I just bought a WDMyCloud so that I could make a huge collection of family photographs available remotely to family members. To test, I set myself up as a remote user. After downloading the latest version of Java and accepting a number of security risks that were identified to me (related to an expired certificate and Java not supporting future versions of the interface), I was able to access the share without a problem. My question is whether anything is being done to address those security issues. If it were simply me accessing the drive remotely I’d be a bit less concerned, but I’d like to feel confident that my solution to the “how do we share these family pictures” is not introducing problems onto their systems. I explored a number of different options before buying the MyCloud, and I’d hate to think I now need to look for a different solution.
Thanks for bringing up this, and I hope they will fix it, because this is non sense 
I am also experiencing the same problem with a Java expired security certificate, I get the following error messages: -----------------------------------------------------------------------------------------
(Security Warning Dialog Box)
Do you want to run this application?
An unsigned application from this location below is requesting permission to run.
Location http://192.168.X.XXX
Running unsigned applications like this will be blocked in a future release because it is potentially unsafe and a security risk.
Select the box below, then click run to start application ------------------------------------------------------------------------------------------
If you click on the more information hyperlink you learn that it is an expired Java Security Certificate.
Question is how do you update this Java Security Certificate, is it not included in the updated software/firmware updates for the My Book Live & WD Smartware Software?
Or is this something that is issued or dealt with at the W2go web site?
The certificate Western Digital used to sign their java applet has expired, and they have not replaced it yet, or have not issued an update to the firmware.
In addition, the latest versions of Java require an additional property in the applet’s manifest, and Western Digital has not set that property. So, even if you accept the certificate, Java will refuse to run the applet.
Now, the jar file is indeed located on the WD My Cloud, so theoretically you could access it, sign it yourself, and add the appropriate property to the manifest. I haven’t done that, yet, but it is possible.
same issue here.
Can access via apps, but not anymore from my pc, neither via webpage nor via explorer (top copy-paste files).
What next?
Who is going to resolve this??
changing java settings helps, as described here:
http://community.wd.com/t5/WD-My-Cloud/Latest-Java-7-update-51-kills-remote-acces/td-p/660681
find it under programs - java - configure
I am happy again to be able to access data herefrom 
although I cannot access the data via the icon in the startbar icon, nor via shortcut created…
Unfortunately, I’d already tried that, and it doesn’t work for me. I’m using Linux, so there may be some difference between the Linux and Windows versions (I’m assuming you use Windows). I still get the popup about the certificate, and when I accept it anyway, instead of of a complaint about the Permissions manifest attribute, I get a popup about a Runtime Exception: java.lang.ExceptionInInitializerError.
When you look at the Java console, you find:
Missing Application-Name manifest attribute for: http://192.168.1.235:80/mapdrive/map-drive.jar?v=18
Missing Permissions manifest attribute in main jar: http://192.168.1.235:80/mapdrive/map-drive.jar?v=18
So it now appears that there are two missing attributes. I’m delighted that the workaround works for others, but it doesn’t seem to for me. So far, I’ve set the Security options as follows:
Enable Java content in the browser : Yes
Security Level : Medium
Exception Site List :
I don’t think I actually need the https version, but I doubt it’s hurting anything.
Same thing here. My Java was out of date, I updated it and now I have a big paperweight.
I know the company monitors this. Company Rep: When will this be fixed, or do you want my device back? I don’t want to have to become a programmer to use your box. FIX IT NOW.
Trying to access files online using W2go.com. My password is accepted but I then get a message that states “application blocked by security settings”. Your security settings have blocked an application signed with an expxired or not-yet-valid certificate from running.
How do I fix this, if it is fixable?
is there another way to access my WD device online other than using W2go.com?
I can access using Firefox as long as I do the following:
- Ensure I am running the previous version of java release 45?
- Turn off java automatic update otherwise it will automatically load the latest version again which will not allow access
- In firefox there is a symbol at the left hand of the address box, looks like a lego block. Click on this when java is refused and you can amend the conditions to access the site.
I have not been able to get chrome to work since the outage that WD had a number of weeks ago. Whatever they did to get back on line now stops it working.
IE11 also would not work, but in the last week or so has started allowing connection again, still only with the old Java.
It is crazy that months after buying this device I am still getting the same security warnings from Java and have to use an old and vulnerable release. It clearly says access will be blocked to this site in the next update and that is what happened.
