The developer has been forced to remove NetGuard & Fair Mail privacy mail from the Google Play Store due to Google anti-competitive anti-privacy practices

17 views
Skip to first unread message

Andy Burnelli

unread,
Jul 26, 2022, 1:27:22 PMJul 26
to
FYI...

The developer has been forced to remove NetGuard & Fair Mail privacy mail
from the Google Play Store repo due to Google anti-competitive practices.
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>

The way I see it (as do others), Google is attacking privacy & competition
by making it almost impossible for people to authorize their accounts by
OAUth2 mechanism (Google prefers you trade away your privacy by giving
Google a "second something" instead of OAUth2, apparently).

Since these anti-competitive and anti-privacy practices are forbidden in
Europe, and since the developer is in Europe, I've added the UK telecom ng
(which isn't in the EU, but whose laws may mirror some of those in the EU).
--
Posted as a kind-hearted purposefully helpful information to help others.

Andy Burns

unread,
Jul 26, 2022, 2:18:34 PMJul 26
to
Andy Burnelli wrote:

> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>

Expecting new eyeballs to jump into the middle of a 1150+ page forum thread and
understand what has been going on seems somewhat unlikely

About half the groups I read these days seem to have been taken over by oauth2
threads, I'd rather see it confined to fewer groups, than spread to more :-(



Andy Burnelli

unread,
Jul 26, 2022, 3:51:36 PMJul 26
to
Andy Burns wrote:

> Expecting new eyeballs to jump into the middle of a 1150+ page forum thread and
> understand what has been going on seems somewhat unlikely
>
> About half the groups I read these days seem to have been taken over by oauth2
> threads, I'd rather see it confined to fewer groups, than spread to more :-(

Hi Andy,

I agree the XDA thread is over a thousand pages, which you and I have kept
up with perhaps, but the average Android user isn't going to keep up with.
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/page-1152>

The short is if you want a privacy based MUA, you'd better get it now.
<https://github.com/M66B/FairEmail/releases>
<https://github.com/M66B/FairEmail/releases/download/1.1945/FairEmail-v1.1945a-github-release.apk>
As development, AFAIK, has currently _stopped_ due to Google's unilateral
attack on email privacy for 3rd-party MUAs (presumably including K-9 Mail).

To Andy's point, I've removed the UK telecom folks from the followup as the
main goal of this thread was to post a PSA/FYI to be purposefully helpful
to the team, at large, in order to let people around the world on Android
know that if they want a privacy oriented MUA, they'd better get it now
(whether that's Thunderbird/K-9 or Fair Mail or some other 3rd-party MUA).

For those in this main Android newsgroup, basically what's happening is
Google had grossly deprecated mail privacy as of May 30th, 2022, and at the
same time (unbeknownst to us until recently), Google has also unilaterally
prevented third-party MUAs from accessing Google mail servers.

What Google has been doing is throwing out there autocratic arbitrary rules
against privacy/competition, and waiting to see what sticks - and then when
the uproar has been sufficient, slowly Google relaxes the rules that people
fought... (but only when people fought back!)... which has been the case
with OAUth2 inside 3rd-party MUAs for accessing Google mail servers.

At first, back in March, Google, without warning to developers, disallowed
OAUth2 over the web by erecting an artificial anti-competitive stone wall
to the tune of 15K dollars to $75K dollars yearly (which free apps just
can't afford).

Then in May, the uproar started as Android users found they couldn't use a
3rd-party MUA without adding a Google mothership tracking account to their
Android phone!

Then, in the early summer, after Google allowed OAUth2 over the web for
Android 3rd-party MUAs, Google then erected an artificially low (I think it
started at 30K tokens) OAUth2 token limit (which Google successively raised
to 40K and then 60K) as far as I can recall - but it's _still_ far too low
of a token limit.

Month by month, as the uproar grew, Google slowly relaxed some of these
arbitrary autocratic purposefully anti-competitive anti-privacy limits.

