[samsprogramming]

I am a retired developer. Have been working with computers for the past 30 years. Recently started twitch streaming and publishing programming books full time, found out people are using these third party tools for reporting. I was curious so checked out how their back end was set up. It is DODGY AF. They create an account for you using amazon api then they ask for your cookies (KDP Champ asks for it manually, Get Book reports does it automatically via the plugin), they submit your amazon cookies to their server so they can fetch the latest data (sales report that you can export/generate manually) from your account on your behalf. Let me explain it in non technical ways.

THE DATA IS SAVED SERVER SIDE. IT IS SAVED ON THEIR DATABASE. IT IS NOT CLIENT SIDE. THEY HAVE ACCESS TO YOUR SALES DATA. Impossible to do it client side. Meaning, they can access your sales data anytime they want. Obviously they will say they would never do that bla bla, they have "made it secure" bla bla do not trust the people behind these plugins. I've also noticed in all their back stories they have some connection to publishing. I would not be surprised if they are stealing the data for their personal use. Wow big claims, I know. Whether they are or not, it is very much possible from a technical POV. DO NOT USE THIRD PARTY TOOLS THAT ARE ASKING FOR YOUR COOKIES PERIOD.

In the hacking community if you told someone you are willingly giving your cookies they will die laughing. DM me your cookies and I will show you things that are possible to do with it, you would be surprised. Do not fall for "we encrypt the data" and [crap]. Encryption is a joke. Besides there is no guarantee if they are actually encrypting the data or not. We cannot blindly trust a single dev. If you are not worried about your sales data it is very much possible that since they use a proxy IP to get into one account but that account gets terminated and the same proxy is used to get into your account and fetch your sales data you can face termination as Amazon is very strict around IP. Not worth the risk, trust me. Let me explain this more clearly though. So THEIR server (KDP champ, Book report etc) uses OUR amazon cookies to get access to OUR accounts to scrape the sales data and store it on THEIR server. Big data hazard, right? they say this sales data saved on THEIR server is encrypted, at least get book report says that. There's no guarantee that they actually do this. EVEN IF they do, it's still a big data security hazard. Are we going to trust one developer with thousands of sales data reports? this is insane to me. If you read their FAQ's it's SO MISLEADING. They have intentionally used fancy tech words that most people won't understand to give a false sense of security.

Stick to KDP's official reporting tool, do not use any third party reporting tools, they are constantly improving their reporting and please educate yourself a bit on surface level computer science. Over my 30 year career in tech I have seen it enough times where tech people get into these niche communities such as publishing act as if they are saints and are doing a service to you guys, making your life easier, make it free initially, later exploit it for their own personal gains, they reach out to youtubers who push it since they don't know any better themselves.

I do not understand how people don't see through these tech people's bs. That's why AK reports (a very [poopy] tool but ethical and secure nonetheless) asks you to manually upload your sales report instead of doing it the cookie way. Everyone has a hidden agenda. Everyone. Don't be fooled by ...if they are not monetising their services upfront they are genuine logic. Let me know if you guys would like me to do a live stream on twitch to educate more people on this. I, unlike these tech rats have nothing to gain from this. I'll be dead in a few years anyway as I suffer from a rare form of kidney disease. I've lived a happy and fulfilling live.

I'd also like to make an open invite to the devs behind these tools to appear on my twitch, I'd like to give these young men some life advice. Idk what's the best way to distribute this information, I'll probably get censored.

 

[samsprogramming]

Book Report's FAQs confirm it's server side.

"Data Used in Reports. We collect data from your KDP Account and from your connected Author Central accounts, and we store encrypted copies of that data. We do this for performance and stability reasons, and to enable features such as all-time sales data."

"Our browser extensions submits your Amazon cookies to our server, so that we can fetch the latest data from your account(s) on your behalf"

Confirms that they are using proxies.

NOTE: The intention of this post is to spread awareness. If you trust these third party tools continue using them. But people have the right to know this information and understand it.

