The developer has been forced to remove NetGuard & Fair Mail privacy mail from the Google Play Store due to Google anti-competitive anti-privacy practices

[Andy Burnelli]

FYI...

The developer has been forced to remove NetGuard & Fair Mail privacy mail
from the Google Play Store repo due to Google anti-competitive practices.
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>

The way I see it (as do others), Google is attacking privacy & competition
by making it almost impossible for people to authorize their accounts by
OAUth2 mechanism (Google prefers you trade away your privacy by giving
Google a "second something" instead of OAUth2, apparently).

Since these anti-competitive and anti-privacy practices are forbidden in
Europe, and since the developer is in Europe, I've added the UK telecom ng
(which isn't in the EU, but whose laws may mirror some of those in the EU).
--
Posted as a kind-hearted purposefully helpful information to help others.

[Andy Burns]

Andy Burnelli wrote:

> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>

Expecting new eyeballs to jump into the middle of a 1150+ page forum thread and
understand what has been going on seems somewhat unlikely

About half the groups I read these days seem to have been taken over by oauth2
threads, I'd rather see it confined to fewer groups, than spread to more :-(

[Andy Burnelli]

Andy Burns wrote:

> Expecting new eyeballs to jump into the middle of a 1150+ page forum thread and
> understand what has been going on seems somewhat unlikely
>
> About half the groups I read these days seem to have been taken over by oauth2
> threads, I'd rather see it confined to fewer groups, than spread to more :-(

Hi Andy,

I agree the XDA thread is over a thousand pages, which you and I have kept
up with perhaps, but the average Android user isn't going to keep up with.
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/page-1152>

The short is if you want a privacy based MUA, you'd better get it now.
<https://github.com/M66B/FairEmail/releases>
<https://github.com/M66B/FairEmail/releases/download/1.1945/FairEmail-v1.1945a-github-release.apk>
As development, AFAIK, has currently _stopped_ due to Google's unilateral
attack on email privacy for 3rd-party MUAs (presumably including K-9 Mail).

To Andy's point, I've removed the UK telecom folks from the followup as the
main goal of this thread was to post a PSA/FYI to be purposefully helpful
to the team, at large, in order to let people around the world on Android
know that if they want a privacy oriented MUA, they'd better get it now
(whether that's Thunderbird/K-9 or Fair Mail or some other 3rd-party MUA).

For those in this main Android newsgroup, basically what's happening is
Google had grossly deprecated mail privacy as of May 30th, 2022, and at the
same time (unbeknownst to us until recently), Google has also unilaterally
prevented third-party MUAs from accessing Google mail servers.

What Google has been doing is throwing out there autocratic arbitrary rules
against privacy/competition, and waiting to see what sticks - and then when
the uproar has been sufficient, slowly Google relaxes the rules that people
fought... (but only when people fought back!)... which has been the case
with OAUth2 inside 3rd-party MUAs for accessing Google mail servers.

At first, back in March, Google, without warning to developers, disallowed
OAUth2 over the web by erecting an artificial anti-competitive stone wall
to the tune of 15K dollars to $75K dollars yearly (which free apps just
can't afford).

Then in May, the uproar started as Android users found they couldn't use a
3rd-party MUA without adding a Google mothership tracking account to their
Android phone!

Then, in the early summer, after Google allowed OAUth2 over the web for
Android 3rd-party MUAs, Google then erected an artificially low (I think it
started at 30K tokens) OAUth2 token limit (which Google successively raised
to 40K and then 60K) as far as I can recall - but it's _still_ far too low
of a token limit.

Month by month, as the uproar grew, Google slowly relaxed some of these
arbitrary autocratic purposefully anti-competitive anti-privacy limits.

But they're still there!
(Just at a slightly lower MUA developer pain threshold!)

That pain threshold has been reached for some 3rd-party MUA developers
such as Marcel Bokhorst who feels this is anti-competitive behavior and who
plans on filing a complaint to the EU on Google's autocratic behavior.

Therefore, Marcel has pulled his privacy based Mail User Agent from the
Google Play Store repository (along with the only good free firewall).

Because Google has restricted privacy-based MUAs to an artificially low
OAUth2 token limit.

What happens after the app reaches that limit is _all_ subsequent users of
that app will NOT be able to authenticate their Google mail account!
Period.

The user won't know _why_ and the user will blame the 3rd-party MUA.
Especially given the Google GMail MUA is not subject to any token limit.

Therefore, the developer was forced to yank his products from the Google
Play Store repository, as it's unfair to users that third-party MUAs all of
a sudden, for no reason that they can determine, stop working with Google
mail servers. Just like that.

It's clear _why_ Google is doing this, as the last thing Google wants is
for people to have a modicum of privacy; but what's worse is that Google
seems to be breaking the laws on anti-competitive behavior, in addition to
breaking EU laws on privacy.

Bear in mind that Google is essentially forcing millions (maybe billions?)
of people to give them their privacy (via the "second something", and bear
in mind how utterly devious Google is (much like Apple is) in _how_ they
present your "choices" for email authorization.

For example, if you look at all the "choices" Google pretends to give you
to authorize on a 3rd-party MUA, you might not realize that _all_ but one
require that "second something" loss of your privacy (e.g., app passwords,
while they "sound" good, require 2FV/2SV, as do _all_ the other choices).

NOTE: The choices that Google pretends to supply are in the sig, but they
all boil down to trading with Google for your privacy to use their mail
servers by giving Google an extra "second something" that all this is
designed to garner from you by Google.

It _looks_ like you have choices, right?
But Google is lying to you as you see when you attempt each of them.

There's just 2SV/2FV (via about a half dozen "choices") & then there's
OAUth2 (via only two choices, one of which _requires_ a Google Account set
up on the device, which nobody who cares about privacy would ever accept) -
but luckily the other OAUth2 method is via the web (which Google only very
recently allowed for 3rd-party MUAs on Android).

Hence Google (much like Apple) is lying to us (taking us to be fools).

There aren't a half dozen choices; there are two.
a. A "second something" (via 2SV/2FA or via an on-device account), or,
b. OAUth2 (via the web).

What Google is doing to the 3rd-party MUA developers is basically causing
their 3rd-party mail clients to stop working with Google mail servers for
any individual user after Google's arbitrarily puny limit on OAUth2 tokens
has been exceeded. Without telling the individual use a single thing!

This is much like how Apple operates, and is clearly (IMHO and in the eyes
of others) a gross violation of anti-competitive & privacy laws in Europe.

The sole purpose of this thread is to kindly let people know this is
happening, precisely because they haven't been reading the thousand page
thread like I have been doing (and presumably Andy Burns has been keeping
up on).

f'up set to comp.mobile.android only
--
Together we are vastly more powerful knowing what we know collectively.