WD need to find out what they have done which stops Chrome from working as that was my prefered browser.
BaltoUser wrote:
Trying to access files online using W2go.com. My password is accepted but I then get a message that states “application blocked by security settings”. Your security settings have blocked an application signed with an expxired or not-yet-valid certificate from running.
How do I fix this, if it is fixable?
is there another way to access my WD device online other than using W2go.com?
This issue is under investigation.
We will post in this thread once more information is available.
Hi, I’ve been reading an old thread on this http://community.wd.com/t5/WD-My-Cloud/Latest-Java-7-update-51-kills-remote-acces/td-p/660681/page/7 which states the issue was resolved in March so the thread was closed. This looks like the same issue so why is there no resolution? The previous thread was started in January - has this issue been open this long? I bought my WD cloud a few weeks ago for remote internet access - do I need to take it back to the shop or can you tell me how I access it securely please? An issue being open for 5 months with no resolution is unacceptable
What computer OS and browser are you using?
I’m in a nearly identical situation. I bought my My Cloud a few weeks ago, and I can’t recall even once being able to login at WDMyCloud.com (wd2go.com). I type in my login credentials—which I was able to get I think when I set up my user info. in the the web dashboard—but absolutely nothing happens. No error message, no attempt by the browser to load a new page… just… nothing at all.
I’ve tried this with Safari, Firefox, Chrome, and with Java versions 6, 7, and 8 (each uninstalled before the next was installed). Absolutely nothing works. As far as I can tell, any solution posted on that “Latest Java update kills remote access” discussion is nonsense, as is the WD knowledge base article about it. I’ve tried everything, lowering the security setting down to “Medium” in the Java control panel. Quitting and relaunching browsers, restarting my machine, rebooting the My Cloud and even the router too.
To be clear: I can in fact acces the My Cloud remotely, using the WD My Cloud desktop app, via FTP, and even using SFTP (with some minor tweaks). But here’s the thing: reading the older threads suggests that when you access your My Cloud by logging in through the WD web interface, you are able to get your shares mounted as actual volumes on your desktop , just like they appear when you’re back on your LAN.
This would be very useful in a number of situations, e.g. backup applications like Time Machine or CrashPlan could continue operating in the background. (Since my backups have already been seeded, those apps need only a tiny trickle of bandwidth to work properly.) iTunes could work just like it always does, by finding it’s “iTunes Media” folder located on its My Cloud share/volume. And so on.
It’s great that I can access my files remotely. Wonderful… But I would also like to get my shares remotely mounted as volumes as well. I bought my My Cloud too recently to have seen this work in the past. But he previous threads suggest that’s how it works.
I’m realliy ticked off at all these comments I’ve read the “the problem’s been solved”; “that was fixed 2 weeks ago [back in March]…”; “just update your firmware”; "just lower the security level in Java down to “Medium,” and so on. It’s all horse manure. None of that’s working, and I’ve tried every configuration I could possibly think of.
I want to mount my shares as volumes when I’m working off my LAN. Someone please tell me how to do that. Thanks in advance.
UPDATE to my post above:
With some time tinkering around with settings and a little bit of blind luck I have been able to get remote access via the WDMyCloud.com (a.k.a. wd2go.com) portal. Here are the take-aways:
-
Make sure you don’t have anything that’s blocking the Google Analytics tracker. The login page that first appears when you go to WDMyCloud.com, includes a bit of Javascript for the Google Analytics tracker. If you’ve installed any extensions that are blocking that tracker–for example, Google’s own opt-out extension, or a more comprehensive privacy extension like Ghostery, entering your login credentials will do absolutely nothing. The page will be completely unresponsive. (The browser doesn’t hang; what I mean is the login page itself is just dead/dysfunctional.) If you disable whatever’s blocking Google Analytics, you should be able to log in. I use Ghostery, and one of the nice features about it is that you can black trackers on a per-site basis, so that Google Analytics will remain blocked everywhere else I go.
-
A successful login doesn’t mean you will succeed in accessing your My Cloud. One and only one way worked for me, and that was using Firefox , with the latest version of Java 7 installed from Oracle and the “Security Level” setting for Java lowered to “Medium.” Yes, there were a gazillion warnings about expired/invalid certificates and “Do you really want to run this Java applet?” dialog boxes, but if you just tell the computer to ignore those and carry on, your shares will be displayed (only in Firefox!), and they will in fact mount properly on the desktop, much like the would if you were at home on your own LAN.
