Google is also going forward with deprecating the blocking portion of the webRequest API, it is already in Chrome Canary. The change will break extensions, and will make several use cases impossible which are not related to ad blocking, but center around privacy and security, or just a need to modify requests for various reasons.
Their reasoning is so baffling, and technically incorrect about browser performance and security, that there is one conclusion to be made: Google and the Chrome team is dishonest about why they're partially deprecating the webRequest API.
Extensions are free to observe requests and page content, and exfiltrate data at will, but you no longer have full control over the requests Chrome is making. It is about control, not your privacy and security.
It is about control, not your privacy and security.
The big organisations behind browsers have been spinning it this way for years, and unfortunately the majority still haven't realised the truth. It's the same strategy that makes "think of the children" and "war on terrorism" arguments so pernicious --- taking away freedom by reasoning that it's for a cause so "ostensibly good" that no one would be seen arguing against.
If you ask me, the same is true of the current culture of "a device must receive (automatic!) OTA updates from the manufacturer or it is insecure, and local administrative control is dangerous." And the the underlying logic is the same, a kind of nannying philosophy that holds that people are too witless and irresponsible to be trusted with freedom, and for their own good must be shepherded and coddled by a friendly Big Brother.
Between my laptop running Linux, on which I am root and no changes in software are made unless I specifically authorize it, and an Android tablet which is constantly downloading "updates" from Google (and uploading god-knows-what), I know which one makes me feel more private and secure.
What gives this away as "spin" is that they will not make these changes optional.
A Google user cannot opt out of signing in with Javascript enabled and permitting a device fingerprint to be taken. Even in the case where the user can accept the risks of allowing sign in without JS, e.g., automated sign-in -- which as we know is very convenient for many HN readers -- there is no way to opt out.
For example, the user may have email accounts that she does not use for anything sensitive, throwaway accounts. More savvy users, who truly are concerned about security of Google Mail, might purposely avoid using @gmail accounts for important matters.
It is of little benefit to such users if Google fingerprints their devices "in order to keep [those] accounts safe".
However, the benefits to Google of identifying users via device fingerprinting are numerous. Google is an online advertising sales company.
But won't they just follow google's changes, just like this one? They are more of the same. I'd be really surprised if they do anything different and major like this.
They added Tracking Prevention a while back (which also blocks Google) and (so far) they haven't merged back some Chrome changes, like removing "reopen closed tab" from the per-tab context menu. Given Tracking Prevention I have faith they'll take a stand with webRequest.
I seem to remember hearing something somewhere that for the time being, Chrome might internally actually continue supporting blocking webRequest listeners for the sake of private extensions used within the context of enterprise deployments of Chrome.
As long as that's true, maintaining a fork that allows blocking webRequest listeners for everybody should be comparatively easy. However the moment they are removing that feature for good and perhaps also start rewriting the network code, that's when things are going to be interesting for any forks that don't agree with that direction...
For security reasons, they block linked content by default, meaning google can’t track what I do with my e-mails.
Google can terminate an account any time without any reason, if they do that, I won’t lose access the e-mails I’ve received or sent.
My screen refresh rate is 60Hz, ping from here to gmail.com 36ms, this means web interface has at least 3x latency compared to a locally running app.
I don’t care about their web interface re-designs, or browser compatibility issues like the one discussed.
Gmail can’t turn off IMAP as it would break e-mail on smartphones. Large share of these smartphones run old versions of Google Android which will never be updated, this also helps to ensure their IMAP access is here to stay.
> Google can terminate an account any time without any reason, if they do that, I won’t lose access the e-mails I’ve received or sent.
A) Assuming you keep copies of all folders/emails locally
B) Assuming Google isn't evil and won't delete all your mail first before shutting down your account, thus causing your IMAP client to sync their deletion
B) I’m not sure Google ain’t evil. Even if they’re good, if I fail security on my side, some other evil person, unrelated to google, may be able to delete all my e-mails before shutting down my gmail account. That’s why e-mail client alone is good but not enough, also need backups of that local DB.