1. OAuth2 (using an on-device Google Account or web OAuth2), or,
2. Autoforward Google mail to a non-Google account, or,
3. 2FA/2SV/MSV/MFA via a variety of authenticators, such as...
a. app passwords
<https://support.google.com/mail/answer/185833>
b. Some kind of "2FA/2SV/MSV/MFA authenticator" app
<https://support.google.com/accounts/answer/1066447>
such as...
FreeOTP Authenticator
<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>
Google Authenticator
<https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator>
Authy
<https://play.google.com/store/apps/details?id=com.authy.authy>
FreeOTP+
<https://play.google.com/store/apps/details?id=org.liberty.android.freeotpplus>
etc.
c. USB tokens
d. Time-based one-time passwords (TOTP)
e. SMS 2FA
f. Use the phone's built-in security key
<https://support.google.com/accounts/answer/9289445>
g. Use a physical "security key"
<https://support.google.com/accounts/answer/6103523>
h. Get a one-time security code from another device
<https://support.google.com/accounts/answer/2917834>
i. Enter one of your 8-digit backup codes
<https://support.google.com/accounts/answer/1187538>
j. Sign in using QR codes
<https://support.google.com/accounts/answer/9283368>
k. Set up a "trusted computer" for sign in
<https://support.google.com/accounts/answer/2544838>
l. Sign in with "google prompts"
<https://support.google.com/accounts/answer/7026266>
m. Any others?

[Carlos E. R.]

On 26/07/2022 21.51, Andy Burnelli wrote:
> Andy Burns wrote:
>
>> Expecting new eyeballs to jump into the middle of a 1150+ page forum
>> thread and understand what has been going on seems somewhat unlikely
>>
>> About half the groups I read these days seem to have been taken over
>> by oauth2 threads, I'd rather see it confined to fewer groups, than
>> spread to more :-(
>
> Hi Andy,
>
> I agree the XDA thread is over a thousand pages, which you and I have kept
> up with perhaps, but the average Android user isn't going to keep up with.
> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/page-1152>
>
>
> The short is if you want a privacy based MUA, you'd better get it now.
> <https://github.com/M66B/FairEmail/releases>
> <https://github.com/M66B/FairEmail/releases/download/1.1945/FairEmail-v1.1945a-github-release.apk>
>
> As development, AFAIK, has currently _stopped_ due to Google's unilateral
> attack on email privacy for 3rd-party MUAs (presumably including K-9 Mail).
>
> To Andy's point, I've removed the UK telecom folks from the followup as the
> main goal of this thread was to post a PSA/FYI to be purposefully helpful
> to the team, at large, in order to let people around the world on Android
> know that if they want a privacy oriented MUA, they'd better get it now
> (whether that's Thunderbird/K-9 or Fair Mail or some other 3rd-party MUA).

The idea that you (not you in particular, Arlen, but anyone (including
you)) care about privacy while using a google mail address is
ridiculous. Just use a different mail provider and move on.

--
Cheers,
Carlos E.R.

[Carlos E. R.]

On 26/07/2022 19.27, Andy Burnelli wrote:
> FYI...
>
> The developer has been forced to remove NetGuard & Fair Mail privacy mail
> from the Google Play Store repo due to Google anti-competitive practices.
> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>
>
>
> The way I see it (as do others), Google is attacking privacy & competition
> by making it almost impossible for people to authorize their accounts by
> OAUth2 mechanism (Google prefers you trade away your privacy by giving
> Google a "second something" instead of OAUth2, apparently).

They want you to use Oauth2 AND to use a second something, like a phone
number.

--
Cheers,
Carlos E.R.

[Andy Burnelli]

Carlos E. R. wrote:

> The idea that you (not you in particular, Arlen, but anyone (including
> you)) care about privacy while using a google mail address is
> ridiculous. Just use a different mail provider and move on.

Hi Carlos,

Thanks for that kind-hearted advice to not use a Google mail server.

I don't understand how you arrived at your conclusion which is why, as one
adult to another, I'd like to ask you how you arrived at your conclusion.

*May I ask you _why_ you feel the way you do.*
(Anyone else who feels the same way can also respond.)

Bear in mind I'm eminently logical, sensible, and reasonable.
At least I try to be.

I don't do things that don't make sense (if I understand what I'm doing).
And, as I understand the problem set, you have only three choices:
a. Don't use any email server, or,
b. Use a non-Google email server, or,
c. Use a Google email server

But that's a completely different topic than privacy, since email is
private, for the most part, is it not? (barring a subpoena anyway)

Hence I do not understand how you arrived at the conclusion you arrived at.

What makes you think that Google is taking away my privacy simply by the
fact that I log into a Google mail server every few months on my phone?
--
The answer to this question is important because details are what matter!

[Andy Burnelli]

Carlos E. R. wrote:

> They want you to use Oauth2 AND to use a second something, like a phone
> number.

Hi Carlos (or anyone else who knows the answers to the questions below),

Do you know, or does _anyone_ know, if you need that "second something"
when you use OTA tools, such as the two shown in the screenshot below?
<https://i.postimg.cc/YqWvzF4W/fairemail02.jpg> Android OTP options

Because if OTA requires a "second something" (e.g., a login into an
Internet server or a phone number), then they're useless for our purpose.

The goal is to log into Google servers with the least loss of privacy
possible, and that is only because, unfortunately, Google servers give the
users the best options in terms of storage, lack of spam, speed, etc.

None of this conversation was needed until Google unilaterally deprecated
3rd-party MUA login/password access to Google email servers on May 30th.

Hence, I thank you for trying to flesh out the problem set as I've been on
that thousand-page thread ever since Google warned us they would change the
way all 3rd-party MUAs authenticated way back in the early March timeframe.
<https://i.postimg.cc/MGfN2Z7r/gmailpasswd01.jpg> Google May 30 notice

Then, on May 30th, 3rd-party MUAs suddenly stopped working with Google.
<https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg> K-9 & Fair Email MUAs

About a month or so ago, a key K-9 developer, Christian Ketterer (aka
cketti) joined the Thunderbird team and added OAUth2 via the creation of a
Google on-device account, which code he shared with Marcel Bokhorst, who
did the same - because at that time Google required an annual up to $75K
dollar security audit to implement web-OAUth2 like Thunderbird does.

About two weeks or so ago, Google, when threatened with anti-competitive
lawsuits, apparently loosened that stone wall they erected preventing
OAUth2 from working on Android without also creating an on-device Google
account. Shortly thereafter, Christian implemented OAUth2 for Office365 and
he shared the libraries with Marcel, such that in the latest release of K-9
mail (version 6.201), there is no longer a need for a Google on-device
account for 3rd-party MUAs to authorize via OAUth2.

