Follow

I've seen this post about "Google blocking all third party email accounts starting in June" boosted quite a bit lately ( mastodon.honeypot.im/@digdeepe )

Please stop boosting it: the statement is untrue.

Google will continue supporting app passwords ( support.google.com/accounts/an ). Using them requires two-step verification ( support.google.com/accounts/an ) which you can set up with any TOTP application, no phone required.

(Citation: I use this with mutt, soon also mbsync/isync + mu4e.)

The larger point made by that author *is* true, that Google abuses user trust and people would be very well served by diminishing or eliminating their dependency on Gmail in particular and Google/Alphabet in general.

But the attention-grabbing assertion used to draw attention to that argument is simply not correct.

Hmm, and a little further reading down into the history of the original post author shows that they are in the habit of creating outrage-bait posts in general that flirt with truthiness. Good target for a long, hard side-eye there.

@gnomon I actually thought that whole post was a bit late to the party.

Google has been trying to destroy third-party clients at least since 2019 when they broke mailpile for me and most of their users. It's bad faith all around, any working clients are just lucky to have gotten through the BS.

github.com/mailpile/Mailpile/i

@gnomon do note, mailpile STILL hasn't solved this problem. 3 years trying to get through Googles crap. Completely pointlessly and such a huge drain on any open source community members who bothers to try and support evil corp.

@gnomon also making assumptions and refusing to read up on the sources because you don't want to enable JavaScript is not a sign of someone reporting stuff they've actually researched

@gnomon Not that it's a good thing, but isn't this the world we live in now?

@linuxlite58 it's a state of affairs that a small number of people have learned to profit massively from, a large number of people have chosen to accept, a much larger number of people are forced into, and a small number actively push back against.

We live in the world we help create. Even if we can't fix it, we can work on making things better for those younger than us, and those less able to fix it directly.

Personally, truth-bending puts people on my ignore list.

@gnomon I agree. We have to work together. That's why I'm excited about open-source social media like Mastodon.

@gnomon Thanks for posting this… I didn’t even know where to start, and now I have a toot I can boost. 😀

@gnomon Thanks for the information.

What I am trying to figure out is whether it's true that Google *Chat*, formerly hangouts, will be discontinuing third party client support. A friend of mine got an email from Google to that effect and it seems to be difficult to find clear documentation of exactly what it means.

@gnomon (Checking the Pidgin reddit finds two different threads about Google (1) discontinuing the Google Talk interface (2) discontinuing password-based login for third party apps. There is apparently a Pidgin plugin for Google *Chat* [as opposed to Google Talk] reddit.com/r/pidgin/comments/t but the person who mentions it offhandedly mentions "login is a bit convoluted". The plugin doesn't document how login works. It's not clear to me if this plugin either uses supported methods, or works at all.)

@mcc I saw your question about this very topic the other day but didn't dig into it at the time. Let me do that now and get back to you.

@mcc github.com/EionRobb/purple-goo

youtube.com/watch?v=hlDhp-eNLM

Login works by manually extracting a cookie from your browser store, apparently, and handbombing it into your purple-googlechat config. This process is documented in a YouTube video linked above.

I, uh

I mean,,,

This probably won't get discontinued? For the same reason that we don't have any laws against, say, trying to shove the moon out of orbit?

@gnomon D: D:

I see, thank you much.

This kind of seems like what third party support being discontinued would be like, insofar as that yeah Google can't really stop you from doing this, but also any minor internal change Google makes to their own client could break this completely on any random day without Google even being aware they had done so

@mcc from what I understand of this particular hack, Google would be unlikely to break this step because it's where they implement the OAuth spec...

...but then it's entirely plausible that they'd create a proposed "Google OAuth 2.1" spec or something with wildly different semantics atop protobuf or something (*cough*HTTP3*cough*) so you're right, there's no guarantee it'll keep working for any particular duration.

🤞😬🤞

@gnomon I was hoping it would turn out to use app passwords or something, as those aren't so bad

@mcc @gnomon Yeah alas as far as I know Google stopped supporting third-party Hangouts clients essentially when they dropped XMPP, or in a way frankly at the time they rebranded to Hangouts; every third-party client/library since is some degree of reverse engineering and hacks. A passive level of lack of no support, which ironically has meant at times on some platforms one has had better luck with Hangouts/Chat than Signal (as Moxie is *actively* hostile to third-party clients), but I digress.

@gnomon The other part of the post, alluding to the expensive security audit required for registered apps using certain API scopes, has been the case since 2019, and has never been required for purely client-side apps that don't expose user data to third-party (non-Google) servers.

The precise details of the whole app verification thing are fairly complex and sometimes murky (no thanks to Google). I spent a long while writing out some bullet points for a friend as I was drilling down to the *actual* truth, because the info as presented felt lacking to me, and rather suspect besides. Unfortunately, writing all my findings out in a more presentable form would take even more time; I lost the drive to make information-dense posts for public consumption on social media a long time ago.

@gnomon One more relevant tidbit: app passwords may not be available to those with accounts managed by their school or work (Google Workspace, G Suite, whatever other names are applicable). App passwords have to be enabled by the domain administrator in order to be used within an organization.

Sign in to participate in the conversation
Mastodon

The original server operated by the Mastodon gGmbH non-profit