I have the WD 2TB My Book Live NAS drive. I also installed the apps for Android and Windows Phone and I noticed something that bothers me a lot.
When I open the app (in Windows Phone at least), if I go into my private folder and I click on a document, the browser window pops up and a page loads with my document. I have noticed 2 things that are worrysome:
-
This is an HTTP page, this is not an HTTPS site so it is over an unsecure connection.
-
If I copy the resulting URL, which looks kind of like this: http://MyDriveName.deviceSOMENUMBER.wd2go.com/api/1.0/rest/file_contents/Private/FileName?device_user_id=SOME_USER_ID&request_auth_code=SOME_LONG_HASH
and I send it via email to myself and I click on it on *ANY* device, I can see the document!!!
Now, I must be doing something wrong, I really hope I am, otherwise, I would be glad to take this NAS drive back to the store, get my money back and get a NAS drive from a company that takes security seriously.
I called the customer service about this and their response was:
“As soon as you load that document and it loads via the browser (from my Windows Phone app), the document becomes public” —> This is a big no-no for me, the app is useless if it means that I will be making every document in my private folder public.