Agreed. Just pointing out the fact that IMAP alone isn't enough. Nothing replaces backups (whether from your IMAP client or from Google's own backup service.)
Google doesn't go out of their way to screw people. The problem is their automated spammer systems pick up people and kill their accounts and all their google accounts and you are stuck. That's the problem. There's no human to talk to. It's been a problem for more than a decade.
> Google doesn't go out of their way to screw people
We can't know that. There is no recourse when they do screw people and it would look the same from the outside whether it was an automated system or a manual one (or more likely, a mix of both).
I have both, but not using them for e-mails. This adds another huge attack surface — my domain name’s registration esp. the MX records. I’ve read horror stories about people having their online accounts stolen this way. I don’t think it’s possible to hijack gmail.com domain out of google’s control, they might be evil nowadays, but technically they’re still very professional, I believe.
I have reproduced this on OpenSUSE Tumbleweed, with stock Falkon browser (QT+Webkit) and javascript enabled. I have confirmed that this is accomplished through UA sniffing. I reproduce the message in plaintext below:
Sign in with a supported browser
To help protect your account, Google doesn’t let you sign in from some browsers. Google might stop sign-ins from browsers that:
Don’t support JavaScript or have Javascript turned off.
Have unsecure or unsupported extensions added.
Use automation testing frameworks.
Are embedded in a different application.
Opera went through this fight between e.g. 2004-2013.
It wasn't really fully resolved until the browser engine was switched to Blink/Chromium.
Now, of course Opera is ~indirectly managed by the chinese government, so no-one should be using it. Please just trust me on this one. The desktop browser is now built in Poland (not Norway/Sweden). The remaining technical management is very weak when it comes to things like principles.
"Opera is a freeware web browser ..., developed by Opera Software, a Norwegian software company, ... with the majority of ownership and control belonging to Chinese businessman Zhou Yahui, founder of Beijing Kunlun Tech and Chinese cybersecurity company Qihoo 360."
Probably just fastmail. I have trouble justifying the higher expense of maybe-more-secure options like Protonmail when really 99% of my use of email is transactional stuff or (product, job) alerts or updates. I've trialed them a couple times for side projects that never went anywhere, and they seem nice enough.
Yes, changing the user agent was all I needed to do in order to be permitted to log in. Not that javascript is required for GMail - it has a perfectly serviceable 'basic HTML' mode. Google's own support document[0] provides a link to it, although notably it's not canonical (the link will be different you than for me (why??)).
The same document is now obsolete - it claims "If you're using a browser that isn't supported, you'll see Gmail in HTML view." This is not true, as in fact what you'll see is "up yours, go away".
I sort of interpret "unsupported extensions" as "adblockers" - and with the current model of modifying the DOM I don't think it's preventable.
Maybe in the future we could run the website in one version of the DOM, hidden from the user, and then have the adblocker make a separate DOM that is displayed to the user. That loses almost all of the anti tracking and most of the security benefits though.
Javascript is obviously not required for Google Mail to work. Browsers that do not support Javascript work just fine. If we adjust the user-agent string to match a "supported browser" there is no need to change any Google settings. See https://support.google.com/mail/answer/15049
What is happening here is Google is only requiring Javascript to be turned on when the user signs in so Google (or its partners) can uniquely track users, even when users have indicated they do not want to be tracked, such as using session-only cookies, clearing stored cookies after signing out, enabling the DNT header, etc.
This is not necessarily about uniquely tracking users. This is likely about telling automation from manual traffic to login.
Credential stuffing is a large enough problem for account takeover and the cost to a user of losing their gmail account so high that at some point a team has to make tradeoffs about what can and cannot be used to log in.
edit: am Googler, not working on this area. Have background in account takeover/browser fingerprinting.
You say that, but my friend's google drive account is basically locked because of "spam/take over detection" and there's no response from google's customer support. Does google really care about end user here?
