[conspire] fetchmail, oauth2 and disposable free email services
Ivan Sergio Borgonovo
mail at webthatworks.it
Mon Jun 20 00:40:47 PDT 2022
On 6/20/22 04:47, Rick Moen wrote:
> Quoting Ivan Sergio Borgonovo (mail at webthatworks.it):
>
>> sooner or later fetchmail will support oauth2 natively (good read)
> So, just a reminder, OAuth 2.0 is a _Web_ (HTTP) standard. Deciding, as
> Google, Inc. did in 2021, to adapt it to a completely different context
> (SMTP/IMAP) is necessarily a different thing -- one apparently called
> "SASL XOAUTH2", something of Google's own invention.
>
> You are thus chasing after something that may or may not be a stable
> API, may or may not work as described, etc. And sometimes, the way
> passive-aggressives say "no" is to say "OK, here's a basic outline of a
> de-facto way of doing things that sort of work for now, least for us.
> Good luck."
I'd argue that this is not a problem inherent to the protocol, rather to
the owner of the service, but as I wrote it is a good read and mostly
says what you summarized.
>> Any advice or alternative route?
>
> Intermittent discussion appears to occur on kwlug-discuss, as mentioned.
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
> (Otherwise, I have no relevant knowledge, not choosing to deal with the
> indicated problem, and elect to not outsource my mail.)
Self hosted or commodity rented email servers do not provide the
slightest level of anonymity and email are frequently used for
"authentication".
I've used gmail adresses to register to services that I didn't want to
be easily correlatable with me where "email" traffic was sporadic and
mostly limited to password expiration or some kind of notification.
I've found that gmx.net and yandex.ru still provide free email through
pop3/smtp. I don't make much difference between being spied by my
friends state agents or my enemy state agents for the use I'm going to
make of such disposable adresses.
When I see it fit, I use tor, but I'm not trying to protect myself from
state agents.
I probably didn't like them because while the registration process
didn't require any verifiable personal data it was a bit of a pain.
Getting a new disposable email address used to be much easier.
--
Ivan Sergio Borgonovo
https://www.webthatworks.it https://www.borgonovo.net
More information about the conspire
mailing list