1. 22

  2. 12

    Embrace, Extend, Lock-in.

    1. 3

      I’m a mutt user so rigging up their XOAUTH2 authentication is somewhat annoying when i have an app password that works, and I’m kinda unclear on the security advantage except that google will get to have application keys where they can shut off / deauth entire apps as they please. Though often open-source apps don’t have a single blessed key so everyone using mutt makes an app key specific to themself then an oauth token with that. I guess if it gets more annoying to work outside the branded ecosystem, even fewer people will go outside it.

      1. 2

        To be considered secure, a third-party app must let you see what level of account access you are giving it before you connect it to your Google account. The app must also let you access only the parts of your Google account that you want, such as your email or calendar, without giving it access to everything else.

        I literally only use my personal google account for a single thing, (chat) so my current setup already achieves these goals. It’s really frustrating that I’ll have to stop using a setup that works perfectly well for me and switch to alternate clients that aren’t any more secure but are drastically less usable and well-integrated into my existing setup. Realistically this just probably means I’ll stop talking to that particular set of friends.

        1. 1

          I am trying to work out what this will break, but they aren’t blocking smtp I don’t think, so it’s not the complete end of the world.

          1. 3

            Those already affected by the earlier restriction are those that sync messages and contacts. I base this on the current situation with smsbackup+, see the issue thread https://github.com/jberkel/sms-backup-plus/issues/959 and another involving k9mail, thread https://github.com/k9mail/k-9/issues/655.

            The work around for this particular app is to use IMAP and an application-specific password but it appears that Google is actively trying to disable those too for 2021.