That means your statement above is perhaps no longer correct, in that, as
of only a few days ago, there is no longer a need for a "second something"
to authenticate K-9 or Fair Email via OAuth2 according to what I've been
told recently by Marcel Bokhorst (and as per my tests of both MUAs).
<https://i.postimg.cc/15XPh8nc/k9mail01.jpg> K-9 Mail with OAuth2 6.200
<https://i.postimg.cc/rpWC5zxw/k9mail02.jpg> GPS vs F-Droid K-9 update
<https://i.postimg.cc/Y2XDxnhG/k9mail03.jpg> K-9 Mail version 6.201
<https://i.postimg.cc/5NqnKf9t/k9mail04.jpg> OAuth2 finally uses the web
<https://i.postimg.cc/W4Knq385/k9mail05.jpg> NO Google Account on Android!

Of course, if anyone is dumb enough to use the Google GMail MUA, then, of
course, Google will unilaterally _create_ an on-device Google account.

However, most people who care about good email servers would likely set up
a Google account, but if they also care about Android privacy, they would
never use the Google GMail MUA for that reason alone (and others).

The only possible solution, until a better mail server is available anyway,
is to set up a Google mail account and _only_ use it for email using a
third-party mail user agent that respects OAUth2 without the Google
on-device account (which, as far as I know, is only K-9 & Fair Email).
<https://i.postimg.cc/Jz0TvyKQ/fairemail01.jpg> FairEmail auth options
<https://i.postimg.cc/nhHFRK3L/fairemail03.jpg> web-OAuth example

Notice, for example, there are _two_ OAUTH2 choices in Fair Email:
<https://i.postimg.cc/Jz0TvyKQ/fairemail01.jpg> FairEmail auth options
a. The first uses the "second something" of an on-device account
b. The second does not (this is new as of just this week for MUAs!)

However, I'm not sure if the OTA apps also require a "second something".
<https://i.postimg.cc/YqWvzF4W/fairemail02.jpg> Android OTP options

Do they?

[Jeff Layman]

On 26/07/2022 18:27, Andy Burnelli wrote:
> FYI...
>
> The developer has been forced to remove NetGuard & Fair Mail privacy mail
> from the Google Play Store repo due to Google anti-competitive practices.
> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>

Marcel says that he has restored the app to the Play Store:
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87202201>

On a sort of side note, at
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/page-1150#post-87201189>
Marcel wrote "Version 1.1944 is available on GitHub now (and version
1.1943 was erased from history to prevent F-Droid from building it)."

Why the need "to prevent F-Droid from building it"?

--

Jeff

[Theo]

In comp.mobile.android Andy Burns <use...@andyburns.uk> wrote:
> Andy Burnelli wrote:
>
> > <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>
>
> Expecting new eyeballs to jump into the middle of a 1150+ page forum thread and
> understand what has been going on seems somewhat unlikely

There's a summary timeline here:
https://email.faircode.eu/status/

(elsewhere, I heard that getting access to OAuth2 from Google requires
$15,000. I'm not sure if they waive that for open source clients but it
seems like Google place arbitrary limits on how many users can request OAuth
tokens, which is problematic if you have a popular app)

> About half the groups I read these days seem to have been taken over by oauth2
> threads, I'd rather see it confined to fewer groups, than spread to more :-(

+1. It seems to be contagious, so many people not understanding what they
needed to do.

Theo

[Carlos E. R.]

On 27/07/2022 06.01, Andy Burnelli wrote:
> Carlos E. R. wrote:
>
>> The idea that you (not you in particular, Arlen, but anyone (including
>> you)) care about privacy while using a google mail address is
>> ridiculous. Just use a different mail provider and move on.
>
> Hi Carlos,
>
> Thanks for that kind-hearted advice to not use a Google mail server.
>
> I don't understand how you arrived at your conclusion which is why, as one
> adult to another, I'd like to ask you how you arrived at your conclusion.

Gmail has NEVER respected the privacy of email. This was clear in the
conditions we signed when they started, maybe 2005 or thereabouts. They
never lied about this, or hid this. They clearly said from the start
that our mail would be machine scanned and processed.

Then, the USA authorities have access to emails and data from Europeans,
if stored in machines on USA soil, and recent regulations claim they
also have access if the machines reside in Europe. Which is why several
courts in the EU are now prohibiting the use of Google in schools and
government organizations.

So plain simple: if you want privacy never use a gmail address, nor you,
nor your correspondents.


Mind, they do care about security and identity theft, and it is true
that using Oauth2 ad 2FA are steps in that direction. They machine read
your email, but make it very difficult for others to read it.

--
Cheers,
Carlos E.R.

[Carlos E. R.]

On 27/07/2022 11.11, Theo wrote:
> In comp.mobile.android Andy Burns <use...@andyburns.uk> wrote:
>> Andy Burnelli wrote:
>>
>>> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>
>>
>> Expecting new eyeballs to jump into the middle of a 1150+ page forum thread and
>> understand what has been going on seems somewhat unlikely
>
> There's a summary timeline here:
> https://email.faircode.eu/status/
>
> (elsewhere, I heard that getting access to OAuth2 from Google requires
> $15,000. I'm not sure if they waive that for open source clients but it
> seems like Google place arbitrary limits on how many users can request OAuth
> tokens, which is problematic if you have a popular app)

Alpine, a text mode client for Linux with a Windows version, has access
and the developer certainly doesn't pay. You can read how he does it. I
don't remember, but being a niche application it is possible it is
covered by that.

(it is also used by blind people)


--
Cheers,
Carlos E.R.

[Carlos E. R.]

On 27/07/2022 07.19, Andy Burnelli wrote:
> Carlos E. R. wrote:
>
>> They want you to use Oauth2 AND to use a second something, like a
>> phone number.
>
> Hi Carlos (or anyone else who knows the answers to the questions below),
>
> Do you know, or does _anyone_ know, if you need that "second something"
> when you use OTA tools, such as the two shown in the screenshot below?
> <https://i.postimg.cc/YqWvzF4W/fairemail02.jpg> Android OTP options
>
> Because if OTA requires a "second something" (e.g., a login into an
> Internet server or a phone number), then they're useless for our purpose.
>
> The goal is to log into Google servers with the least loss of privacy
> possible, and that is only because, unfortunately, Google servers give the
> users the best options in terms of storage, lack of spam, speed, etc.
>
> None of this conversation was needed until Google unilaterally deprecated
> 3rd-party MUA login/password access to Google email servers on May 30th.

I know for a fact that they want you to use some form of 2FA, and the
phone appears to be the preferred method (I'm not familiar with others).
And they also want you to use Oauth2. Any method you find to bypass the
requirement of 2FA will be, eventually, killed.

So what I do is use application passwords, combined with my phone (which
they don't like, but are still working).