 

[Simon Haynes]

Hi - I've been programming over 30 years, 25 of them professionally, and my Salesscanner (freeware) works by getting the user to manually download their sales report spreadsheet from KDP. After that, it reads the data and displays it in whatever breakdown the user wants. 100% client side, absolutely no connections to servers.

As long as the spreadsheet format doesn't change, it'll keep working.

You can also download historical sales reports (previous months), Smashwords reports, Kobo reports and Google Books reports.

I recently added the ability to import AMS reports (specifically the Advertised products report for US/UK/AU/CA.  This means you can break down ad spend by ASIN, and see net gain or loss.

It's free for the same reason almost all my stuff is free (including yWriter) - I develop for my own use, then share with others. Sharing it means I keep up good programming habits instead of my software becoming the typical 'mechanic's car'

I released a mac version too but that hasn't been updated in a while. Too busy writing novels.

 

[Simon Haynes]

By the way, my only reason for posting here is in case people are using SalesScanner and are prompted to fire off annoyed emails to me after reading your post.

I honestly don't care whether people use this software or not. In fact, the fewer people using it the less time I have to spend replying to emails ;-)

But it doesn't use any kind of server side data, and I don't want people thinking it does.

 

[Doglover]

I'm really not sure that this isn't some sort of libel, but perhaps the law on that hasn't yet caught up with the internet. Server side? Client side? No idea what any of that means; I only know that I have used Book Report for years with no problems whatsoever, except they put their price up. Is that because they stole my sales data? 

I have honestly never read such BS on this forum - well, perhaps I have, but none that sound quite so far fetched. The point is that, with a service like Book Report, we ask other users before giving away secrets. As to using words I won't understand, well, a bit offensive, Sunshine. If I don't understand something, I'll look it up. Most people will.

 

[Doglover]

Book Report's FAQs confirm it's server side.

"Data Used in Reports. We collect data from your KDP Account and from your connected Author Central accounts, and we store encrypted copies of that data. We do this for performance and stability reasons, and to enable features such as all-time sales data."

"Our browser extensions submits your Amazon cookies to our server, so that we can fetch the latest data from your account(s) on your behalf"

Confirms that they are using proxies.

NOTE: The intention of this post is to spread awareness. If you trust these third party tools continue using them. But people have the right to know this information and understand it.

I will.

 

[Carol (was Dara)]

Firstly, I'm sorry to hear of your kidney disease and I wish you better health.

Secondly, many members here are (somewhat) aware of API keys and cookies and make decisions on an individual basis about how much trust they feel comfortable placing in a third party. I weigh such decisions carefully and I assume others do too.

As to authors not knowing how to use Amazon's own sales reporting, I think you give KDP publishers too little credit. I've never met anyone who didn't understand how to use the KDP sales reports - we simply find them clumsy and inconvenient, hence many seek more attractive options.

Regardless of the service and how it operates, it's certainly wise to consider whether a service is reputable, has a history in the business, and is frequently recommended by long time users. Even then, people and businesses that have been reliable for years may occasionally surprise you.

With all of that out of the way... I am a long time Book Report user and am (thus far) entirely comfortable with the service. I don't remember whether Liam has a history in publishing but I have no issues with a service provider coming from a publishing background, as many (maybe most) providers of author services do. If you are here for long, you'll find many members of this forum have varied skills and backgrounds in computer programming, art and design, and so on, and some hire their skills out to the community.

Book Report, by the way, is not free to users at my income level, so I'm not sure where the comments about them not being saints are coming from. Whoever imagined they were? They're providing a service for which I pay. If this sounds like a passionate defense of Book Report, it's not especially. I'm not guaranteeing this service in any way, simply saying I've been satisfied with my experience and, honestly, I can't fathom how they could operate in the way they do without a degree of data access. I can't comment on KDP Champ, because I've never heard of that one.

I'm not being rude. I give the benefit of the doubt that you are not running a competing service and you do not have a personal beef with the owners of the businesses you name. I imagine your warning is well intentioned and may be helpful to new publishers. Certainly it doesn't hurt to remind people to be wary, and any solid business can handle scrutiny and questions. Just maybe don't assume KDP authors are lacking in caution and so on. You're talking to people running small businesses, people who've been working in this industry every day for years. Doesn't mean we can't be scammed, but nobody likes to be assumed naive, regardless of to what degree they understand "fancy tech terms".