You never needed Javascript to access your @gmail anyway. Just use a dedicated mail client. Thunderbird, Outlook, Mail.app or any number of others...
I don't sign into any Google services in my web browser. If I need to sign in with Google, I use incognito or a separate browser profile if it's constantly necessary for some set of tasks.
They're still probably tracking me, but I don't care as much about that as I do about not getting locked into any one platform. The only Google service I'm really hooked on is their search but I'll switch away from that the second that it becomes unbearable to use. I've done stints on DDG and I'll be perfectly happy using that whenever Google search really starts going south.
This sign-in issue isn't about Gmail. Browsers that are not "approved" by Google are blocked from signing into Google, period. That means you can't use a grassroots browser to access Gmail, Youtube, Google Docs, Google Drive, and anything using Google's sign-in after today.
Stop using gmail, it seems daunting but it really only took me a few solid hours to switch all my important accounts to a paid provider like fastmail.
Think about how many important accounts you link through email and then think about how, if you don’t pay for gmail, Google doesn’t owe you access to your email or any service at all.
It feels great being free and you can setup forwarding so you can pick up the stragglers.
You also get the added spam freedom and security benefit of changing both your email and password which is great since we have no idea what leaked email/password lists are floating around out there... it’s like the ultimate unsubscribe!
I've switched to fastmail, and am staying with it. However, almost every aspect of it is objectively worse than Gmail; browser UX more awkward, Android email clients besides Google mail are awful and Google mail itself has very broken behaviors with it, spam filtering is poor, i had to give up things like nice calendar and address book integrations, etc.
However, as i pay Google for many other services, that means I am vulnerable to total and permanent account lock out if someone steals my credit card and gets it flagged by Google as fraudulent, as has been reported by more than one blog post. As long as Google does not address the issue of customer service being within their top 25 list of priorities, it is insane for anyone to use Gmail for important mail identities.
>Android email clients besides Google mail are awful
I still use K-9 Mail to handle my non-gmail accounts. I find it very usable with how it threads my work emails.
Although from what I understand its not actively developed anymore and the last post I see on the playstore says Sept 2018. I'm open to suggestions if anyone has them, especially if they are available via F-Droid.
Have you reached out to Fastmail about the things you don't like? I use them and like the UI, but anytime Ive had an issue and have contacted their support I got a quick response from a human.
They love their product and making it better so I think constructive criticism is welcomed there.
their UX is still really really good, compared to every other web UX I've ever used.....except for google's. I'm not sure how much better it can get unless they had google-amounts of resources to put into it. There are few fundamental assumptions in the gmail UX that make certain things possible that couldn't work in Fastmail's design, like being able to read messages while I'm selecting them, expanding / contracting threads at once, having drafts inline with the thread that I can leave and return to seamlessly, all using keyboard controls. I have a very specific email reading style and I also have to deal with folders that have hundreds of new messages daily.
Google's UX is the reason why I switched to Fastmail. Gmail became unusable on the web, even with a gigabit fiber connection it was impossibly slow, I was waiting 10 seconds+ for things to happen. And Gmail on android still doesnt have darkmode.
For sure to each their own and no app is perfect. (I would love Fastmail on android to have offline functionality for instance)
> being able to read messages while I'm selecting them
You can do this in Fastmail (presuming you don't have the reading pane turned on, i.e. are in the same layout as Gmail).
> expanding / contracting threads at once
Shift-click a message header to apply to all at once, or "Shift-E" kb shortcut to expand all.
> having drafts inline with the thread that I can leave and return to seamlessly
We take a slightly different approach, but using Cmd-Shift-S will toggle you instantly between your draft and the thread you are replying to, preserving your scroll position in both.
> You can do this in Fastmail (presuming you don't have the reading pane turned on, i.e. are in the same layout as Gmail).
EDIT: this message alerted me to the fact that there is a "hide reading pane" option so I am experimenting with that to see if this solves my problem. Also it would be SUPER helpful if the arrow keys would navigate through the message list like gmail does, J/K continues to be less comfortable for me.