Notice that these requirements do no affect enterprise or organizations
that use gmails services, like for example, @ieee.org addresses, because
the policies are set by the organization, not google directly.


Notice that other mail servers also demand a phone number when setting
up an account. Even Protonmail.


--
Cheers,
Carlos E.R.

[Joerg Lorenz]

Am 27.07.22 um 12:41 schrieb Carlos E. R.:

> Gmail has NEVER respected the privacy of email. This was clear in the
> conditions we signed when they started, maybe 2005 or thereabouts. They
> never lied about this, or hid this. They clearly said from the start
> that our mail would be machine scanned and processed.
>
> Then, the USA authorities have access to emails and data from Europeans,
> if stored in machines on USA soil, and recent regulations claim they
> also have access if the machines reside in Europe. Which is why several
> courts in the EU are now prohibiting the use of Google in schools and
> government organizations.

That is in the meantime the case for many services of US-companies. For
instance Gamil, Yahoo, Facebook, WhatsApp, Instagram and others.

Everything from Google or Facebook is really problematic for the
reputation of the user. Personally I do not accept mails from senders
with a @gmail-address or persons using servers belonging to Google.

--
Ex iniuria ius non oritur

[Andy Burns]

On 27/07/2022 11:46, Carlos E. R. wrote:

> Alpine, a text mode client for Linux with a Windows version, has access and the
> developer certainly doesn't pay.

<https://alpineapp.email/alpine/alpine-info/misc/xoauth2.html>

[Andy Burns]

Andy Burns wrote:

> <https://alpineapp.email/alpine/alpine-info/misc/xoauth2.html>

"The idea of XOAUTH2 is to create the illusion of security by allowing only
temporary access to a user to their own data"

[Carlos E. R.]

I don't have the freedom to refuse mails from my own family or friends.

--
Cheers,
Carlos E.R.

[Andy Burnelli]

Carlos E. R. wrote:

>> I don't understand how you arrived at your conclusion which is why, as one
>> adult to another, I'd like to ask you how you arrived at your conclusion.
>
> Gmail has NEVER respected the privacy of email.

Hi Carlos (and anyone else who feels the problem is Google mail servers),

Thanks for providing your logic as I'm eminently logical & sensible.
You have only three choices... so I have to choose one of those three:
1. Don't do email
2. If you do email, either do Google email, or,
3. Use someone elses email (Yahoo, Protonmail, Microsoft, whatever).

My question is how is Google any different than those?

Of course, it's not as private as protonmail, but then you have to weigh
the fact that protonmail is vastly limited compared to Google email.

Hence, my question to you is, for privacy...
*What Android solution do you suggest that's better than what I suggest?*
A. No on-device Google Account (never never never never!) & no 2FA/2SV
B. Google email servers (simply because they're the best functionality)
C. 3rd-party MUA with web-OAuth (which only existed this week!)

> This was clear in the
> conditions we signed when they started, maybe 2005 or thereabouts. They
> never lied about this, or hid this. They clearly said from the start
> that our mail would be machine scanned and processed.

Google scans receipts, for example, which I don't like.
But you still need to choose an email provider... you can't just say don't
use Gmail and leave it at that as that's not a solution.

What provider would you choose, if not Google?

For example, perhaps Yahoo doesn't scan your receipts, but did you ever see
how much spam gets into a Yahoo account versus in a Google account?

Maybe Microsoft mail doesn't scan your receipts like Google does, but does
Microsoft give you a free 15GB for each account?

Being an adult means forming logical sensible reasonable assessments, where
I don't feel Google is more private than anyone else, but I don't know if
anyone else is any more private than Google is (other than receipt
scanning, which I don't like that Google does).

> Then, the USA authorities have access to emails and data from Europeans,
> if stored in machines on USA soil, and recent regulations claim they
> also have access if the machines reside in Europe. Which is why several
> courts in the EU are now prohibiting the use of Google in schools and
> government organizations.

I'm sure Google is a bit less private than, oh, say, Apple email is, but
even Apple will hand your email to the authorities at a mere whim (much
like Google does), particularly for mail older than 30 days in the USA.

In summary, just saying Google mail isn't private isn't logically a good
answer to the question - as we need logical sensible facts to make that
assessment.

And then we have to find someone else for our email.
Which email provider do you suggest?

> So plain simple: if you want privacy never use a gmail address, nor you,
> nor your correspondents.

C'mon Carlos.

That's not how logical sensible reasonable people think.
It's all well and good to say don't use Google email.
But you have to provide an alternative.

I don't like Google any more than you do.
But I want to have email.

My question to you is the question any sensible adult would ask of you.
*What mail provider do you suggest that is better than Google overall?*

> Mind, they do care about security and identity theft, and it is true
> that using Oauth2 ad 2FA are steps in that direction. They machine read
> your email, but make it very difficult for others to read it.

I'm not disagreeing with you that Google machine reads your email.

I'm also not disagreeing that the 2FA/2SV steps that Google forced upon us
on Android since May 30th to just this week are a trade of your privacy in
favor of your security.

I don't ever disagree with facts.
Only fools disagree with facts.

I will say that now, as of just this week, with web-OAuth being available
to Android 3rd-party MUAs via Christian Ketterer's OAuth code, that I
assess web-oauth to be the least privacy invasive of all the Android
choices.

I don't know all the privacy implications though, but currently I'm using:
a. Google mail servers (because I don't know of anything better), and,
b. Web-Oauth on 3rd-party MUAs (which only existed just this week!)

And _that_ solution, for me, is "private" enough.

As one logical sensible reasonable adult to another, I don't think it's an
adult stance for someone to scream out "don't use Google email!" without
providing a better solution.

For privacy...
*What Android solution do you suggest that's better than what I suggest?*
A. No on-device Google Account & no 2FA/2SV (never never never never!)
B. Google email servers (simply because they're the best functionality)
C. 3rd-party MUA with web-OAuth (which only existed this week!)

[Andy Burnelli]

Joerg Lorenz wrote:

> That is in the meantime the case for many services of US-companies. For
> instance Gamil, Yahoo, Facebook, WhatsApp, Instagram and others.

Hi Joerg Lorenz, [and anyone else who thinks they have a better solution]

*What better solution do you suggest in terms of Android email privacy?*

It's all well and good for people to scream out not to use Google mail
servers if you care about your privacy...

But... *that's not an adult stance since you have to provide a solution.*

The solution I suggest makes use of both privacy & functionality in a
single package - but maybe someone out there has a better solution?

Here's what I suggest in terms of Android email privacy:
1. Use Google mail servers (only because they're the best overall)
2. Never turn on 2FA/2SV & never allow an on-device Google account!
3. Never use the GMail app (it _creates_ that on-device Google account!
(instead, use a 3rd-party MUA that authorizes over web-oauth).