But they're still there!
(Just at a slightly lower MUA developer pain threshold!)

That pain threshold has been reached for some 3rd-party MUA developers
such as Marcel Bokhorst who feels this is anti-competitive behavior and who
plans on filing a complaint to the EU on Google's autocratic behavior.

Therefore, Marcel has pulled his privacy based Mail User Agent from the
Google Play Store repository (along with the only good free firewall).

Because Google has restricted privacy-based MUAs to an artificially low
OAUth2 token limit.

What happens after the app reaches that limit is _all_ subsequent users of
that app will NOT be able to authenticate their Google mail account!
Period.

The user won't know _why_ and the user will blame the 3rd-party MUA.
Especially given the Google GMail MUA is not subject to any token limit.

Therefore, the developer was forced to yank his products from the Google
Play Store repository, as it's unfair to users that third-party MUAs all of
a sudden, for no reason that they can determine, stop working with Google
mail servers. Just like that.

It's clear _why_ Google is doing this, as the last thing Google wants is
for people to have a modicum of privacy; but what's worse is that Google
seems to be breaking the laws on anti-competitive behavior, in addition to
breaking EU laws on privacy.

Bear in mind that Google is essentially forcing millions (maybe billions?)
of people to give them their privacy (via the "second something", and bear
in mind how utterly devious Google is (much like Apple is) in _how_ they
present your "choices" for email authorization.

For example, if you look at all the "choices" Google pretends to give you
to authorize on a 3rd-party MUA, you might not realize that _all_ but one
require that "second something" loss of your privacy (e.g., app passwords,
while they "sound" good, require 2FV/2SV, as do _all_ the other choices).

NOTE: The choices that Google pretends to supply are in the sig, but they
all boil down to trading with Google for your privacy to use their mail
servers by giving Google an extra "second something" that all this is
designed to garner from you by Google.

It _looks_ like you have choices, right?
But Google is lying to you as you see when you attempt each of them.

There's just 2SV/2FV (via about a half dozen "choices") & then there's
OAUth2 (via only two choices, one of which _requires_ a Google Account set
up on the device, which nobody who cares about privacy would ever accept) -
but luckily the other OAUth2 method is via the web (which Google only very
recently allowed for 3rd-party MUAs on Android).

Hence Google (much like Apple) is lying to us (taking us to be fools).

There aren't a half dozen choices; there are two.
a. A "second something" (via 2SV/2FA or via an on-device account), or,
b. OAUth2 (via the web).

What Google is doing to the 3rd-party MUA developers is basically causing
their 3rd-party mail clients to stop working with Google mail servers for
any individual user after Google's arbitrarily puny limit on OAUth2 tokens
has been exceeded. Without telling the individual use a single thing!

This is much like how Apple operates, and is clearly (IMHO and in the eyes
of others) a gross violation of anti-competitive & privacy laws in Europe.

The sole purpose of this thread is to kindly let people know this is
happening, precisely because they haven't been reading the thousand page
thread like I have been doing (and presumably Andy Burns has been keeping
up on).

f'up set to comp.mobile.android only
--
Together we are vastly more powerful knowing what we know collectively.

1. OAuth2 (using an on-device Google Account or web OAuth2), or,
2. Autoforward Google mail to a non-Google account, or,
3. 2FA/2SV/MSV/MFA via a variety of authenticators, such as...
a. app passwords
<https://support.google.com/mail/answer/185833>
b. Some kind of "2FA/2SV/MSV/MFA authenticator" app
<https://support.google.com/accounts/answer/1066447>
such as...
FreeOTP Authenticator
<https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp>
Google Authenticator
<https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator>
Authy
<https://play.google.com/store/apps/details?id=com.authy.authy>
FreeOTP+
<https://play.google.com/store/apps/details?id=org.liberty.android.freeotpplus>
etc.
c. USB tokens
d. Time-based one-time passwords (TOTP)
e. SMS 2FA
f. Use the phone's built-in security key
<https://support.google.com/accounts/answer/9289445>
g. Use a physical "security key"
<https://support.google.com/accounts/answer/6103523>
h. Get a one-time security code from another device
<https://support.google.com/accounts/answer/2917834>
i. Enter one of your 8-digit backup codes
<https://support.google.com/accounts/answer/1187538>
j. Sign in using QR codes
<https://support.google.com/accounts/answer/9283368>
k. Set up a "trusted computer" for sign in
<https://support.google.com/accounts/answer/2544838>
l. Sign in with "google prompts"
<https://support.google.com/accounts/answer/7026266>
m. Any others?

