Joined
·
2 Posts
I am a retired developer. Have been working with computers for the past 30 years. Recently started twitch streaming and publishing programming books full time, found out people are using these third party tools for reporting. I was curious so checked out how their back end was set up. It is DODGY AF. They create an account for you using amazon api then they ask for your cookies (KDP Champ asks for it manually, Get Book reports does it automatically via the plugin), they submit your amazon cookies to their server so they can fetch the latest data (sales report that you can export/generate manually) from your account on your behalf. Let me explain it in non technical ways.
THE DATA IS SAVED SERVER SIDE. IT IS SAVED ON THEIR DATABASE. IT IS NOT CLIENT SIDE. THEY HAVE ACCESS TO YOUR SALES DATA. Impossible to do it client side. Meaning, they can access your sales data anytime they want. Obviously they will say they would never do that bla bla, they have "made it secure" bla bla do not trust the people behind these plugins. I've also noticed in all their back stories they have some connection to publishing. I would not be surprised if they are stealing the data for their personal use. Wow big claims, I know. Whether they are or not, it is very much possible from a technical POV. DO NOT USE THIRD PARTY TOOLS THAT ARE ASKING FOR YOUR COOKIES PERIOD.
In the hacking community if you told someone you are willingly giving your cookies they will die laughing. DM me your cookies and I will show you things that are possible to do with it, you would be surprised. Do not fall for "we encrypt the data" and [crap]. Encryption is a joke. Besides there is no guarantee if they are actually encrypting the data or not. We cannot blindly trust a single dev. If you are not worried about your sales data it is very much possible that since they use a proxy IP to get into one account but that account gets terminated and the same proxy is used to get into your account and fetch your sales data you can face termination as Amazon is very strict around IP. Not worth the risk, trust me. Let me explain this more clearly though. So THEIR server (KDP champ, Book report etc) uses OUR amazon cookies to get access to OUR accounts to scrape the sales data and store it on THEIR server. Big data hazard, right? they say this sales data saved on THEIR server is encrypted, at least get book report says that. There's no guarantee that they actually do this. EVEN IF they do, it's still a big data security hazard. Are we going to trust one developer with thousands of sales data reports? this is insane to me. If you read their FAQ's it's SO MISLEADING. They have intentionally used fancy tech words that most people won't understand to give a false sense of security.
Stick to KDP's official reporting tool, do not use any third party reporting tools, they are constantly improving their reporting and please educate yourself a bit on surface level computer science. Over my 30 year career in tech I have seen it enough times where tech people get into these niche communities such as publishing act as if they are saints and are doing a service to you guys, making your life easier, make it free initially, later exploit it for their own personal gains, they reach out to youtubers who push it since they don't know any better themselves.
I do not understand how people don't see through these tech people's bs. That's why AK reports (a very [poopy] tool but ethical and secure nonetheless) asks you to manually upload your sales report instead of doing it the cookie way. Everyone has a hidden agenda. Everyone. Don't be fooled by ...if they are not monetising their services upfront they are genuine logic. Let me know if you guys would like me to do a live stream on twitch to educate more people on this. I, unlike these tech rats have nothing to gain from this. I'll be dead in a few years anyway as I suffer from a rare form of kidney disease. I've lived a happy and fulfilling live.
I'd also like to make an open invite to the devs behind these tools to appear on my twitch, I'd like to give these young men some life advice. Idk what's the best way to distribute this information, I'll probably get censored.
THE DATA IS SAVED SERVER SIDE. IT IS SAVED ON THEIR DATABASE. IT IS NOT CLIENT SIDE. THEY HAVE ACCESS TO YOUR SALES DATA. Impossible to do it client side. Meaning, they can access your sales data anytime they want. Obviously they will say they would never do that bla bla, they have "made it secure" bla bla do not trust the people behind these plugins. I've also noticed in all their back stories they have some connection to publishing. I would not be surprised if they are stealing the data for their personal use. Wow big claims, I know. Whether they are or not, it is very much possible from a technical POV. DO NOT USE THIRD PARTY TOOLS THAT ARE ASKING FOR YOUR COOKIES PERIOD.
In the hacking community if you told someone you are willingly giving your cookies they will die laughing. DM me your cookies and I will show you things that are possible to do with it, you would be surprised. Do not fall for "we encrypt the data" and [crap]. Encryption is a joke. Besides there is no guarantee if they are actually encrypting the data or not. We cannot blindly trust a single dev. If you are not worried about your sales data it is very much possible that since they use a proxy IP to get into one account but that account gets terminated and the same proxy is used to get into your account and fetch your sales data you can face termination as Amazon is very strict around IP. Not worth the risk, trust me. Let me explain this more clearly though. So THEIR server (KDP champ, Book report etc) uses OUR amazon cookies to get access to OUR accounts to scrape the sales data and store it on THEIR server. Big data hazard, right? they say this sales data saved on THEIR server is encrypted, at least get book report says that. There's no guarantee that they actually do this. EVEN IF they do, it's still a big data security hazard. Are we going to trust one developer with thousands of sales data reports? this is insane to me. If you read their FAQ's it's SO MISLEADING. They have intentionally used fancy tech words that most people won't understand to give a false sense of security.
Stick to KDP's official reporting tool, do not use any third party reporting tools, they are constantly improving their reporting and please educate yourself a bit on surface level computer science. Over my 30 year career in tech I have seen it enough times where tech people get into these niche communities such as publishing act as if they are saints and are doing a service to you guys, making your life easier, make it free initially, later exploit it for their own personal gains, they reach out to youtubers who push it since they don't know any better themselves.
I do not understand how people don't see through these tech people's bs. That's why AK reports (a very [poopy] tool but ethical and secure nonetheless) asks you to manually upload your sales report instead of doing it the cookie way. Everyone has a hidden agenda. Everyone. Don't be fooled by ...if they are not monetising their services upfront they are genuine logic. Let me know if you guys would like me to do a live stream on twitch to educate more people on this. I, unlike these tech rats have nothing to gain from this. I'll be dead in a few years anyway as I suffer from a rare form of kidney disease. I've lived a happy and fulfilling live.
I'd also like to make an open invite to the devs behind these tools to appear on my twitch, I'd like to give these young men some life advice. Idk what's the best way to distribute this information, I'll probably get censored.