If I check one of the messages/threads in the messages pane, such that I'm selecting it for being marked as read or deletion or something like that, in the right hand "read" pane, the message/thread on the right side turns into a single bar that is unreadable. in gmail I can select as many messages as I want and move back and forth between the "messages" and "Read thread" panes, using the enter key to read, semicolon to expand thread, and "u" to return to the message list, and the selections remain.
I have not been able to identify any similar flow in Fastmail; it forces me to deal with only one thread at a time, and I cannot read a message/thread that is also selected; clicking on it deselects it. So I can't select a series of messages and also read them, it would take a rethink of Fastmail's UX architecture for it to be possible.
> Shift-click a message header to apply to all at once, or "Shift-E" kb shortcut to expand all.
OK, Gmail's semicolon / colon toggle is much easier to use and also includes collapsing the thread also can this be added?
> We take a slightly different approach, but using Cmd-Shift-S will toggle you instantly between your draft and the thread you are replying to, preserving your scroll position in both.
OK, that is definitely more awkward. in gmail I can just scroll up to read the other messages in the thread, which is important because I often have to go back and read messages I'm responding towards. In fastmail, this would mean the "edit draft" button would give me an inline composition window that scrolls with the thread. This could be added to Fastmail with a lot of work but the UX at least does not prohibit this from being graphically feasible.
For me, after switching to fastmail my load time in browser went from around 30 seconds with the "new" gmail to under 5 with fastmail. Using HTML view on gmail the speed is more comparable
Personally, I don't usually use the broswer UI, but I like it much more than Gmail - simple, easy to navigate, does what I need. Though I mostly go there only for settings and it's always been easy.
I use IMAP and SMTP, and it just works. I can move and delete mail. No weird All mail folder, semi-automatic weird Trash, resurrecting messages and duplicates that are annoying to get rid of.
Overall, I hope they don't add complicated gimmicks or weird behaviours like gmail.
ProtonMail is better for privacy, and I think fastmail could read your emails if they wanted to - even if they don’t want to after the Australian data access laws. However, the fastmail privacy policy is quite good (I emailed them about it once), they come with calendar, and their system works really well. Fastmail is nice for imap too, ProtonMail requires extra software for it. Fastmail also gives you a free website via their hosted files features
If ProtonMail did a calendar though I would be using ProtonMail right now
Given that Fastmail is Australian, it is fundamentally untrustworthy in much the same way any US company is. Of course, Protonmail is pretty untrustworthy also. Most of that is down to them making claims that are patently untrue (the encryption keys are stored serverside, so their encryption is not better than symmetrical for one), but some of it is also just because they are not in a country with strong privacy guarantees (for that I tend to look at Scandinavia or Germany).
I have tried switching to fastmail and it was incredibly painful. In a nutshell, Microsoft/Hotmail and possibly other providers started to throw my emails to people to spam. I've missed out on important things in the physical world because of this. I've invested a lot of time trying to debug the issue. To their credit, Fastmail's customer service was excellent and they really tried to resolve the issues but in the end could not.
Also, fastmail web UI was okay but not great. I do like the new GMail UI better.
Microsoft is particularly annoying. If I send mail from my domain via my server in Rackspace's cloud to my @outlook.com address, Microsoft classifies it as spam. I tell it that the mail is not spam--and the next one still gets classified as spam. I've done this several times now, and it is still classifying them as spam. How many freaking times do you have to tell Microsoft that something is not spam before it learns?
Compare to Yahoo. The first one to my @yahoo.com address was classified as spam, but then after I told Yahoo that it was not spam, subsequent ones come through fine.
I know right? Seriously, Office 365 spam management is a joke. Not only do Microsoft's OWN HOLIDAY PROMOTION EMAILS get marked as SPAM.. but whenever I mark an item or whitelist a domain at the Exchange level it completely ignores the rules.
Has anyone ever successfully got SPAM management working using the native O365 tools?
