[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gmail+imap+smtp (oauth2)
From: |
Thomas Fitzsimmons |
Subject: |
Re: gmail+imap+smtp (oauth2) |
Date: |
Wed, 04 May 2022 09:34:20 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) |
Hi Tim,
Tim Cross <theophilusx@gmail.com> writes:
> Richard Stallman <rms@gnu.org> writes:
>
>> [[[ To any NSA and FBI agents reading my email: please consider ]]]
>> [[[ whether defending the US Constitution against all enemies, ]]]
>> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>>
>> > I landed on the conclusion that SMTP
>> > and IMAP should keep working as long as you use app-passwords for
>> > logging in to your account.
>>
>> Can you explain what "app-passwords" are? I have never used Gmail,
>> and I don't need to know technical details, but I have to think
>> about the ethical implications of this.
[...]
> I don't think there are any significant ethical considerations
> associated with app passwords (in addition to those associated with
> using Google/Gmail that is). It is likely that setting the app password
> via the Google account settings page involves non-free Javascript, but I
> think that boat sailed when you initially sign up for a gmail account
> anyway.
One issue with OAuth2 schemes is that they periodically force the user
through a web-browser-only authentication process that requires non-free
JavaScript, in order to get a refresh token.
(I'm hoping someone can prove me wrong, and point me to a command-line
procedure using only free software that allows me to get a refresh token
when required. We're told OAuth2 is a modern standard, right? So there
should be a modern, standard way of doing the same things as the
JavaScript authentication blobs... right?)
There are two issues, which I think should be considered separately:
One-time registration requiring non-free JavaScript (1).
Subsequently requiring non-free JavaScript for authentication to use
IMAP or SMTP protocols (2).
See the discussion in this bug report, closed wontfix:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=41386
I'm hoping the FSF will study and comment on the issue in general, given
that gmail.com, such a large email provider, is making this OAuth2
change. To me, issue (2) seems like a high priority one for Free
Software. Keep in mind that avoiding issue (1) isn't always optional,
from an employee/student perspective.
Thomas
Re: gmail+imap+smtp (oauth2), Richard Stallman, 2022/05/03
Re: gmail+imap+smtp (oauth2), Tim Cross, 2022/05/04
Re: gmail+imap+smtp (oauth2), Thomas Fitzsimmons, 2022/05/04
Re: gmail+imap+smtp (oauth2), Richard Stallman, 2022/05/05
Re: gmail+imap+smtp (oauth2), Tomas Hlavaty, 2022/05/06
Re: gmail+imap+smtp (oauth2), Richard Stallman, 2022/05/06
Re: gmail+imap+smtp (oauth2), Tim Cross, 2022/05/07
Re: gmail+imap+smtp (oauth2), Richard Stallman, 2022/05/08
Re: gmail+imap+smtp (oauth2), Tim Cross, 2022/05/08