As of this week, there are two 3rd-party MUAs I know of that do web-oauth
A. Fair Email
B. K-9 Mail

I'm a logical sensible adult, and as such, I don't like Google any more
than anyone else does - but you can't just say "Don't use Google servers"
without providing a _better_ solution (in terms of privacy) than mine.

*What better solution do you suggest in terms of Android email privacy?*

[Andy Burnelli]

Hi Andy,
I skimmed that Alpine XOAuth configuration page you kindly provided...
<https://alpineapp.email/alpine/alpine-info/misc/RegisteringAlpineinGmail.html>
And the concomitant Alping Google XOAuth setup page it referenced...
<https://alpineapp.email/alpine/alpine-info/misc/AuthorizeAlpineGmail.html>
especially in light of the fact the xoauth sign in looks similar to what I
found using Fair Email web-oauth yesterday (which is a brand new feature).

<https://i.postimg.cc/Jz0TvyKQ/fairemail01.jpg> FairEmail auth options

<https://i.postimg.cc/YqWvzF4W/fairemail02.jpg> Android OTP options

<https://i.postimg.cc/nhHFRK3L/fairemail03.jpg> web-OAuth example

Did you see any mention of those Google-specific "magic strings" in Alpine
that you found when you searched the K-9 source code a couple days ago?
<https://github.com/thundernest/k-9/blob/main/app/k9mail/build.gradle#L79>
buildConfigField "String", "OAUTH_GMAIL_CLIENT_ID", "\"262622259280-hhmh92rhklkg2k1tjil69epo0o9a12jm.apps.googleusercontent.com\""
buildConfigField "String", "OAUTH_YAHOO_CLIENT_ID", "\"dj0yJmk9aHNUb3d2MW5TQnpRJmQ9WVdrOWVYbHpaRWM0YkdnbWNHbzlNQT09JnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PWIz\""
buildConfigField "String", "OAUTH_AOL_CLIENT_ID", "\"dj0yJmk9dUNqYXZhYWxOYkdRJmQ9WVdrOU1YQnZVRFZoY1ZrbWNHbzlNQT09JnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PWIw\""
buildConfigField "String", "OAUTH_MICROSOFT_CLIENT_ID", "\"e647013a-ada4-4114-b419-e43d250f99c5\""
buildConfigField "String", "OAUTH_MICROSOFT_REDIRECT_URI", "\"msauth://com.fsck.k9/Dx8yUsuhyU3dYYba1aA16Wxu5eM%3D\""

You found Google-specific "magic strings" in the K-9 source code, which,
when I discussed them with the Fair Email developer, he said it was even
"worse than that" in that you have to sign an agreement with Google in
order to use them...

As someone else noted, Marcel Bokhorst has added FairEmail (and presumably
NetGuard) back to the Google Play Repository because his token count
suddenly and inexplicably dropped below Google pre-set arbitrary levels
(which, let's be clear, the Google GMail app isn't limited by).
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87202201>

I believe there is a lesson here, in that what you and I know about this
is what very few people are aware of, which is that Google unilaterally
declared an unprovoked attack on privacy that we only found out about
in March, and which took effect after May 20th, 2022.
<https://i.postimg.cc/MGfN2Z7r/gmailpasswd01.jpg> Google March notice
<https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg> Login/passwd deprecated
<https://i.postimg.cc/cL9r9qFW/gmailpasswd05.jpg> Less secure app access

1. Google made draconian rules trading your privacy for security
2. People scrambled (all of whom used 2FA/2SV or an on-device account!)
[That is super critical for people to understand - most of whom don't!)
3. Then, only this week, did a modicum of privacy return with web-OAUth2

Notice Google let people squirm for the past four months!
It took those four months to come up with a solution which is private!
In the interim, millions of people fell for Google's subterfuge!

How many of them are going to back out now?

What Google did was trick clueless users into accepting the only "solution"
that existed until just this week, which was to force users to accept
a. Either accepting the addition of 2SV/2FA
(which is needed for things such as "App Passwords" or OTA tools)
b. Or, accepting the creation of an on-device Google Account

Until just this week, those were the ONLY options, despite Google
nefariously fooling dumb people into believing there were many
options (but all of them boiled down to those two above!).

If you ask Google, for example, they'll proudly proclaim that
you don't have to give them your phone number... why heck...
you can authenticate via any number of mechanisms, they say,
such as:

Yet, there is this unavoidably pervasive "ripple effect" on privacy in that
devious response above - which means - in the end - there are, (AFAICT),
only two practical ways to authenticate after May 30th, 2022...
a. OAuth2, or,
b. 2SV/2FA

Of course, with OAuth2, there are also only two approaches (AFAIK)
1. OAUth2 via an on-device account, or,
2. OAUth2 via a web-auththication mechanism.

Note the privacy difference between those two is ASTOUNDING!

The privacy tradeoff I don't know how to calculate isn't the difference
between on-device and via-web authentication (because that one is a no brainer)...
but... the privacy tradeoff I am not equipped to calculate is
what's the difference (in privacy) between...
A. OAuth2 to Google servers via web authentication, versus
B. Any of those 2SV/2FA mechanisms google pushes above?

Is OAuth2 via web authentication giving away less privacy than the
2SV/2FA methods (some of which require a login account elsewhere)?

[J. P. Gilliver (John)]

On Wed, 27 Jul 2022 at 08:27:14, Jeff Layman <Je...@invalid.invalid> wrote:
(my responses usually follow points raised):

> Why the need "to prevent F-Droid from building it"?

He had added a poison pill to fairemail which people who paid for the app
and who donated money to his project quickly talked him out of. Github is
primary, the rest are secondary so he tried to nip it in the bud before it
propagated to F-Droid.

His mother has been given about a month to live so he also is in an
emotional state, understandably so.

Google is putting him through the wringer for no good reason as his token
count has been artificially limited but they don't limit the gmail apk.

Anti competitive.
Anti privacy.

If there is a better solution than google, now is the time to set it up.

[Gronk]

Carlos E. R. wrote:

> Notice that other mail servers also demand a phone number when setting
> up an account. Even Protonmail.

Usually that's "only" for the verification message.
They are supposed to throw away the phone number after that one-time use.
Do they?

[nospam]

In article <jkck5t...@mid.individual.net>, Carlos E. R.

<robin_...@es.invalid> wrote:

>
> Notice that other mail servers also demand a phone number when setting
> up an account. Even Protonmail.

not always.

<https://proton.me/support/human-verification>
...You may be asked to verify using either CAPTCHA, email,
or SMS. We have an intelligent algorithm that determines the
required verification method based on a number of factors.

