Re: gmail+imap+smtp (oauth2)

[Tim Cross]

<tomas@tuxteam.de> writes:

> [[PGP Signed Part:Undecided]]
> On Fri, May 06, 2022 at 07:38:12AM -0400, Stefan Monnier wrote:
>> > Problem is, Google T&C require that the application ID is kept secret.
>> > For open source, this is a problem because we cannot add the applicaiton
>> > ID and keep it secret while making the code open source.
>> 
>> FWIW, it's also a problem for proprietary applications since the secret
>> will necessarily be somewhere inside the executable as well.  It's a bit
>> harder to find, and can be obfuscated to some extent, but as long as you
>> can run the code inside a debugger and you have enough time on your
>> hands to reverse engineer the workings of that part of the code you can
>> also extract the application ID.
>
> We know. They know. We know they know. They know we know they know.
> We've been down this drm-keys-embedded-in-application tango so many
> times already-
>
> Now someone explain to me: why do they nevertheless do it?
>
> Is it for having some T&C where they basically say "we'll
> kick you out whenever we think we want to"?
>
> I'm hard-pressed to come up with a friendlier interpretation.
>

Problem is, your looking for a rational reason. The reality is T&C are
typically written by non-technical people (often lawyers) who don't
really understand (Or care to understand) the finer points and
implications. They work in broad brushstrokes and plan to adjust/change
if there is enough stink. HOwever, in this case, the percentage of
voerall users impacted is unlikely to even register a a blip o thier
radar. 

Bootm line, we are being done in by bureaucracy and bad communication.