Carlos E. R.

unread,
Jul 26, 2022, 5:31:40 PMJul 26
to
On 26/07/2022 19.27, Andy Burnelli wrote:
> FYI...
>
> The developer has been forced to remove NetGuard & Fair Mail privacy mail
> from the Google Play Store repo due to Google anti-competitive practices.
> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>
>
>
> The way I see it (as do others), Google is attacking privacy & competition
> by making it almost impossible for people to authorize their accounts by
> OAUth2 mechanism (Google prefers you trade away your privacy by giving
> Google a "second something" instead of OAUth2, apparently).

They want you to use Oauth2 AND to use a second something, like a phone
number.

--
Cheers,
Carlos E.R.

Andy Burnelli

unread,
Jul 27, 2022, 1:19:14 AMJul 27
to
Carlos E. R. wrote:

> They want you to use Oauth2 AND to use a second something, like a phone
> number.

Hi Carlos (or anyone else who knows the answers to the questions below),

Do you know, or does _anyone_ know, if you need that "second something"
when you use OTA tools, such as the two shown in the screenshot below?
<https://i.postimg.cc/YqWvzF4W/fairemail02.jpg> Android OTP options

Because if OTA requires a "second something" (e.g., a login into an
Internet server or a phone number), then they're useless for our purpose.

The goal is to log into Google servers with the least loss of privacy
possible, and that is only because, unfortunately, Google servers give the
users the best options in terms of storage, lack of spam, speed, etc.

None of this conversation was needed until Google unilaterally deprecated
3rd-party MUA login/password access to Google email servers on May 30th.

Hence, I thank you for trying to flesh out the problem set as I've been on
that thousand-page thread ever since Google warned us they would change the
way all 3rd-party MUAs authenticated way back in the early March timeframe.
<https://i.postimg.cc/MGfN2Z7r/gmailpasswd01.jpg> Google May 30 notice

Then, on May 30th, 3rd-party MUAs suddenly stopped working with Google.
<https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg> K-9 & Fair Email MUAs

About a month or so ago, a key K-9 developer, Christian Ketterer (aka
cketti) joined the Thunderbird team and added OAUth2 via the creation of a
Google on-device account, which code he shared with Marcel Bokhorst, who
did the same - because at that time Google required an annual up to $75K
dollar security audit to implement web-OAUth2 like Thunderbird does.

About two weeks or so ago, Google, when threatened with anti-competitive
lawsuits, apparently loosened that stone wall they erected preventing
OAUth2 from working on Android without also creating an on-device Google
account. Shortly thereafter, Christian implemented OAUth2 for Office365 and
he shared the libraries with Marcel, such that in the latest release of K-9
mail (version 6.201), there is no longer a need for a Google on-device
account for 3rd-party MUAs to authorize via OAUth2.

That means your statement above is perhaps no longer correct, in that, as
of only a few days ago, there is no longer a need for a "second something"
to authenticate K-9 or Fair Email via OAuth2 according to what I've been
told recently by Marcel Bokhorst (and as per my tests of both MUAs).
<https://i.postimg.cc/15XPh8nc/k9mail01.jpg> K-9 Mail with OAuth2 6.200
<https://i.postimg.cc/rpWC5zxw/k9mail02.jpg> GPS vs F-Droid K-9 update
<https://i.postimg.cc/Y2XDxnhG/k9mail03.jpg> K-9 Mail version 6.201
<https://i.postimg.cc/5NqnKf9t/k9mail04.jpg> OAuth2 finally uses the web
<https://i.postimg.cc/W4Knq385/k9mail05.jpg> NO Google Account on Android!

