[sametmax]

My take would be:

- now it's quite impossible to administrate your own email servers. Anti-spam measures are very effective (and enjoyable for us as users), but so paranoid that being part of the few select nodes that don't have their emails marked as spam (or are even propagated at all) is a full time job.

- gmail dicthed IMAP in favor of their own API. Pluging an IMAP client into your email account requires to dig inside your account security settings and change several obscure values with scary names and warnings. Sometime it even doesn't work, and then you do it again later, and it works for no reason. A non tech saavy user will never succeed in doing that, and hence everybody will use the web base version.

- the security of gmail accounts are insane. Not in the good way. I have yet to have a problem with a pirated account. But I had several problems with being locked out by Google deciding that "something was suspicious" because I was traveling or using someone else computer. Of course google has zero help desk to solve this. Loosing access to my emails is NOT ok. And to do it to protect me (against a threat visibly less likely than google freaking out) is adding insult to injury.

- Google scans and collects every emails you send and receive. So much for privacy. It also shares everything, thanks to PRISM. Even when I decided to dicth gmail, most people are using gmail and will never setup encryption. So by just existing, my communication are spied on, even if I don't use the service myself. Oh, and the bot scanning your mails may follow links in them. I had "burn after reading" documents that I could never open because of this.

- The gmail account is a google acount. Which means something that should be "just emails" is now a beacon to track me on all the websites I go to. It's also associated with all my google services activity. And on the android phones I log into. It requires a lot of effort and disciple on my part to mitigate that. Running a phone without an account is extra annoying. Having to juggle between several emails providers, migrate, make sure I have extensions to handle trackers, etc. I just wanted emails when I open my first gmail account. Not that.

While I do appreciate what google did with gmail (it does have tremendous benefits), the cost to get that is quite important.

[KozmoNau7]

> gmail dicthed IMAP in favor of their own API. Pluging an IMAP client into your email account requires to dig inside your account security settings and change several obscure values with scary names and warnings. Sometime it even doesn't work, and then you do it again later, and it works for no reason. A non tech saavy user will never succeed in doing that, and hence everybody will use the web base version.

I went to the settings page, selected "enable IMAP" and used the values in the provided link to set up my Gmail as an IMAP account in Thunderbird. No messing around with account security, no "obscure values" to change.

I didn't even have to generate an app-specific password (I use 2FA), because Thunderbird understands the authentication page request.

> I had "burn after reading" documents that I could never open because of this.

Why were those documents ever on an Internet-connected device?

> I just wanted emails when I open my first gmail account. Not that.

Honestly, if you didn't know back then that Google was primarily an advertising company, and that they would scan your emails to generate targeted ads, you obviously weren't following along, which seems weird considering your obvious focus on security on privacy.

I'm getting ready to migrate away from Gmail myself (I'll keep it running unused as my Google account), mostly so I can have my own domain under my own control.

[sametmax]

> I went to the settings page, selected "enable IMAP" and used the values in the provided link to set up my Gmail as an IMAP account in Thunderbird. No messing around with account security, no "obscure values" to change.

A.K.A."It works on my machine". Lucky you.

> Why were those documents ever on an Internet-connected device?

Because that's the whole purpose of 0bin.net. The fact it's a good practice or not has nothing to do with the current thread. Google should not follow links in my emails. Browsing links can have a lots of side effects, and given how little my clients knows about IT, their mails provider should not mess with their mails.

> Honestly, if you didn't know back then that Google was primarily an advertising company, and that they would scan your emails to generate targeted ads, you obviously weren't following along, which seems weird considering your obvious focus on security on privacy.

So your argument is that I made bad decisions so I should not criticism Google's behavior ? That's a weird stance.

[KozmoNau7]

> A.K.A."It works on my machine". Lucky you.

It has worked flawlessly on multiple PCs, multiple operating systems, multiple email clients. It's my primary way of using Gmail and Gcal, through Evolution on Linux Mint.

It even worked perfectly on my ancient Sony-Ericsson feature phone's terrible built-in email client, back when I still used that hunk of shit.

There are no "obscure values" to change, just a completely ordinary settings page with a toggle, and a link to the URLs and ports you need to use.

> So your argument is that I made bad decisions so I should not criticism Google's behavior ? That's a weird stance.

My argument is that you were blinded by the allure of free email with ~unlimited storage, and forgot to take into account that 1) there is no such thing as a free lunch, and 2) Google is an advertising company, first and foremost.

You knew what you were getting into, being a privacy and security minded person. If you decided to forego your principles to get a fancy @gmail.com address, that's your own mistake.

[sametmax]

That sounds a lot like the people saying "wow, you knew you were going on that part of town with that sexy dress and you got harass. Blames on you.". Errr... no.

[KozmoNau7]

The terms and conditions were clearly laid out for you when you signed up. Google was already well-known for being primarily an advertising company. It was well-known that Google implemented scanning of all mails, both for spam filtering and for advertising purposes.

This is not a "could have, would have, should have" type situation. You deliberately and unequivocally agreed to terms and conditions that very specifically lay out what Google does when it comes to the handling of your mail.

[marcosdumay]

Besides, that is in reply to a comment that is just trying to make people aware that is a bad part of town.

The replies you got are borderline insane.

[KozmoNau7]

No, a fair number of the statements in his post were and are demonstrably false.

[ryandrake]

> The gmail account is a google acount.

Yea, this is an irritating trend, not confined to Google. It's getting harder and harder to have separate accounts and separate identities (or, god forbid, no identity) across services anymore. BIG BUTTON: "LOG IN WITH FACEBOOK!!!" Small, gray 6pt text: "Create an account with us."

How about no? How about neither?

I just want to browse the web. I don't want a relationship with you, company. And I really, REALLY don't want such a close relationship where you to have this unique identifier of me that allows you to correlate my activity on your site with my unrelated or related activity on some other site. It's none of your business. I don't need you aggregating everything I do, and I don't care that you're only doing it to "improve my experience" in some vague way. My web experience was fine and dandy before you tried scanning my rectum daily.

There are a scant few sites with whom I deliberately choose to share my identity, such as HN. This should be the exception.

[sametmax]

Some of the services I make have "private urls" and/or a cookie containing a token to auto-login you so you can use it without an account. But it works only if:

- the data are not very sensitive. It's very easy to mess with.

- people are tech savvy enough to understand what a URL is or never get in a situation where they don't have the cookie

- your service is too small to attract spammers

- you can setup a decent system to prevent bot from creating accounts

It's hard, plenty of gotchas, and just satisfied a minority of privacy-minded users. Though to sell.

[chii]

I don't get why no service use the email link to login method. It already exists, but is marketed as 'forgot password'.

[icebraining]

What would be the point? You'd still have to create an account and give out your email address.