-
Note that this is the opposite of what WD recommends in the relevant help documents , which say to stick with Safari and leave Firefox out of it. My experience with that advice is that it is totally bass-ackwards.
This thread is nominally about the onslaught of certificate and security warnings that appear when using the web portal to access your shares remotely. They haven’t gone away anywhere, and WD should certainly do something about that ASAP. But if you just plow through them and accept all the potential security risks, the portal works.
Now, I have now idea whether there are any real risks or not. What I’ve chosen to do is keep the Java Security level set to Medium only when I need to do this remote access thing. When I don’t, I keep that setting bumped up to the highest security level.
I’m really happy with the My Cloud unit, for the most part. But I have to say that management of the WDMyCloud.com/wd2go.com Web portal is really kind of lame. And I doubt the fixes would be terribly complicated.
pinax you are a total life saver! I have been having the exact same issues you described in your previous post. Once I disabled my adblockers ( I use 2), everything worked perfectly fine at login in Firefox. And here I thought this was definitely a java issue. Thanks so much for putting in the time to check all the variables involved. So happy my mycloud isn’t just malfunctioning! MODS: PLEASE STICKY PINAX’S POST!
Using Java is a high security risk regardless of versions and certificates!
hey Vort11–
You are most welcome–I’m thrilled that at least one person’s life was made slightly easier by my trial and error…
I’ve confirmed that using Firefox and Java as I’ve described above works just fine. When accessing your My Cloud remotely, you are of course limited by the bandwidth of the network you happen to be on, not to mention the upstream bandwidth of your own home network. Having said that, it seems to work as intended.
I know there are a lot of people out there (like Eli_Tsigantes) who can’t wait to scold us for using Java. At this point, frankly I don’t give a rat’s @$$: I hereby knowingly and willingly accept the risks of using Java to get my WD My Cloud working the way it was supposed to. If anyone wants to dissuade me from doing this, please explain–in terms both precise and concise–why this is such a godawful invitation to personal ruin. Don’t just wag your finger at me and say, “Shame on you!” Fine. Shame on me. Now eff off.
As I mentioned, I keep the Java security settings at the highest all the time, except in the rare cases where I need to mount the My Cloud shares from a remote network. What I’ve described seems to work reliably, and I’ve noticed that the URL in my browser always starts with https://, which gives me some confidence that whatever data goes back and forth is encrypted.
I generally dislike using Firefox (in fact I hadn’t even installed it on my Mac until I tried it for this purpose), but I find that keeping it around for the few things that need Java is useful (for example the speed test at myspeed.visualware.com, which gives great feedback on not only broadband speed, but transmission quality, suitability for VoIP services, etc.; I love it). I keep those very few sites in the bookmarks bar, and tell Firefox to erase all cookies, history, etc. when quitting. Works fine for me!
Having said all that, I suppose the real solution to my original problem (getting my My Cloud shares actually mounted remotely on my desktop) is getting a VPN (virtual private network) set up. But right now the browser arrangement works fine for my limited needs.
If you have a Mac, I did discover that you can simply hit ⌘-K in the Finder and type in afp://[username]@[IP address] and mount shares remotely that way (after forwarding the appropriate ports in my router). But that really is risky, and I won’t be doing it again. I think something similar can be done using smb://…, maybe something like “SMB over SSH,” but really I’m too dumb to know how to do that without like half a day’s worth of Web searching, grinding through posts and articles written for people who know way more than I do about Linux. Why WD can’t just include step-by-step instructions for this stuff we’ll never know. I’m quite happy with the hardware, but the software implementation and documentation so far has been abyssmal.
In addition to the information at the link, I found that I could just enter the My Cloud ip address as an exception: Edit site list… add… then paste the ip address from the Dashboard into the list and add it. There are a bunch of warnings that you have to accept and then you’re in.
My first day with the MyCloud device, and I feel very much like I have been conned. Not a great first experience. As I travel almost constantly this functionality was crucial to my purchasing decision. It looks like a simple case of the certificate being out of date - surely renewing it is not a massive issue?