[Andy Burnelli]

nospam wrote:

>> Notice that other mail servers also demand a phone number when setting
>> up an account. Even Protonmail.
>
> not always.
>
> <https://proton.me/support/human-verification>
> ...You may be asked to verify using either CAPTCHA, email,
> or SMS. We have an intelligent algorithm that determines the
> required verification method based on a number of factors.

I have probably at least a half dozen protonmail accounts.
I like them because they work with Tor (albeit very slowly).

However, they'll drive you nuts if you are on VPN when you set them up.

But if you use your own IP address (or that of a neighbor), they go easy on
you. Just like nospam says above.
--
By way of contrast, Google email servers hate when you use VPN.
Ask me how I know this.

[Joerg Lorenz]

Am 28.07.22 um 00:40 schrieb J. P. Gilliver (John):

Google is evil! But this is nothing new.

--
Gutta cavat lapidem (Ovid)

[Joerg Lorenz]

Am 27.07.22 um 17:50 schrieb Carlos E. R.:

You always have a choice. Tell them. Explain them why and what your
concerns are.

[Theo]

In comp.mobile.android Andy Burns <use...@andyburns.uk> wrote:

According to that, Alpine doesn't have access. Instead, they tell you to
pretend to be a developer with a new app. Google (currently) offers free
access tokens for testing, and you create a 'test account' using the email
account you want to read:
https://alpineapp.email/alpine/alpine-info/misc/RegisteringAlpineinGmail.html
Every Alpine user has to register as a new developer.

I very much doubt that approach would be accepted in the Play Store.

Theo

[J. P. Gilliver (John)]

On Thu, 28 Jul 2022 at 06:32:53, Joerg Lorenz <hugy...@gmx.ch> wrote: (my

responses usually follow points raised):

>> If there is a better solution than google, now is the time to set it up.
>
> Google is evil! But this is nothing new.

What public mail server are you using that isn't evil so I can use it too?

[J. P. Gilliver (John)]

On Wed, 27 Jul 2022 at 12:21:46, Joerg Lorenz <hugy...@gmx.ch> wrote: (my

responses usually follow points raised):

>> Then, the USA authorities have access to emails and data from Europeans,
>> if stored in machines on USA soil, and recent regulations claim they
>> also have access if the machines reside in Europe. Which is why several
>> courts in the EU are now prohibiting the use of Google in schools and
>> government organizations.
>
> That is in the meantime the case for many services of US-companies. For
> instance Gamil, Yahoo, Facebook, WhatsApp, Instagram and others.

What public mail server are you using that isn't beholden to US regulations

[J. P. Gilliver (John)]

On Thu, 28 Jul 2022 at 07:16:02, Joerg Lorenz <hugy...@gmx.ch> wrote: (my

responses usually follow points raised):

>>> Everything from Google or Facebook is really problematic for the
>>> reputation of the user. Personally I do not accept mails from senders
>>> with a @gmail-address or persons using servers belonging to Google.
>>>
>>
>> I don't have the freedom to refuse mails from my own family or friends.
>
> You always have a choice. Tell them. Explain them why and what your
> concerns are.

It's ok that some of you are venting your frustration by complaining
but what free public email service do you use that has what you want?

[Joerg Lorenz]

Am 28.07.22 um 16:13 schrieb J. P. Gilliver (John):

> On Thu, 28 Jul 2022 at 07:16:02, Joerg Lorenz <hugy...@gmx.ch> wrote: (my

>> You always have a choice. Tell them. Explain them why and what your
>> concerns are.
>
> It's ok that some of you are venting your frustration by complaining
> but what free public email service do you use that has what you want?

K-9 as client (Open Source) with any service (in the Usenet I like my
GMX-service).

[Joerg Lorenz]

Am 28.07.22 um 16:11 schrieb J. P. Gilliver (John):

The German service GMX. It is freee even vor IMAP. If you do not like
@gmx.de stick to @gmx.net.

[Frank Slootweg]

Hmmm! Interesting! Apparently a twin of web.de, which I've been using
for decades. :-) Indeed a very reliable free provider.

[Joerg Lorenz]

Am 28.07.22 um 21:40 schrieb Frank Slootweg:

> Joerg Lorenz <hugy...@gmx.ch> wrote:
>> Am 28.07.22 um 16:11 schrieb J. P. Gilliver (John):

>>> What public mail server are you using that isn't beholden to US regulations
>>> so I can use it too?
>>
>> The German service GMX. It is freee even vor IMAP. If you do not like
>> @gmx.de stick to @gmx.net.
>
> Hmmm! Interesting! Apparently a twin of web.de, which I've been using
> for decades. :-) Indeed a very reliable free provider.

YEP! A feature I like very much is the extensive filtering that is
possible. And WEB.DE and GMX.NET are protected by the European/German
DSGVO (Privacy and Data Protection).

[Theo]

I'm using Fastmail which is pretty good: it's email, it works, the web
interface is fairly slick, there's not too many surprises, there's no ads or
tracking. But you do have to pay for it (starts at $3/month).

Theo

[cris]

On 28/07/2022 17:10, Frank Slootweg wrote:

>>> What public mail server are you using that isn't beholden to US regulations
>>> so I can use it too?
>>
>> The German service GMX. It is freee even vor IMAP. If you do not like
>> @gmx.de stick to @gmx.net.
>
> Hmmm! Interesting! Apparently a twin of web.de, which I've been using
> for decades. :-) Indeed a very reliable free provider.

Is there an English language public gmx email server?
How much storage does gmx.net give you for free?
What other restrictions are there or can anyone get a gmx email address?

[Frank Slootweg]

cris <cr...@removespam.me.com> wrote:
> On 28/07/2022 17:10, Frank Slootweg wrote:
>
> >>> What public mail server are you using that isn't beholden to US regulations
> >>> so I can use it too?
> >>
> >> The German service GMX. It is freee even vor IMAP. If you do not like
> >> @gmx.de stick to @gmx.net.
> >
> > Hmmm! Interesting! Apparently a twin of web.de, which I've been using
> > for decades. :-) Indeed a very reliable free provider.
>
> Is there an English language public gmx email server?

Apparently there is (assumung you mean an English language website and
webmail).

> How much storage does gmx.net give you for free?
> What other restrictions are there or can anyone get a gmx email address?

I'm not a GMX user (but - as I said - a web.de user), but just go to
gmx.com and see for yourself.

[cris]

On 30/07/2022 09:28, Frank Slootweg wrote:

>> Is there an English language public gmx email server?
>
> Apparently there is (assumung you mean an English language website and
> webmail).
>

I would if I understood German which is what this web page is written in.
https://www.gmx.net/

Is there an English language gmx website so I know what the links and
buttons are doing when I press them?

>> How much storage does gmx.net give you for free?
>> What other restrictions are there or can anyone get a gmx email address?
>
> I'm not a GMX user (but - as I said - a web.de user), but just go to
> gmx.com and see for yourself.

