From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/88920 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: David Engster Newsgroups: gmane.emacs.gnus.general Subject: Re: oauth to be required for gmail Date: Mon, 23 Dec 2019 13:09:40 +0100 Message-ID: <87lfr3fdkr.fsf@randomsample> References: <8736dkhx05.fsf@bobnewell.net> <877e2uvpve.fsf@gnus.org> <87tv5yxgae.fsf@randomsample> <878sn3qpco.fsf@mid.deneb.enyo.de> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="27923"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: Lars Ingebrigtsen , Robert Pluim , Bob Newell , ding@gnus.org To: Florian Weimer Original-X-From: ding-owner+M37123@lists.math.uh.edu Mon Dec 23 13:10:49 2019 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from lists1.math.uh.edu ([129.7.128.208]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1ijMXx-00076s-7C for ding-account@gmane.org; Mon, 23 Dec 2019 13:10:49 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by lists1.math.uh.edu with smtp (Exim 4.92.3) (envelope-from ) id 1ijMXI-0005O6-V3; Mon, 23 Dec 2019 06:10:08 -0600 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by lists1.math.uh.edu with esmtps (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1ijMXF-0005LK-0n for ding@lists.math.uh.edu; Mon, 23 Dec 2019 06:10:05 -0600 Original-Received: from quimby.gnus.org ([95.216.78.240]) by mx1.math.uh.edu with esmtps (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1ijMXD-0000Wj-BW for ding@lists.math.uh.edu; Mon, 23 Dec 2019 06:10:04 -0600 Original-Received: from randomsample.de ([5.45.97.173]) by quimby.gnus.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.92) (envelope-from ) id 1ijMX6-0000lI-GA; Mon, 23 Dec 2019 13:09:58 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:Subject:Cc:To:From; bh=Pghj+96RUu4mZrwTo0h14tmyGCYpTSsMEnErrRI2bgM=; b=GLq6VKwAkeSt/6M/m1WYnne3tRZV/t7XFVwlSptJ6Oxpd8ZncUqdV35hTnIQqS3x4gQhPmXKXrunOBBI5dgruILno6wn6wWSwor1O/rQ9P/6bN5mW0oN7DSUju7ZXgE7; Original-Received: from ip5f5abab0.dynamic.kabel-deutschland.de ([95.90.186.176] helo=void) by randomsample.de with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1ijMX4-0001Qo-LN; Mon, 23 Dec 2019 13:09:54 +0100 In-Reply-To: <878sn3qpco.fsf@mid.deneb.enyo.de> (Florian Weimer's message of "Mon, 23 Dec 2019 11:59:51 +0100") List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:88920 Archived-At: > My point is that it is pretty much impossible to complete that > sequence without a complete, Javascript-enabled web browser. But that > mode, while ridiculously complex, still isn't as pointless as the > approach with static password that is not actually secret and thus > does not serve any purpose at all. The real solution would be if Google supported RFC 7591 and RFC 7628. This is also what the comment above the hard-coded credentials in Thunderbird says. I predict this will never happen because the providers are actually quite happy with the current situation. It allows them to control which applications may access their services, and it pushes more users away from using third-party desktop mail client. Remember that Google wants you to use the web while being logged in, since this makes it much easier for them to track you. I think the "solution" is to tell users they need to set those credentials themselves. There are no widespred OAuth credentials which we could simply use without being shady. The real solution of course is that users simply stop using Google Mail and choose a proper mail provider. -David