Also, the creators of some of these reporting tools are members here, so maybe they'll drop by soon to address your concerns. I suspect the eventual conclusion will be that some of your assessments are incorrect, some are accurate, and everyone must decide for themselves what they're comfortable with, as always.

 

[Kathy Dee]

I have never felt comfortable with ANY 3rd party service that wants accesses to any of my account data. It's just a personal thing, but I would always prefer to make do with the standard reporting provided by the original service provider.

 

[jm2019]

I understand the risks the OP is mentioning and they are valid points - but unless I'm missing something, is this any different from, say, using a tax prep s/w that has all your financial data, or Mint that holds account aggregation, or gmail that has all your email, or OneDrive that has all your documents? Ultimately a huge number of services today are cloud enabled where you allow integration into other apps. As someone else said, it finally boils down to one's comfort & trust in the service and a risk assessment whether they will compromise your data, and whether such compromised data can cause you great harm (someone steals my sales data? well they'll probably feel so bad they'll send me money instead )

 

[psnew]

If you are not worried about your sales data it is very much possible that since they use a proxy IP to get into one account but that account gets terminated and the same proxy is used to get into your account and fetch your sales data you can face termination as Amazon is very strict around IP. Not worth the risk, trust me.

My ex who was in your line of work mentioned all this when I first began publishing. Never really cared about his warnings, but holy crap, if he'd pointed this out to me I would have never downloaded the book report plugin.

If I remove the plugin now, will the cookie expire in two weeks and I'll be in the clear if I never download and open it again? Does the account HAVE to be deleted as well?

I'd rather not delete in case the service can explain themselves at some point and regain trust, but I don't want to keep it right now, until I learn more about this proxy stuff, because I have known authors who were banned and couldn't figure out why.

Does anyone know if alternatives like Datasprout use the same proxy method?

 

[psnew]

I understand the risks the OP is mentioning and they are valid points - but unless I'm missing something, is this any different from, say, using a tax prep s/w that has all your financial data, or Mint that holds account aggregation, or gmail that has all your email, or OneDrive that has all your documents?

Those really aren't the same thing. Those are companies with multiple employees where there are checks and balances that make it difficult to break the law or exploit user information for a sole employees gain, and people still occasionally have to deal with identity theft due to malicious employees who handle their paperwork. The risk vs reward seems like a much higher issue here, because as OP mentions these publishing services are usually ran by one person or a small handful of people who can benefit directly from this information.

I don't much care about that actually. What concerns me is the proxy issue. Amazon bans first, asks questions later and is not known for being eager to clear up misunderstandings. If a tax agent messes up your paperwork the process is completely different than trying to prove your innocence to Amazon and correct the record.

 

[Blerg et al.]

I'd watch that twitch stream.

 

[unkownwriter]

I've never met anyone who didn't understand how to use the KDP sales reports

Don't ever visit the KDP forums. The number of people who actually don't know how to use the sales reports is astounding. You have to wonder if they are capable of dressing themselves, much less running a self publishing business.

As to the using third part things, we trust a lot of our info to such things every day. Amazon knows more about us than most people probably realize, and yet, we're uploading to them all the time.

I'm not worried about Book Report's IP getting tangled with mine. Amazon knows the software, so if someone gets their account terminated, and they also used BR, there's not going to be a problem. Liam has been posting here for years, and as far as I know has always been prompt with helping us with issues, and maintaining a good relationship with Amazon.

Do your due diligence, check out any software or whatever that will need your info. People here put new service providers through the wringer before trusting them. How a business answers questions by members can make or break them.

 

[Doglover]

Don't ever visit the KDP forums. The number of people who actually don't know how to use the sales reports is astounding. You have to wonder if they are capable of dressing themselves, much less running a self publishing business.

Tell me about it! Can't forget the one who sold a book yesterday and Amazon still haven't paid her!