I would if I understood German which is what this web page is written in.
https://www.gmx.net/

Is there an English language gmx website so I know what the links and
buttons are doing when I press them?

[Frank Slootweg]

cris <cr...@removespam.me.com> wrote:
> On 30/07/2022 09:28, Frank Slootweg wrote:
>
> >> Is there an English language public gmx email server?
> >
> > Apparently there is (assumung you mean an English language website and
> > webmail).
> >
>
> I would if I understood German which is what this web page is written in.
> https://www.gmx.net/

I know, that's why I directed you to gmx.com (note: .com!), which is
in English. See below.

> Is there an English language gmx website so I know what the links and
> buttons are doing when I press them?
>
> >> How much storage does gmx.net give you for free?
> >> What other restrictions are there or can anyone get a gmx email address?
> >
> > I'm not a GMX user (but - as I said - a web.de user), but just go to
> > gmx.com and see for yourself.

^^^^^^^ !!!!!

[Carlos E.R.]

How can I know? Maybe they keep logs of the verification.

--
Cheers, Carlos.

[Carlos E.R.]

On 2022-07-27 23:51, Andy Burnelli wrote:
> Joerg Lorenz wrote:
>
>> That is in the meantime the case for many services of US-companies. For
>> instance Gamil, Yahoo, Facebook, WhatsApp, Instagram and others.
>
> Hi Joerg Lorenz, [and anyone else who thinks they have a better solution]
>
> *What better solution do you suggest in terms of Android email privacy?*
>
> It's all well and good for people to scream out not to use Google mail
> servers if you care about your privacy...
> But... *that's not an adult stance since you have to provide a solution.*

No, I don't have to provide a solution. Maybe there is none.

You have to google and find a provider in your own country that seems
proper. For mail, you can use gmx, for instance.

--
Cheers, Carlos.

[Carlos E.R.]

On 2022-07-27 23:42, Andy Burnelli wrote:
> Carlos E. R. wrote:
>
>>> I don't understand how you arrived at your conclusion which is why,
>>> as one
>>> adult to another, I'd like to ask you how you arrived at your
>>> conclusion.
>>
>> Gmail has NEVER respected the privacy of email.
>
> Hi Carlos (and anyone else who feels the problem is Google mail servers),
>
> Thanks for providing your logic as I'm eminently logical & sensible.
> You have only three choices... so I have to choose one of those three:
> 1. Don't do email
> 2. If you do email, either do Google email, or,
> 3. Use someone elses email (Yahoo, Protonmail, Microsoft, whatever).
>
> My question is how is Google any different than those?

I would use none of Yahoo or Microsoft, either. Or any USA company.

I use the mail offering of my ISP, but they don't accept new clients. In
fact, they tell those to go to gmail. I also use gmx. Then there are
companies you can pay for email. I can not suggest one as I am still
searching.

>> Then, the USA authorities have access to emails and data from
>> Europeans, if stored in machines on USA soil, and recent regulations
>> claim they also have access if the machines reside in Europe. Which is
>> why several courts in the EU are now prohibiting the use of Google in
>> schools and government organizations.
>
> I'm sure Google is a bit less private than, oh, say, Apple email is, but
> even Apple will hand your email to the authorities at a mere whim (much
> like Google does), particularly for mail older than 30 days in the USA.
>
> In summary, just saying Google mail isn't private isn't logically a good
> answer to the question - as we need logical sensible facts to make that
> assessment.
>
> And then we have to find someone else for our email.
> Which email provider do you suggest?
>
>> So plain simple: if you want privacy never use a gmail address, nor
>> you, nor your correspondents.
>
> C'mon Carlos.
> That's not how logical sensible reasonable people think.
> It's all well and good to say don't use Google email.
> But you have to provide an alternative.

No, I don't.


--
Cheers, Carlos.

[Carlos E.R.]

ROTFL!

--
Cheers, Carlos.

[Carlos E.R.]

Alpine is not an Android app, it is a computer app that runs in Linux,
with a Windows version.

You have to search here for "oauth2":

<http://mailman12.u.washington.edu/pipermail/alpine-info/>

around past March and earlier.

--
Cheers, Carlos.

[Joerg Lorenz]

Am 03.08.22 um 13:57 schrieb Carlos E.R.:

You should try to get you own life under control. You had/have already a
similar issue with other services.

Why are you so sniveling and full of self-pity?

[Andy Burnelli]

Carlos E.R. wrote:

>> But you have to provide an alternative.
>
> No, I don't.

Hi Carlos,
I'm going to treat you as an adult, which means I'm going to patiently
explain to you that it's all well and good that you vehemently condemned
the use of Google mail servers, but if you're going to do that and _not_
provide a viable alternative, it's a meaningless condemnation from an adult
point of view.

By condemning google mail servers and not providing a viable alternative,
you are simply saying that you have no intention to say credible things.

To give you a similar example, let's say that you dislike car accidents so
you tell everyone who asks how to improve vehicle safety that the solution
you strongly feel is the right one is to never drive a car anywhere.

That solution to never use Google email servers is like that solution to
never drive a car. It's not the kind of solution a credible adult provides.

A credible adult has a much _deeper_ level of understanding than just that.

[cris]

On 01/08/2022 15:18, Frank Slootweg wrote:

> that's why I directed you to gmx.com (note: .com!),

Thank you for the gmx.com suggestion.

I didn't see any mention of the limit on size of the mail.
Do you know if there is a limit?

As I dug around for that missing information, I saw that most of the
gmx.com website defaults can be turned off such as "use precise
geolocsation data" and "ad technology provider from Google" and
"personalized ads and content, ad and content measurement, audience
insights and product development" and "store and/or access information on a
device" and "actively scan device characteristics for identification"
(https://www.gmx.com/company/data-collection/)

But you can't turn off gmx.com "ensure security, prevent fraud, and debug"
nor can you turn off "technically deliver ads or content" nor can you turn
off "match and combine offline data sources" nor "link different devices"
nor "receive and use automatically sent device characteristics for
identification" settings (https://tcf.cookiepedia.co.uk/?lang=en)

That may or may not be any different from what Google does but is there
only webmail (https://www.gmx.com/company/privacypolicy/#freemail) or do
they allow pop/imap too?

During the acceptance of cookies process I saw they delete mail after 180
days of inactivity although it doesn't say whether that's inactivity on the
specific message or on the account (https://signup.gmx.com/)

After I went through the free webmail setup they required a secondary SMS
or email to open the account but they would not open that account (they
said "Dear GMX member, our system has detected irregular activity related
to your account. As a precautionary measure, we have blocked your account.
To regain access, please contact our Customer Support."

