Re: gmail+imap+smtp (oauth2)

[Tim Cross]

Óscar Fuentes <ofv@wanadoo.es> writes:

> Robert Pluim <rpluim@gmail.com> writes:
>
>>     Óscar> If I read this right:
>>
>>     Óscar> https://support.google.com/accounts/answer/185833?hl=en
>>
>>     Óscar> app passwords require to have 2FA turned on. So you have to go 
>> through
>>     Óscar> the 2FA process anyway with app passwords.
>>
>> When creating the app password, maybe (itʼs been so long since I
>> created my app password for Gnus that I donʼt remember). But *using*
>> the app password just requires presenting it using the normal
>> IMAP/SMTP/etc authentication protocols.
>
> Good to know, thanks. So you don't have to bear with 2FA each time you
> access your e-mail, but the privacy concern doesn't change: you must
> give your phone number to Google.

Not sure if that is true. Google originally used SMS based 2FA (as did
many service providers originally). However, that approach is no longer
preferred (I think they still support it, but don't recommend it).
However, I think they now support a couple of different 2FA schemes,
such as using an authenticator app you register by scanning a QR code
and I think they now also support hardware keys like yubikey. They don't
need yuour phone number for these methods (but I'm not sure if they
still require you to provide it).

Still, if privacy is your concern, I'm not sure you should be using
google anyway! Worrying about them having your phone number is minor
compared to all the data they have about you in your emails (which
probably also have your phone number in some of them anyway).