Of course, if anyone is dumb enough to use the Google GMail MUA, then, of
course, Google will unilaterally _create_ an on-device Google account.

However, most people who care about good email servers would likely set up
a Google account, but if they also care about Android privacy, they would
never use the Google GMail MUA for that reason alone (and others).

The only possible solution, until a better mail server is available anyway,
is to set up a Google mail account and _only_ use it for email using a
third-party mail user agent that respects OAUth2 without the Google
on-device account (which, as far as I know, is only K-9 & Fair Email).
<https://i.postimg.cc/Jz0TvyKQ/fairemail01.jpg> FairEmail auth options
<https://i.postimg.cc/nhHFRK3L/fairemail03.jpg> web-OAuth example

Notice, for example, there are _two_ OAUTH2 choices in Fair Email:
<https://i.postimg.cc/Jz0TvyKQ/fairemail01.jpg> FairEmail auth options
a. The first uses the "second something" of an on-device account
b. The second does not (this is new as of just this week for MUAs!)

However, I'm not sure if the OTA apps also require a "second something".
<https://i.postimg.cc/YqWvzF4W/fairemail02.jpg> Android OTP options

Do they?

Jeff Layman

unread,
Jul 27, 2022, 3:27:17 AMJul 27
to
On 26/07/2022 18:27, Andy Burnelli wrote:
> FYI...
>
> The developer has been forced to remove NetGuard & Fair Mail privacy mail
> from the Google Play Store repo due to Google anti-competitive practices.
> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>

Marcel says that he has restored the app to the Play Store:
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87202201>

On a sort of side note, at
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/page-1150#post-87201189>
Marcel wrote "Version 1.1944 is available on GitHub now (and version
1.1943 was erased from history to prevent F-Droid from building it)."

Why the need "to prevent F-Droid from building it"?

--

Jeff

Theo

unread,
Jul 27, 2022, 5:12:01 AMJul 27
to
In comp.mobile.android Andy Burns <use...@andyburns.uk> wrote:
> Andy Burnelli wrote:
>
> > <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>
>
> Expecting new eyeballs to jump into the middle of a 1150+ page forum thread and
> understand what has been going on seems somewhat unlikely

There's a summary timeline here:
https://email.faircode.eu/status/

(elsewhere, I heard that getting access to OAuth2 from Google requires
$15,000. I'm not sure if they waive that for open source clients but it
seems like Google place arbitrary limits on how many users can request OAuth
tokens, which is problematic if you have a popular app)

> About half the groups I read these days seem to have been taken over by oauth2
> threads, I'd rather see it confined to fewer groups, than spread to more :-(

+1. It seems to be contagious, so many people not understanding what they
needed to do.

Theo

Carlos E. R.

unread,
Jul 27, 2022, 6:46:23 AMJul 27
to
On 27/07/2022 11.11, Theo wrote:
> In comp.mobile.android Andy Burns <use...@andyburns.uk> wrote:
>> Andy Burnelli wrote:
>>
>>> <https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87200335>
>>
>> Expecting new eyeballs to jump into the middle of a 1150+ page forum thread and
>> understand what has been going on seems somewhat unlikely
>
> There's a summary timeline here:
> https://email.faircode.eu/status/
>
> (elsewhere, I heard that getting access to OAuth2 from Google requires
> $15,000. I'm not sure if they waive that for open source clients but it
> seems like Google place arbitrary limits on how many users can request OAuth
> tokens, which is problematic if you have a popular app)

Alpine, a text mode client for Linux with a Windows version, has access
and the developer certainly doesn't pay. You can read how he does it. I
don't remember, but being a niche application it is possible it is
covered by that.