Was about to say this. The fact that MSFT even throws their own promo emails into spam just tells me that there is no special preference kind of bias towards their own stuff, which is imo a feature, not a bug.
I have a custom domain in Fastmail, and after I did all of the DKIM/SPF and other email validation stuff (took an afternoon via their helpfiles) and got a green light from a couple authentication verifier services, I haven't had a single problem with being labeled as spam.
I had this problem in the beginning (specifically and only with hotmail), but it solved itself at some point. No idea if it was something that fastmail did or that hotmail did.
I have been using fastmail for one year and had zero other problems. If we don't move away from gmail, we will lose email, which is one of the only true decentralized and free protocols still left.
I have used fastmail for all my business accounts for years. I have never had problems with deliverability. But I did warm the accounts using best practices recommended online to start.
Basically, you have to take a set of ritual steps to "warm" various email resources (such as domains, addresses, and IPs) to be flagged as "known" and "legitimate". For example, IP addresses: you should send warming emails to a valid address that you control for a few weeks to just show up on lists without having spam marks against you.
This is what I do. I use a mail client and forgo web interfaces unless forced. Fastmail is a fine mail provider (I'm cheap and I'm not giving up my 4 grandfathered GSuite custom domain accounts, especially since 3 of them have support for 50 "users" b/c moving the same setup to Fastmail would cost hundreds of dollars a year), but even with them, I would still much rather use a mail client.
I'm literally locked out of two of my Gmail accounts and there's no recourse for me. I'm not going to pay them to regain access. I'm just never going to use any of their services, paid or not.
This gets at the fundamental question of trust. Do we inherently trust fastmail more than google because fastmail does not offer a free service? Do we trust google to give any amount of service to their paying customers? It’s a hard question and I don’t have the answer. My gut says fastmail is likely more trustworthy because of their non-evil business model and lack of horrible customer service. Idk though. If I still use google domains for an email alias domain is that an acceptable risk? What if the technocrats decide that their emails are the only Real Emails and block out any email that isn’t in the gmail/iCloud/hotmail/etc circle? Email is too important of an identifier to play games with. Losing my primary email without a chance to migrate is something I will try to avoid at great cost.
Which is still relevant, because Google won't give you access to your email unless you use a major browser (or imap, etc) regardless of whether you pay.
Do you use google docs and other office tools? I've tried to switch to Dropbox Paper and Microsoft but they feel clumsy or incomplete or spammy or slow compared to Doc and Sheets. I'm looking for a relatively straightfoward set of changes to my major web activities away from google.
I'd be curious how you're using MSFT Office, but I've been bouncing between a Surface Pro for work and Mac Mini at home, and love the Office 365 suite.
Virtually 100% of my clients can open Word / Excel / Powerpoint documents, and you'll have to pry Excel from my cold, dead hands =).
I personally love the power features of Excel, and even do some VBA scripting to automate some workflows in Excel and Outlook.
I don't do much real-time collab on documents at the same time with other folks on my team, so I can't attest to that - though I hear that Msft has come a long way here and the Fluent roadmap looks really promising.
I can't stand excel. It thinks it knows what I mean and actually edits my data destructively, mistakenly, especially when I enter dates in day/month/year format. If you just import a CSV and then export it directly, it mangles the data. I will not tolerate such behavior.
If you have a column of phone numbers with leading zeroes, coming in from a csv, it decides it's a number and drops the leading zero, which breaks the phone number.
I figured out that you can technically specify type in Excel to prevent destroying the data, but by that point I’d much rather just load a data frame in R or Pandas.
This. Microsoft Office and O365 are magnitudes more useable and mature compared to GSuites. This wasn't clear to me until I'm now at a shop that only uses Google - its like a giant step back tech and usability wise. A year in now, and slowly getting some O365 shadow IT going to improve everyones life. Lol
And everyone knows, Microsoft Office isn't perfect...
