use the header to ensure that clients are properly safeguarding the integrity of user data. Improper use of this header prevents those safeguards from working properly, resulting in failed uploads.
Domain usage
rclone connects to Proton services via the outdated mail.proton.me/api. The official Proton Drive apps now use drive-api.proton.me. Drive usage of the mail.proton.me/api endpoint is deprecated but we've kept it around to avoid breaking rclone. As a gesture of goodwill we have submitted a pull request on GitHub to change the domain that rclone uses https://github.com/rclone/go-proton-api/pull/1.
Traffic and rate‑limit considerations
Proton does not block users for using rclone, but does enforce good behaviour usage of our API across the board for all clients, to protect availability of Proton for all customers. Official Drive apps use a lightweight event‑based model; In contrast, rclone scans every folder locally and issues a larger number of API calls to re-fetch metadata on every pass. This causes a large number of requests, especially when users have many files and folders. Official apps back off gradually, whereas rclone does not. Rclone causes a disproportionate amount of traffic to Proton's servers. All traffic is subject to the same rate‑limit policies; there are no special limits for rclone. When limits are reached, the server throttles the offending user to protect the availability of Proton for all users.
Human verification (CAPTCHA)
Our anti‑abuse system may occasionally require users to complete a CAPTCHA, again to protect the availability of Proton for all users. Because rclone generates a high volume of API requests it is more likely to trigger this verification, particularly when used over a VPN. Unlike the official Drive apps, rclone does not surface the CAPTCHA challenge to the user, which can leave the user appearing “stuck.”
Upcoming storage model
We are preparing a new storage model that will improve performance and security and be simpler to use. Files stored with this future model will not be readable by rclone until the client is updated. The Proton Drive SDK will include built‑in support for the new model, allowing third-party developers to handle the new format. In the shorter term, an upcoming change of algorithm in OpenPGP may affect rclone's ability to read files uploaded by different clients, or make changes to them.
Future developments
Proton understands that third party tools and applications are an important part of the open-source community and has continuously taken steps to ensure that legitimate third party use of the Proton Drive APIs is not unduly constrained. Proton must also ensure availability of those APIs for all users and continue to insist on correct handling of user data when interacting with those APIs. The upcoming SDK release later this year will provide all third party developers with a free, standard, performant, open-source way to interact with the Proton Drive APIs safely and correctly, supporting a robust ecosystem of third-party authors and projects. The best way to ensure that any given third party project will run smoothly will be to use the SDK for all interaction with the Proton Drive APIs. After the SDK is released and a suitable grace period (tbd) has elapsed, all old clients - not just the third-party ones - will be deprecated and their continued functionality will no longer be guaranteed. Third party clients will either need to adopt the (free, open-source) SDK or fully emulate its safety, correctness, and availability features to continue accessing the Proton Drive APIs.
We sincerely believe that the upcoming release of the Proton Drive SDK will offer every third party project - and most definitely rclone - the chance to be faster, simpler, and more reliable.
If you have questions or comments please check out our two blog posts:
And feel free to join the discussion on /r/ProtonDrive with the sdk-preview-discussion tag.
Thank you.