(it is also used by blind people)


--
Cheers,
Carlos E.R.

Carlos E. R.

unread,
Jul 27, 2022, 7:00:15 AMJul 27
to
On 27/07/2022 07.19, Andy Burnelli wrote:
> Carlos E. R. wrote:
>
>> They want you to use Oauth2 AND to use a second something, like a
>> phone number.
>
> Hi Carlos (or anyone else who knows the answers to the questions below),
>
> Do you know, or does _anyone_ know, if you need that "second something"
> when you use OTA tools, such as the two shown in the screenshot below?
> <https://i.postimg.cc/YqWvzF4W/fairemail02.jpg> Android OTP options
>
> Because if OTA requires a "second something" (e.g., a login into an
> Internet server or a phone number), then they're useless for our purpose.
>
> The goal is to log into Google servers with the least loss of privacy
> possible, and that is only because, unfortunately, Google servers give the
> users the best options in terms of storage, lack of spam, speed, etc.
>
> None of this conversation was needed until Google unilaterally deprecated
> 3rd-party MUA login/password access to Google email servers on May 30th.

I know for a fact that they want you to use some form of 2FA, and the
phone appears to be the preferred method (I'm not familiar with others).
And they also want you to use Oauth2. Any method you find to bypass the
requirement of 2FA will be, eventually, killed.

So what I do is use application passwords, combined with my phone (which
they don't like, but are still working).

Notice that these requirements do no affect enterprise or organizations
that use gmails services, like for example, @ieee.org addresses, because
the policies are set by the organization, not google directly.


Notice that other mail servers also demand a phone number when setting
up an account. Even Protonmail.


--
Cheers,
Carlos E.R.

Andy Burns

unread,
Jul 27, 2022, 8:03:36 AMJul 27
to
On 27/07/2022 11:46, Carlos E. R. wrote:

> Alpine, a text mode client for Linux with a Windows version, has access and the
> developer certainly doesn't pay.

<https://alpineapp.email/alpine/alpine-info/misc/xoauth2.html>

Andy Burns

unread,
Jul 27, 2022, 8:04:47 AMJul 27
to
Andy Burns wrote:

> <https://alpineapp.email/alpine/alpine-info/misc/xoauth2.html>

"The idea of XOAUTH2 is to create the illusion of security by allowing only
temporary access to a user to their own data"

Andy Burnelli

unread,
Jul 27, 2022, 6:28:54 PMJul 27
to
Hi Andy,
I skimmed that Alpine XOAuth configuration page you kindly provided...
<https://alpineapp.email/alpine/alpine-info/misc/RegisteringAlpineinGmail.html>
And the concomitant Alping Google XOAuth setup page it referenced...
<https://alpineapp.email/alpine/alpine-info/misc/AuthorizeAlpineGmail.html>
especially in light of the fact the xoauth sign in looks similar to what I
found using Fair Email web-oauth yesterday (which is a brand new feature).
<https://i.postimg.cc/nhHFRK3L/fairemail03.jpg> web-OAuth example

Did you see any mention of those Google-specific "magic strings" in Alpine
that you found when you searched the K-9 source code a couple days ago?
<https://github.com/thundernest/k-9/blob/main/app/k9mail/build.gradle#L79>
buildConfigField "String", "OAUTH_GMAIL_CLIENT_ID", "\"262622259280-hhmh92rhklkg2k1tjil69epo0o9a12jm.apps.googleusercontent.com\""
buildConfigField "String", "OAUTH_YAHOO_CLIENT_ID", "\"dj0yJmk9aHNUb3d2MW5TQnpRJmQ9WVdrOWVYbHpaRWM0YkdnbWNHbzlNQT09JnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PWIz\""
buildConfigField "String", "OAUTH_AOL_CLIENT_ID", "\"dj0yJmk9dUNqYXZhYWxOYkdRJmQ9WVdrOU1YQnZVRFZoY1ZrbWNHbzlNQT09JnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PWIw\""
buildConfigField "String", "OAUTH_MICROSOFT_CLIENT_ID", "\"e647013a-ada4-4114-b419-e43d250f99c5\""
buildConfigField "String", "OAUTH_MICROSOFT_REDIRECT_URI", "\"msauth://com.fsck.k9/Dx8yUsuhyU3dYYba1aA16Wxu5eM%3D\""

