It seems there is some critical bug with Amazon atm, since acd_cli can expose your files to other people, eg view,replace, delete your stuff.
Tons of reports on acd_cli github and as well on reddit. I strongly suggest you unauth acd_cli until this issue is fixed.
https://www.amazon.de/ap/adam?ref_=cd_mglwa ( replace .DE with the one you use )
wow. any idea why this would only affect acd_cli? if we all use the same api, couldn’t this happen in rclone? I’m not seeing any problems here at the moment.
For any former user of ACD_CLI, please don’t mess with rclone oauth tokens.
I know that there are users in acd_cli community that are trying some workaround but it can only worse the situation and eventually get rclone banned.
I’d like to second this - please don’t use rclone’s tokens in acd_cli - it is likely to lead to an rclone ban too, and possibly having your amazon account banned.
Speculation but it may be appspot that was caching tokens and handing them to the wrong people.
I think with cloud storage (or really any storage) you always have to assume your data will be compromised. If you take that approach you will be protected. I.e.encrypt your data at rest and in transit with your own keys.
@ncw Nick, browsing through your code it looks like rclone does a direct auth to amazon’s servers rather than using an intermediate device like acd_cli did (appspot). Can you confirm how the authorizations occur? In light of what has transpired on the acd_cli tool I am trying to understand what the need was for that intermediate server to do the amazon oauth was for in their tool and if there is an exposure like that in this tool. Sorry, go (and C) code isn’t my strong point to be able to read through exactly how rclone does it versus why acd_cli choose to do it with a intermediate server.
Yes that is correct - rclone does all the auth on your computer - no credentials ever leave your computer. I did it that way so I didn’t have to run a server with 1000s of other peoples credentials flowing through.
That makes the signup slightly more awkward but it was a trade-off I felt was the correct one.
Moreover, whatever the tool is, having an authentification proxy has two major drawbacks for end users :
- it is a huge security risk (what if the authentification proxy is hacked)
- it is a single point of failure (if the proxy is down, whatever the reason is (misconfiguration, hosting trouble, …), then the entire service is also down)