E-mail general

Question

E-mail general

Kevin Nelson

Why does Gmail say that 3rd party email apps (IMAP) are insecure? What do they mean by that?

inb4 >Gmail
I'm in the process of ditching it, still need it for a little while.

October 12, 2017 - 17:44

Other urls found in this thread:

reddit.com/r/galaxynote4/comments/3d2xgw/anyone_know_what_happened_to_bluemail/
sklar.com/2014/10/14/blue-mail/
twitter.com/SFWRedditGifs

Nicholas Jackson

Is K9 the best client on Android?

October 12, 2017 - 18:06

Juan Kelly

Generally IMAP does not allow access to encrytped filesystem with client-side decryption. Not sure if that's what Gmail minds. Maybe it can't use 2fa?

October 12, 2017 - 18:20

Jace Richardson

OP here. I did some reading. Apparently the "problem" with "less secure" apps is that you give them access to your login info (password), whereas with "more secure" apps that use oAuth you don't. Instead the password gets sent directly to Google somehow and the email app only sees some login token, not the password.

Anyway, it seems full of Google specific shit so I don't want to encourage it.
Very few non-Google apps (if any?) support oAuth.

BTW, when you login through your browser you're also using a "less secure" method, since I'm pretty sure the browser and addons (and OS and other software) can see your password.

October 12, 2017 - 18:31

Ryan Ortiz

Because most people don't understand all the implications of security, including most web devs, entry level IT and software developers.

IMAP by itself is completely unencrypted, for starters. Gmail only offers IMAP over SSL, but good luck getting the average person to make sure their cert checking is working properly. Google controls Chrome so they know that the SSL connection to Gmail is safe.

October 12, 2017 - 18:31

Adam Rodriguez

I think this read is somewhat pertinent to you.
secushare.org/PGP
It's at least worth a quick read if you care about email security.

October 12, 2017 - 18:36

Mason Jackson

Also I know the title says PGP, but a lot of it deals with SMTP.
Also based on you ditching gmail soon,
I figure you are heading the GPG/OpenPGP route anyway.

October 12, 2017 - 18:40

Levi Moore

>Gmail only offers IMAP over SSL, but good luck getting the average person to make sure their cert checking is working properly.
Surely the popular email clients all do that?

>I figure you are heading the GPG/OpenPGP route anyway.
No, I just want to stop giving Google too much info. It makes me feel sick, because Google is everywhere.

As long as my emails are encrypted from and to the server (so that my ISP can't read them) it's kinda good enough.

October 12, 2017 - 18:45

Liam Stewart

Speaking of email and encryption:
do email servers use encryption when sending emails (say, from yahoo to gmail) or are emails sent as plain text?

October 12, 2017 - 18:50

Jackson Walker

The link talks about how broken TLS is in most clients,
most just check for a certificate.
They don't verify if it should belong to that mail server.
So man in the middle is incredibly easy.
Like explained.
Thunderbird is a major offender here and many people use it.
TheBat! is a good example of an email client that warns you to death about invalid certificates.

Also it has a lot of short comings that email will always have.

October 12, 2017 - 18:51

John Rodriguez

Depends on the email server.
Some support methods read here
secushare.org/federation
It's a very short read:
>Federation is the interchange of data between fixed address servers that authenticate each other by DNS and X.509 and optionally wrap everything into TLS. This describes, non exclusively, SMTP, XMPP and HTTP federation overlays such as OStatus, GNU Social and Diaspora.

October 12, 2017 - 18:52

Cameron Russell

Is there a way to get a conversation view in K9, where I can see a thread of emails including my replies?

October 12, 2017 - 20:13

Jonathan Powell

I recently bought a protonmail account and now use it as my main address. I hope this isn't some Swiss banking jew scam too.

October 12, 2017 - 21:33

Alexander King

Most of the major providers support in-transit encryption between them like Gmail, Outlook and Yahoo. It's not universal to my knowledge, but the big ones all support it.

October 12, 2017 - 21:37

Ian Butler

So whatever I send can be intercepted and they can see recipient?

October 13, 2017 - 00:38

Asher Ross

Newton (cloudmagic) is the best but you have to pay for it now...... YEARLY. fuckers

October 13, 2017 - 00:41

Ian Wood

Yes. I've used it with OpenSMTPd, Postfix, and Dovecot for five years.

October 13, 2017 - 00:48

Daniel Johnson

Thunderbird supports oAuth now, so you can use it without switching to "less secure" apps.
I don't know of any free Android app that does, but it is planned for K-9.

But unless you have other valuable things in your Google account (private files, calendar...) it doesn't seem like a big deal.
I mean, your email app will get access to your emails anyway, whether with a password or with a token.

October 13, 2017 - 01:19

Lucas Walker

What kind of shit addons and browser are you using that MiTM you?

October 13, 2017 - 01:29

Adrian Flores

Is Mutt supporting 0Auth now?

October 13, 2017 - 04:00

James Sullivan

Redbull me on BlueMail.
Free, no ads and they say it supports oAuth too.

October 13, 2017 - 05:25

Luis Williams

Looks bad desu
reddit.com/r/galaxynote4/comments/3d2xgw/anyone_know_what_happened_to_bluemail/
sklar.com/2014/10/14/blue-mail/

And TypeApp seems like a reskin.

October 13, 2017 - 05:53

Aaron Garcia

bump

October 13, 2017 - 07:38

1 2 3 Next

E-mail general

Last threads