You found Google-specific "magic strings" in the K-9 source code, which,
when I discussed them with the Fair Email developer, he said it was even
"worse than that" in that you have to sign an agreement with Google in
order to use them...

As someone else noted, Marcel Bokhorst has added FairEmail (and presumably
NetGuard) back to the Google Play Repository because his token count
suddenly and inexplicably dropped below Google pre-set arbitrary levels
(which, let's be clear, the Google GMail app isn't limited by).
<https://forum.xda-developers.com/t/app-5-0-fairemail-fully-featured-open-source-privacy-oriented-email-app.3824168/post-87202201>

I believe there is a lesson here, in that what you and I know about this
is what very few people are aware of, which is that Google unilaterally
declared an unprovoked attack on privacy that we only found out about
in March, and which took effect after May 20th, 2022.
<https://i.postimg.cc/MGfN2Z7r/gmailpasswd01.jpg> Google March notice
<https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg> Login/passwd deprecated
<https://i.postimg.cc/cL9r9qFW/gmailpasswd05.jpg> Less secure app access

1. Google made draconian rules trading your privacy for security
2. People scrambled (all of whom used 2FA/2SV or an on-device account!)
[That is super critical for people to understand - most of whom don't!)
3. Then, only this week, did a modicum of privacy return with web-OAUth2

Notice Google let people squirm for the past four months!
It took those four months to come up with a solution which is private!
In the interim, millions of people fell for Google's subterfuge!

How many of them are going to back out now?

What Google did was trick clueless users into accepting the only "solution"
that existed until just this week, which was to force users to accept
a. Either accepting the addition of 2SV/2FA
(which is needed for things such as "App Passwords" or OTA tools)
b. Or, accepting the creation of an on-device Google Account

Until just this week, those were the ONLY options, despite Google
nefariously fooling dumb people into believing there were many
options (but all of them boiled down to those two above!).

If you ask Google, for example, they'll proudly proclaim that
you don't have to give them your phone number... why heck...
you can authenticate via any number of mechanisms, they say,
such as:
Yet, there is this unavoidably pervasive "ripple effect" on privacy in that
devious response above - which means - in the end - there are, (AFAICT),
only two practical ways to authenticate after May 30th, 2022...
a. OAuth2, or,
b. 2SV/2FA

Of course, with OAuth2, there are also only two approaches (AFAIK)
1. OAUth2 via an on-device account, or,
2. OAUth2 via a web-auththication mechanism.

Note the privacy difference between those two is ASTOUNDING!

The privacy tradeoff I don't know how to calculate isn't the difference
between on-device and via-web authentication (because that one is a no brainer)...
but... the privacy tradeoff I am not equipped to calculate is
what's the difference (in privacy) between...
A. OAuth2 to Google servers via web authentication, versus
B. Any of those 2SV/2FA mechanisms google pushes above?

Is OAuth2 via web authentication giving away less privacy than the
2SV/2FA methods (some of which require a login account elsewhere)?





J. P. Gilliver (John)

unread,
Jul 27, 2022, 6:39:58 PMJul 27
to
On Wed, 27 Jul 2022 at 08:27:14, Jeff Layman <Je...@invalid.invalid> wrote:
(my responses usually follow points raised):
> Why the need "to prevent F-Droid from building it"?

He had added a poison pill to fairemail which people who paid for the app
and who donated money to his project quickly talked him out of. Github is
primary, the rest are secondary so he tried to nip it in the bud before it
propagated to F-Droid.

