Reply To: Gmail & IMAP
It’s not SSL (by the way, SSL only encrypts during transport so they can still spy on you). I thought it might be two-factor identification since we’ve been hearing a lot about that lately, but that’s not it, it’s this.
the “modern security standard” Google are trying to force feed everyone is a web standard not a mail standard. To work properly the application must act as a browser. Something of a security issue for a mail client that is not a browser.
They Mention Outlook and Thunderbird like they are standouts. The truth is there is not a mail client on the planet other than Google web apps in a browser or on a mobile device that meet their standard.
The bottom line is enable less secure apps. They are standards compliant applications. They are not less secure, they just do not meet Googles arbitrary authentication standard.
Google wants email clients to implement OAuth2.0-based authentication, and has stated they intend to cause disruption (hassles) for users that authenticate (login) using a username/password with the POP, IMAP, or SMTP protocol. OAuth 2.0 requires the email client to launch a browser to display a HTML form provided by Google (which can do anything they want) , and then use a token that it returns.
This is not an issue of whether or not Thunderbird is implementing the latest version of SSL/TLS etc., they’re basically saying they are trying to actively discourage people from using any email client that logins to Gmail using POP, IMAP or SMTP anymore. This appears to be another example of embrace, extend, and extinguish.
Turns out their “modern standard” is a meaningless scare tactic in order to get people to use something which Google designed and no one else uses. Meanwhile, Google doesn’t even support older security standards like PGP encryption while its social networking rival, Facebook, does (I shouldn’t say rival, Facebook has hundreds of millions of users. By comparison almost no one uses Google Plus).