Hacker News new | ask | show | jobs
by privateSFacct 2558 days ago
As a gmail user - good to hear this. In the long run trust is going to be a much more important commodity that letting a spam app into your gmail.

If you look at the service that want access to all your gmail data - many promise something "free" but then mine that data (in the fine print) to send you offers, alert you to "savings" etc.

I automatically turn down apps that say they need access to my entire google drive and all email. Why not just ask for permissions for a single app specific folder? Ie, fax apps -> they should just store inbound faxes into one folder rather than asking for full drive access.
3 comments
Alex3917 2558 days ago
> Why not just ask for permissions for a single app specific folder?

Basically because Gmail A) doesn't have folders B) doesn't have permissions based on tags. Otherwise most Gmail API apps would have this option.

The same thing is a problem when you want to delegate access to an email account, where there should be a way to delegate access based on tags, but there just isn't.

What you can now do is create Gmail Add-Ons, which only have access to this specific thread that's open when you click to activate the add-on. E.g. this is how we created https://www.prettyfwd.com

link
orion138 2558 days ago
Looks interesting but it’s unclear to me, do you copy the threads content?

One other comment, there seems to be a spammer on the review page...

link
Alex3917 2558 days ago
> do you copy the threads content?

Basically we take each message of the thread, normalize the typography so that it can be consistently styled, and then strip off the signatures and quoted reply text while leaving any quoted inline replies. There are some open source libraries that do parts of this, but none of them worked well enough for this particular use case so we ended up just developing some new techniques ourselves.

The other thing the tech does is it lets people run much more accurate NLP on threads. This isn't fully productized yet, so right now there are just a handful of companies we're working with to clean and normalize their email data.

In terms of the spammer, yeah I see that but I'm not sure what I can really do. As the app creator I don't seem to have any special ability to delete comments or flag things as spam.

link
manigandham 2558 days ago
>> Why not just ask for permissions for a single app specific folder

That's not possible. Many people and apps have been asking for more fine-grained permissions from Google APIs for years. It hasn't been done other than a few changes on Android.

This is common with most large providers that have big 3rd party ecosystems but very poor permissions that only offer all-or-nothing access.

link
praneshp 2558 days ago
>> Why not just ask for permissions for a single app specific folder

Dropbox lets apps work on either a single app specific folder, or on your entire dropbox.

But the app has to be one type or the other, the user cannot choose what access they want to give out.

Disclosure: I work at dropbox, previously on the api-platform team.

link