Google and OAuth 2.0

Axel Grude (Axel) axel.grude at gmail.com
Mon Apr 28 15:56:49 UTC 2014


*%identity(name,link)%*
Software Developer
Thunderbird Add-ons Developer (QuickFolders, quickFilters, QuickPasswords, Zombie 
Keys, SmartTemplate4)
AMO Editor
On 28/04/2014 16:16, Ben Bucksch wrote:
> Gervase Markham wrote, On 28.04.2014 16:58:
>> But the sort of questions I would want to find answers to are:
>>
>> * What does Google hope to gain by making this change? Is it an
>> anti-spam/anti-fraud measure?
> 1. They block login attempts from a new country. Presumably that's anti-account-theft.
>
> 2. When that triggers, they demand a working phone number, where they send an 
> activation code. Strangely, that can be any phone number. They pretend that's for 
> "security", but the "nice" side effect for them is that using a phone number, they 
> can link the account to a real life identity. Given that they also link the account 
> to all searches I make on Google, that's a privacy invasion for me. But for Google, 
> that means $$.
>
> 3. Long-term, their goal is to move everything (Internet and offline) to the web, 
> and to their servers. They want to kill MS Office, email, phone etc., moving it to 
> gmail, google cloud etc. They are not doing all this for fun, after all.
>
>> * Can the additional data about logins that Google hopes to obtain be
>> obtained in other ways for IMAP?
>
> You can't ask for a phone number via IMAP. But I reject that premise and interest.
>
> If a suspicious login attempt shows up via IMAP or SMTP, they can return an error 
> (in IMAP/SMTP) *with* an error message that mentions reason and remedy, e.g.
> "You are logging in from a new country. Please log in via https://www.gmail.com 
> first and approve this connection."
> This is (more or less) how some German freemail ISPs do it.
> This is a manual hand-over, but a) would happen only in really problematic cases b) 
> give them the same possibilities as now.
don't they already do something like this (I think you have to enable IMAP access 
through their web site first). The bigger issue would be if that would have to be done 
on every session (?)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20140428/b4348025/attachment.html>


More information about the tb-planning mailing list