His mother has been given about a month to live so he also is in an
emotional state, understandably so.

Google is putting him through the wringer for no good reason as his token
count has been artificially limited but they don't limit the gmail apk.

Anti competitive.
Anti privacy.

If there is a better solution than google, now is the time to set it up.

Gronk

unread,
Jul 27, 2022, 6:44:54 PMJul 27
to
Carlos E. R. wrote:

> Notice that other mail servers also demand a phone number when setting
> up an account. Even Protonmail.

Usually that's "only" for the verification message.
They are supposed to throw away the phone number after that one-time use.
Do they?

nospam

unread,
Jul 27, 2022, 7:22:43 PMJul 27
to
In article <jkck5t...@mid.individual.net>, Carlos E. R.
<robin_...@es.invalid> wrote:

>
> Notice that other mail servers also demand a phone number when setting
> up an account. Even Protonmail.

not always.

<https://proton.me/support/human-verification>
...You may be asked to verify using either CAPTCHA, email,
or SMS. We have an intelligent algorithm that determines the
required verification method based on a number of factors.

Andy Burnelli

unread,
Jul 27, 2022, 11:21:51 PMJul 27
to
nospam wrote:

>> Notice that other mail servers also demand a phone number when setting
>> up an account. Even Protonmail.
>
> not always.
>
> <https://proton.me/support/human-verification>
> ...You may be asked to verify using either CAPTCHA, email,
> or SMS. We have an intelligent algorithm that determines the
> required verification method based on a number of factors.

I have probably at least a half dozen protonmail accounts.
I like them because they work with Tor (albeit very slowly).

However, they'll drive you nuts if you are on VPN when you set them up.

But if you use your own IP address (or that of a neighbor), they go easy on
you. Just like nospam says above.
--
By way of contrast, Google email servers hate when you use VPN.
Ask me how I know this.

Joerg Lorenz

unread,
Jul 28, 2022, 1:32:56 AMJul 28
to
Am 28.07.22 um 00:40 schrieb J. P. Gilliver (John):
Google is evil! But this is nothing new.

--
Gutta cavat lapidem (Ovid)

Theo

unread,
Jul 28, 2022, 5:58:54 AMJul 28
to
In comp.mobile.android Andy Burns <use...@andyburns.uk> wrote:
According to that, Alpine doesn't have access. Instead, they tell you to
pretend to be a developer with a new app. Google (currently) offers free
access tokens for testing, and you create a 'test account' using the email
account you want to read:
https://alpineapp.email/alpine/alpine-info/misc/RegisteringAlpineinGmail.html
Every Alpine user has to register as a new developer.

I very much doubt that approach would be accepted in the Play Store.

Theo

J. P. Gilliver (John)

unread,
Jul 28, 2022, 10:07:27 AMJul 28
to
On Thu, 28 Jul 2022 at 06:32:53, Joerg Lorenz <hugy...@gmx.ch> wrote: (my
responses usually follow points raised):
>> If there is a better solution than google, now is the time to set it up.
>
> Google is evil! But this is nothing new.

What public mail server are you using that isn't evil so I can use it too?

Theo

unread,
Jul 28, 2022, 4:30:01 PMJul 28
to
I'm using Fastmail which is pretty good: it's email, it works, the web
interface is fairly slick, there's not too many surprises, there's no ads or
tracking. But you do have to pay for it (starts at $3/month).

Theo

Carlos E.R.

unread,
Aug 2, 2022, 2:35:19 PMAug 2
to
How can I know? Maybe they keep logs of the verification.

--
Cheers, Carlos.

Carlos E.R.

unread,
Aug 3, 2022, 8:46:08 AMAug 3
to
Alpine is not an Android app, it is a computer app that runs in Linux,
with a Windows version.

You have to search here for "oauth2":

<http://mailman12.u.washington.edu/pipermail/alpine-info/>

around past March and earlier.

--
Cheers, Carlos.
Reply all
Reply to author
Forward
0 new messages