From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Newsgroups: gmane.emacs.devel Subject: Re: gmail+imap+smtp (oauth2) Date: Wed, 4 May 2022 07:13:16 +0200 Message-ID: References: <871qxbdulc.fsf@mat.ucm.es> <877d72nf3h.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jUXlskyQ/9MgIB+y" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="32736"; mail-complaints-to="usenet@ciao.gmane.io" To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed May 04 07:14:38 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nm7LS-0008LF-0v for ged-emacs-devel@m.gmane-mx.org; Wed, 04 May 2022 07:14:38 +0200 Original-Received: from localhost ([::1]:35772 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nm7LQ-0002bX-Hj for ged-emacs-devel@m.gmane-mx.org; Wed, 04 May 2022 01:14:36 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:57578) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nm7KE-0001wX-9F for emacs-devel@gnu.org; Wed, 04 May 2022 01:13:22 -0400 Original-Received: from mail.tuxteam.de ([5.199.139.25]:44790) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nm7KB-0000ue-NJ for emacs-devel@gnu.org; Wed, 04 May 2022 01:13:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tuxteam.de; s=mail; h=From:In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Gb4P2i6eBRXi+zevFJb9rTyYzZe7ju3dtKAYdB/+c/E=; b=g6taNok/V09iQ/5Ih8suOWgkuJ 6DKtowtizZ6XgO7EpRbNf3hrnUutmpUZ5B2unMw5Ws8GdDxKmYT9/jLkiI+h5a+NW3xn5wO19KUgR 5NQdmFXTke336xl5ROeEcgdhOdgWoHugW9H6T4ITasVSx4oQmewBNwZSox3kHVQKKvJtpm8yoEO7Z sDpCsggbUcf0oirn5rKG91CStL46Sc4D0lBlYdH3tGFBLH27ztDT5LIjU18DQl5U85AT9peiw4kzS uyak9LlJfN9/nHlHS6c4hU/55WyNM71ahIDYybOr1UK6Px/0crPtf9Uf7iC3IRU8Rnmiz89ntTDYd iVq4IjMQ==; Original-Received: from tomas by mail.tuxteam.de with local (Exim 4.94.2) (envelope-from ) id 1nm7K8-0003JB-V8 for emacs-devel@gnu.org; Wed, 04 May 2022 07:13:17 +0200 Content-Disposition: inline In-Reply-To: <877d72nf3h.fsf@gmail.com> Received-SPF: pass client-ip=5.199.139.25; envelope-from=tomas@tuxteam.de; helo=mail.tuxteam.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:289142 Archived-At: --jUXlskyQ/9MgIB+y Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 04, 2022 at 12:05:37PM +1000, Tim Cross wrote: [...] > I don't think there are any significant ethical considerations > associated with app passwords (in addition to those associated with > using Google/Gmail that is) [...] First, thanks for your clear explanation. It took me a while to wrap my head around that concept the first time I stumbled upon it (it was, BTW, a free application). Then, I have been thinking hard about the question I quoted above, as every app and her sister (even free ones!) is now copying this pattern. What this is based on is mistrust of the user: she ain't going to manage her passwords properly anyway, is she? This makes a lot of sense for big wigs like Google, Facebook et al, which thrive on having reams of users, because their marginal gains per user are extremely thin. Having a password recovery service incurs costs, so the more control is taken from those pesky unreliable users the better. What this leads to is, in my eyes, fatal: first, this narrative of the dumb user is strenghtened (I'm on the brink of thinking that this is /intentional/), second, there's no motivation to make users smarter. In one short phrase: take the user out of the equation. (That's BTW why I'm wary of all those 2FA schemes). Whether this has anything to do with free software ideals or not is stuff for another discussion. But I don't want to derail this thread even more :-) Cheers --=20 t --jUXlskyQ/9MgIB+y Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCYnILZgAKCRAFyCz1etHa Rrp8AJ99DNR0Zz11H1Y08n83SQGpWVu9HgCdEW0YeSuJpeP1G3IozzeK/770K1g= =aTjl -----END PGP SIGNATURE----- --jUXlskyQ/9MgIB+y--