Apple's office suite is really nice, if you're in that world. I dunno if they do collaborative editing, but Notes does, so they might. If it's gotta be in a browser—IDK, it bugs me having a document editor or spreadsheet program eat so much memory and so many background cycles that I don't feel like I can leave it open and forget about it while doing other things even on a pretty powerful machine without slowing things down and killing my battery, plus they all feel really laggy, so I've mostly stopped using browser-based office tools, period, whenever I can avoid them.
"Invite others to your documents and work on them together in real time. Collaboration is built into the iWork apps on iPhone, iPad, iPod touch, Mac, and iCloud.com"
I just like how lightweight they are, and (this may be silly, I know) I like how good-looking and useful the included templates are. Also they rarely crash or do anything weird, which you'd think would just be normal by now, but very much is not.
Last time I remember using modern-ish GUI Office-type programs that felt this respectful of system resources was years ago when I used Linux, and I dropped OpenOffice (too damn heavy and slow) for some of the single-purpose alternatives like Gnumeric (is that even around anymore?). Apple's various utility and basic productivity programs are really damn good (god I love Preview) and a big part of what keeps me suffering through all the bad things about Apple products.
In the case of Gmail vs. Fastmail I’m not so sure it’s a downgrade, but if you switch away from Google Docs etc. you will indeed lose things you were used to (great collaboration, speed etc.)
However you also gain something. For me personally actually three things:
* I no longer feel like the service I’m using is like a rug that can be pulled from under my feet at any moment
* My data (mail, documents, etc.) are now actually under my control and not in some “arbitrary“ format on a server I can’t reach except from my browser
* As a bonus feature, my mail is only read by me and my behavior is tracked by no one
Google can still affect you by not delivering your emails. I've had my own domain for personal, noncommercial use for 15+ years the past few with Rackspace as the email host. I accessed my email account with Thunderbird, webmail, BlueMail on the phone. As of a few days ago I cannot send email to friends with Gmail or businesses that subscribe to Gsuite. My messages are rejected at their servers. I think the domain name itself is triggering the block since Rackspace says their servers and IP addresses are clean.
I found out about SPF, DKIM, and DMARC and set them up, followed all the other instructions on assorted Google sites, and still no go. Apparently the blocks can take weeks to clear or may even be permanent. The reject emails say to contact postmaster@google.com which, of course, is pointless since I can't email the domain. I don't even think there's anything behind it if I could. There's no way to contact any person or group regarding the block which I think must have happened due to spoofing.
From what I can see, domains these days are assumed to be commercial for mass mailings and having one's own for incidental use is an outlier.
Totally. And a lot of people don't realize you can remove Gmail from your Google account, and then use your new non-gmail address as the username for your existing Google Account. That way folks can still share Google docs with you, etc. Works seamlessly.
> It feels great being free and you can setup forwarding so you can pick up the stragglers.
Then if you create a rule at the new provider that files those messages into a dedicated folder, that folder essentially acts as a todo list for accounts that need updated.
Let me just go further with this, not only moving emails to another provider, get raspberry pi, get a domain, get a certificate, get static ip, take some time to read one of tutorials on internet and set up postfix/dovecot. It is really liberating to run your own mail server, defining aliases/mail accounts on the fly, let me give you just one example, I am using a different alias specifically crafted for each service. I have cought numerous of sites selling it for spam (or it was hacked). Getting rid of spam? Just /dev/null the account/alias. Annoying newsletters? /dev/null. Need another account on service? Generate new account/alias. Not to mention the amount of knowlidge you will gain from running your own server.
Get rid of dependancy on others, you dont need it. And with some basic knowlidge it is not even hard. You dont need google or anyone else for email communication.
I am doing it for 10 years, with almost 0 downtime, also smtp server that hands over mail to your server will retry and wait so - no, it doesnt need to be up 24/7. Actually rejecting email with try later is a way of fighting spam.
Also with a $100 worth UPS, raspberry pi lasts forever. And pi is all you need.
