On Wed, May 04, 2022 at 12:05:37PM +1000, Tim Cross wrote:

[...]

> I don't think there are any significant ethical considerations
> associated with app passwords (in addition to those associated with
> using Google/Gmail that is) [...]

First, thanks for your clear explanation. It took me a while to
wrap my head around that concept the first time I stumbled upon
it (it was, BTW, a free application).

Then, I have been thinking hard about the question I quoted above,
as every app and her sister (even free ones!) is now copying this
pattern.

What this is based on is mistrust of the user: she ain't going to
manage her passwords properly anyway, is she?

This makes a lot of sense for big wigs like Google, Facebook et al,
which thrive on having reams of users, because their marginal gains
per user are extremely thin. Having a password recovery service
incurs costs, so the more control is taken from those pesky unreliable
users the better.

What this leads to is, in my eyes, fatal: first, this narrative of
the dumb user is strenghtened (I'm on the brink of thinking that
this is /intentional/), second, there's no motivation to make users
smarter.

In one short phrase: take the user out of the equation.

(That's BTW why I'm wary of all those 2FA schemes).

Whether this has anything to do with free software ideals or not
is stuff for another discussion. But I don't want to derail this
thread even more :-)

Cheers
-- 
t