What secondary email domain did you use to set up your gmx account?
I gave them my valid protonmail domain account as the secondary email.

[Frank Slootweg]

cris <cr...@removespam.me.com> wrote:
> On 01/08/2022 15:18, Frank Slootweg wrote:
>
> > that's why I directed you to gmx.com (note: .com!),
>
> Thank you for the gmx.com suggestion.
>
> I didn't see any mention of the limit on size of the mail.
> Do you know if there is a limit?

'Arlen',

As I mentioned several times, I do not use gmx.<TLD> (but web.de). So
it's best to ask others.

However gmx.com clearly says "(V) Plenty of storage with 65GB" and
"(V) Send attachments up to 50MB in size".

'GMX Email: Get started today'
<https://www.gmx.com/mail>

> As I dug around for that missing information, I saw that most of the
> gmx.com website defaults can be turned off such as "use precise
> geolocsation data" and "ad technology provider from Google" and
> "personalized ads and content, ad and content measurement, audience
> insights and product development" and "store and/or access information on a
> device" and "actively scan device characteristics for identification"
> (https://www.gmx.com/company/data-collection/)
>
> But you can't turn off gmx.com "ensure security, prevent fraud, and debug"
> nor can you turn off "technically deliver ads or content" nor can you turn
> off "match and combine offline data sources" nor "link different devices"
> nor "receive and use automatically sent device characteristics for
> identification" settings (https://tcf.cookiepedia.co.uk/?lang=en)

Those are only concerns for use of the website and webmailer, but we
are talking about e-mail clients, not webmail. See below.

> That may or may not be any different from what Google does but is there
> only webmail (https://www.gmx.com/company/privacypolicy/#freemail) or do
> they allow pop/imap too?

I could not find that info on the gmx.com site, but Joerg mentioned
that they do IMAP, and, as I said, gmx.<TLD> is a twin of web.de (which
I use) and web.de does IMAP and POP, so I assume gmx.<TLD> does as well.

> During the acceptance of cookies process I saw they delete mail after 180
> days of inactivity although it doesn't say whether that's inactivity on the
> specific message or on the account (https://signup.gmx.com/)

For web.de, no activity on the account. And you get a warning message
before that time.

> After I went through the free webmail setup they required a secondary SMS
> or email to open the account but they would not open that account (they
> said "Dear GMX member, our system has detected irregular activity related
> to your account. As a precautionary measure, we have blocked your account.
> To regain access, please contact our Customer Support."

It seems you've been found out! :-)

> What secondary email domain did you use to set up your gmx account?

Too long ago (2003) (for web.de), no extra verification at that time.
Later you could - like for most other providers - add an alternative
contact email address.

[Carlos E.R.]

On 2022-08-03 17:52, Andy Burnelli wrote:
> Carlos E.R. wrote:
>
>>> But you have to provide an alternative.
>>
>> No, I don't.
>
> Hi Carlos,
> I'm going to treat you as an adult, which means I'm going to patiently
> explain to you that it's all well and good that you vehemently condemned
> the use of Google mail servers, but if you're going to do that and _not_
> provide a viable alternative, it's a meaningless condemnation from an adult
> point of view.

I hope that you are adult enough that when I tell you "do not use google
mail if you care for privacy" you can find another provider yourself, or
explicitly ask that question.

Similarly if I tell you "do not use any USA mail provider.

You can ask why, but if you are EUian you probably know this already. If
you are USAian, I can not recommend you any proper USA email provider,
as I'm not interested in finding them out, because I do not live there.


When one says that something is "bad", one doesn't have to say which is
good. The sentence is valid in itself.

--
Cheers, Carlos.

[Andy Burnelli]

Carlos E.R. wrote:

> I hope that you are adult enough that when I tell you "do not use google
> mail if you care for privacy" you can find another provider yourself, or
> explicitly ask that question.

Carlos,
I own at least average intelligence, and I'm well educated - which makes me
quite different from you who just rolls over and surrenders your privacy.

As far as I can tell (and certainly you don't know any better than I),
there is (almost) zero privacy difference between _any_ unencrypted mail
provider on the planet.

There may be encrypted mail privacy differences but that comes at a price.

> Similarly if I tell you "do not use any USA mail provider.

My point was that your advice made no sense in terms of logic & reason.

It's like someone asking which dress shoes are the most comfortable and you
tell them to go to a ceremony with just your socks on and no shoes.

You can't tell people NOT to do something common w/o understanding that
they can't do that _unless_ there is a viable alternative, Carlos.

That. That was my point to you.

> You can ask why, but if you are EUian you probably know this already. If
> you are USAian, I can not recommend you any proper USA email provider,
> as I'm not interested in finding them out, because I do not live there.

Carlos,

I'm pragmatic. Hence I use facts & logic to make my decisions.

Mostly for privacy reasons, I don't use any app from Google unless it's the
only best choice around, and, certainly I have no Google on-device account.

If _your_ phone has a Google account, then for _you_ to use (or not use)
Google email servers has almost zero additional impact on your privacy.

It's likely you don't even comprehend that sentence, but it's a fact.

[Mitra Su Arıtma]

28 Temmuz 2022 Perşembe tarihinde saat 17:12:54 UTC+3 itibarıyla J. P. Gilliver (John) şunları yazdı:

İzmir su arıtma servisi ekibimiz ile her marka ve model su arıtma cihazı ve İzmir su arıtma cihazı filtre değişimi filtre değişimi <a href="https://www.mitrasuaritma.com/">İzmir Su Arıtma</a> firmamız ve tüm su arıtma cihazı firmalarının su arıtma servisi ekibimiz ile NSF sertifikalı filtreleri ve Water Qualty gold seaf etiketi filtre ve cihazlarım ile en iyi İzmir su arıtma firması Mitra Su Arıtma | <a href="https://www.mitrasuaritma.com/">mitrasuaritma.com</a>

[ochaya oscar james]

http://www.fooddoz.com

[ochaya oscar james]

On Tuesday, July 26, 2022 at 8:27:21 PM UTC+3, Andy Burnelli wrote:
> FYI...
>
> The developer has been forced to remove NetGuard & Fair Mail privacy mail
> from the Google Play Store repo due to Google anti-competitive practices.
> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>
>
> The way I see it (as do others), Google is attacking privacy & competition
> by making it almost impossible for people to authorize their accounts by
> OAUth2 mechanism (Google prefers you trade away your privacy by giving
> Google a "second something" instead of OAUth2, apparently).
>
> Since these anti-competitive and anti-privacy practices are forbidden in
> Europe, and since the developer is in Europe, I've added the UK telecom ng
> (which isn't in the EU, but whose laws may mirror some of those in the EU).
> --
> Posted as a kind-hearted purposefully helpful information to help others.
thx http://www.fooddoz.com