Completely agree with this. In my case, I have a domain at namecheap. I've been using their hosted email for a while now and love it! So glad I left Gmail.
I'm locked out of two of Gmail my accounts. There's no way to recover the accounts as far as I can tell. I'm not going to pay them and just hope they can get me back in.
You’d think that, but nope. Signed up during the beta by invite, never used them. Unless not using them violates the terms of service? I have all the recovery info too and original passwords. It accepts the password and recovery stuff, but just won’t let me in.
I only use gmail in chrome. And I only use chrome for google services (and development). It's like a quarantine. All my other browsing happens in firefox...
It's really becoming a pet peeve of mine when people randomly add question marks at the end of titles on HN (the linked article doesn't). Especially when it doesn't make sense grammatically.
I've been super happy with Fastmail, I suggest you give it a shot if you've become as frustrated as I have with Google's products. When they killed Inbox it was the final straw for me.
I experienced something similar with Electron applications too. If you're an Electron dev, do NOT handle authentication within Electron. Handle it in their default browser.
I just encountered this with an Election app (Polarized Bookshelf) trying to do an OAuth flow. I can no longer log in to my account on the app!
I'm not actually upset, though. Such is life when you rely on entirely free services provided by another company. It's almost like the role Google plays in my life is that of some natural phenomena, perhaps as seen by an ancient civilisation: omnipresent, inscrutable, unthinkingly capricious. Such is the way is the world, my son.
Google isn't a natural phenomena though- it's a group of people making decisions that have a huge ripple effect throughout our society. Google using it's monopoly powers to restrict how the internet can grow is something we should all take seriously.
It’s still a bandaid solution that makes the problem even worse by increasing fragmentation. It’s the best way to make sure browsers never follow any standard and nothing ever gets fixed by shifting responsibility to hundreds of millions of websites individually rather than a few clients
This. It reminds me of the recycling campaigns shifting responsibility to the consumer with the transition from glass to plastic.
As a web developer though I know the agent shortcut is tempting. Without it I imagine we'd have to wait for a quorum of popular browsers before dropping feature detection for any given capability.
EDIT: Chrome's user agent doesn't work, but Firefox's does. I suppose it works because if Google's sign-in form sees a Chrome user agent, it expects a certain different browser fingerprint, so it rejects it. But maybe it's more lenient on the fingerprint match if it sees a Firefox user agent. This one worked for me, from https://techblog.willshouse.com/2012/01/03/most-common-user-...
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
Note that setting that UA globally is a bad idea - it'll break stuff on various other websites. You might want to try setting it with a `https://accounts.google.com/*` URL pattern - or ideally, even only `https://accounts.google.com/signin` or so, if that works. Please let me know what works and what doesn't, as I still can't reproduce this with my own Google account.
Note that setting that UA globally is a bad idea - it'll break stuff on various other websites. You might want to try setting it with a `https://accounts.google.com/*` URL pattern - or ideally, even only `https://accounts.google.com/signin` or so, if that works. Please let me know what works and what doesn't, as I still can't reproduce this with my own Google account.
Is this more robust than just User Agent sniffing? I'm pretty sure Google basically assigns browsers a credit rating. i.e. UA string CoolBrowser v1.8.8 is good but CoolBrowser v1.7.0 is downgraded or blocked.
This goes against Google's own web accessibility guidelines circa 2008 that they seemingly ignore now, but was the reason I left internet explorer to begin with.
I really really liked squirrelmail when my host used it. It wasn't perfect but had lots of plugins and was light and fast, and was open source. It was ugly though, and had a few bugs.
Then my host pushed, despite objections from the community, atmail, a proprietary gmail-alike webmail interface. It is even more buggy, and slow as hell, but hey, at least it looks "cool".
In related news Vivaldi (spiritual successor to old, pre Chrome Opera) just dropped its labelling/branding from User Agent string to counter this type of shenanigans https://vivaldi.com/blog/user-agent-changes/
I see lots of people mentioning email clients. What email client do people use? Is it fast and robust? Every one I know of seems to have severe lags and/or have a lot of mess to clean up when it inevitably crashes.
