Hi, I’ve just installed Manjaro next to Windows 10, but I plan to move most of my work to Manjaro, I just enjoy that the fan on my laptop is silent with it.
I was looking for a way to sync OneDrive on Manjaro and managed to setup rclone and it worked fine, I’m was using something like:
rclone sync remote:path /path/to/folder
But I’m concerned with rclone’s safety (someone will get access to the files directly or when they are being synchronized), and it feels like I need to give up a lot for rclone app’s access to OneDrive, when I actually sync only several folders. I read on reddit that the code for rclone is over 100k lines and it’s integrity is not entirely guaranteed. I see that there are alternatives (onedrive-abraunegg), but giving full access still makes me feel uneasy.
So my question is twofold:
is rclone (or any alternative that a newbie can setup) safe?
is there a reputable cloud service that provides its own solution that I could use without an intermediary app?
I understand that it’s very unlikely that Microsoft will create an app for Linux, and neither, probably, will Google, but perhaps there are other solutions. Dropbox seems to provide solutions for Ubuntu and Fedora, but not Arch. Thanks.
I see that there are alternatives (onedrive-abraunegg), but giving full access still makes me feel uneasy.
You do realise hopefully that you are only granting your OneDrive account via the OneDrive API to access your files when performing the authorisation request?
No one else can access your files, unless you share your API token with that person. No one (including me as the developer of the OneDrive client) has access to your data.
The authorisation process grants access to:
The application ID (which you can change)
An application that presents that ID + your authorization token code
The authorisation process tells OneDrive, that, if a ‘client’ with the above two items requests access, give access as per the permissions being requested|granted - when you login using your userid and password
You are essentially only giving full access to yourself for your data.
Thank you.
I have some questions still, sorry if they are too silly.
Does the traffic when I pull and push the data go directly from/to OneDrive? How can I know that the data that I download/upload goes only to my PC or only to the OneDrive server?
How can I change the application ID? Will changing it make it more safe? I assume token is the main security item.
Does the traffic when I pull and push the data go directly from/to OneDrive?
Yes - direct from your PC to OneDrive. You can verify this by using the debugging commands to view the actual HTTPS transactions:
--verbose --verbose --debug-https
How can I know that the data that I download/upload goes only to my PC or only to the OneDrive server?
As per above
How can I change the application ID? Will changing it make it more safe?
Refer to the documentation on changing the application ID, however will it make it more safe - no, the only difference here is that you and only you know the new application ID, rather than the application id default (which is a validated / certified ID by Microsoft) - so you potentially could run into other issues such as usage constraints because it is a ‘new’ application ID that is unverified.