[callmebison]

Wow, either the author has a serious grudge against them, or isn't willing to at least fact-check their response.

- The app checks your email on your behalf.

- You need the actual password to log into an IMAP server (android also stores your email passwords in clear text if you aren't using gmail http://code.google.com/p/android/issues/detail?id=10809).

- They clearly state this in their response, which the article completely ignores. They try to use OAuth where possible.

- They store the passwords encrypted via S3. Personally, I'd prefer that to MySQL on a VPS somewhere.

- See also: https://developer.pidgin.im/wiki/PlainTextPasswords

[laurenceputra]

I'm the author.

1) The app downloads your emails into their server.

2) Yes, they store that actual password. Which is ridiculous.

3) Yes, good for them for that, but still there are others where they store passwords. And that is not acceptable.

4) But that also means that they outsource the security part of things. Which doesn't lend faith to the idea that they know about security. And if someone realises how to control their application, all the passwords will be hacked.

5) Pidgin is stored locally. There's a difference. Not that I support it, but it's still better than someone storing my passwords.

[callmebison]

> The app downloads your emails into their server.

They need to do that to back up the emails. The product may not be something you are interested in, but it doesn't mean the execution is flawed.

> Yes, they store that actual password. Which is ridiculous.

They have to in order to retrieve the emails. Blame the standards!

> Yes, good for them for that, but still there are others where they store passwords. And that is not acceptable.

See above

> But that also means that they outsource the security part of things.

> Which doesn't lend faith to the idea that they know about security.

> And if someone realises how to control their application, all the passwords will be hacked.

This isn't something with a black and white answer and I respect your opinion on this. I personally feel that they may know plenty about security and have decided that this is the most secure option. For example, I wouldn't write my own crypto, because I know enough about security to know how hard it is to do right.

[thaumaturgy]

How do you recommend that they regularly backup a user's email messages without storing that user's login credentials for that email service?

[laurenceputra]

they can't, unless the email service gives them oauth.

and even then allowing a 3rd party to backup your emails is a very dangerous thing to do. they say that credit card is more dangerous, i say no. for credit cards you can claim fraud.

when your email gets hacked, potentially your whole digital life is gone

[thaumaturgy]

Then what you need to write is, "I think that unproven email backup services are a bad idea", not, "these guys are idiots because they store a retrievable copy of your email credentials" which is necessary for the service that they are providing.

[laurenceputra]

what they could have done is to allow users to autoforward their emails over to their servers or something. not impossible, but i'm not their employee and i'm not responsible for thinking up business strategies for them.

so yea. not necessary

[Xylakant]

You can only archive incoming e-mails via autoforward, not drafts and not outgoing email (unless you use their mailservers, which is something completely different). If I want archiving for my e-mails, I have to give up my account credentials. You could actually do sufficient mischief with the archived e-mails, you don't need the account credentials in the first place. That sucks, but it's not their fault, this kind of service is inherently insecure.

Now, if you can demonstrate that this particular company has a particularly unsafe way of storing the passwords or the retrieved e-mails, then you're getting closer to having a valid point.

[thaumaturgy]

So what you're saying is that they should limit their market to those users that can successfully set up email forwarding, solely because storing passwords is bad.

Part of the service they're offering is that they'll restore the contents of your mailbox in case of accidental or malicious deletion. I have

    mail:/var/mail/associatedtechs.com/rob@associatedtechs.com# find . | wc -l
    24846

...almost 25,000 messages in my mailbox. How do you recommend that they restore 25,000 messages to my mailbox without my account credentials?

[laurenceputra]

and by storing the passwords, they are putting their users at risk. and we are in an era where email security means more than anything. it means access to all your services.

they should go think about how they can design a service securely before offering it.

[phpnode]

your argument is similar to: "it is impossible to design a bank that can be kept 100% secure from bank robbers, therefore we shouldn't use banks"

[laurenceputra]

in fact, seeing how your account was created to post that comment and seeing how it doesn't make sense, i would suspect that you actually work for them.

[thaumaturgy]

Everything he said makes perfect sense and I agree with it. A brief look at my HN profile should tell you I don't work for them. (Never heard of them before in fact.)

I think that you are practicing cargo cult security -- you're doing a cargo dance here over password storage mechanisms in a case where it doesn't apply.

[laurenceputra]

how does it not apply?

[thaumaturgy]

http://news.ycombinator.com/item?id=4580204

[callmebison]

I don't post on HN often, and forgot the username I used last time I posted. I don't work for them.

Personally, I don't see a strong use-case for the product and it wouldn't be something I'd be interested in.

If I did work for them, I would happily mention it in a post.