Not if you use ProtonMail for an anonymous Instagram account. Instagram will lock almost all features like following/unfollowing, comments, descriptions, etc.
is this why i'm getting "basic HTML view" in my iphone ? i can't even find a link to switch to normal HTML. And if i log out, "take me to the latest gmail" doesn't work
I wish this were the only problem I had with gmail on the iphone (because I'm not downloading the app) where switching accounts is essentially a roll of the dice whether or not gmail feels like actually taking me from one account to another.
Fixed it in the end by just bookmarking the two account pages separately.
Google's the only of the big tech companies where my every interaction with their products leaves me thinking they must let the interns do everything while the presumably-brilliant FTEs eat free snacks and play Smash Brothers all day, or something. Been that way for years. Even their libraries and SDKs and such give that impression. It's so weird. I don't know what's wrong there but it must be some deep-rooted cultural problem, is all I can figure.
that's the reason i also use the HTML version, to switch between multiple accounts. sometimes one of the accounts will stop refreshing but will not tell me that i need to log in again. and logging out logs out all accounts so you have to start over. i 'll try the bookmarking thing if they ever fix it because now i m stuck with basic HTML version for feature phones.
Sounds like we're in the exact same boat then, but yes that's basically been the workaround I've had to endure. Would be nice if the feature worked as designed, but this will have to do.
How long before Firefox is considered a niche browser by Google and banned? I'll start holding my breath. It won't be long especially if we, as tech users, continue to promote Chrome to the rest of the world like it isn't the cancer it has grown into.
Yup and it'd be easy for them to do so. They could also just keep FF funded with a low market share to pretend like they don't want to get rid of it in the same way that large companies donate to different causes to pretend like they are not the ones causing the essential problems that they are donating to fix in the first place.
In a world where half the population uses "password" as their password for their identity provider and bank, I am not sure why we're upset that fingerprinting is going on. It's that or a lot of hacked accounts.
Sure, you have a nine million character password with eight hardware factors to turn on your light bulb... but you have to realize that's rather uncommon.
This change by Google is about blocking bots and automation, as their error message makes clear.
All the big service providers have a large problem with botnets logging in to accounts with stolen credentials, or with fake spam accounts they created themselves. They do this with automation and so detecting automation is a good way to detect and stop them without major inconvenience to users (who generally don't automate their own Google accounts).
The nature of this technique means their servers can't tell the difference between a niche browser and a dedicated abuse tool. If a tool claims to be Chrome and gets spotted because it's not, the obvious fallback is to just make up new user agents that are rare or unusual. Sure, the traffic is very visible to humans who may be watching post-hoc, but a UA is just a string so it can be constantly changed. Blocking bad traffic means adapting to changes in it automatically and quickly. So eventually this pushes companies towards just locking out browsers nobody uses because it's too hard to tell them apart from malicious automation software.
That's unfortunate: it makes it harder for someone to get traction with a genuinely new rendering engine. But those cost billions of dollars to develop these days and even Microsoft doesn't want to play that game anymore, so it's a rather theoretical loss compared to the gains, which are large and real.
I mean, why would anyone who goes out of their way to use a "niche browser" even have a Gmail account?
Edit: My point here is that Google is so invasive and fundamentally hostile to privacy that using it with anything more secure than Firefox seems futile. And if you love some niche browser so much, go for it. But use Firefox for Gmail. Or even better, use Thunderbird.
I use DDG app as my primary browser on mobile and I have a Gmail account. I like both for their ability to limit the amount of interruptive advertising I have to deal with.
Their reasoning is so baffling, and technically incorrect about browser performance and security, that there is one conclusion to be made: Google and the Chrome team is dishonest about why they're partially deprecating the webRequest API.
Extensions are free to observe requests and page content, and exfiltrate data at will, but you no longer have full control over the requests Chrome is making. It is about control, not your privacy and security.