
Is it time for antitrust laws for the cloud? e.g. Google's move away from IMAP - dashwin
Google as many have pointed out introduced new OAuth verification procedures. As part of this if your application is using IMAP and not using all its features, then you are forced to move over to Gmails API to reduce scope usage (see [1]). As Microsoft uses a proprietary protocol for their email servers, it looks like both Google and Yahoo being the large monopolies they are have no particular reason to stick to standards.<p>If IMAP is broken from a security&#x2F;privacy standpoint, why not propose a new standard? This sort of behavior to vendor lock in should be dissuaded by antitrust laws. There was antitrust during Netscape times and a lot of good has come off of that. If you think about the &quot;cloud&quot; based monopolies now, they can stifle innovation in similar ways but there hasn&#x27;t been any focus on cloud based antitrust behavior.<p>[1] Googles response to an IMAP application approval below - if you don&#x27;t use every single feature of IMAP then the user data policy bars your application from using it.<p>&quot;&quot;&quot;
We can allow the usage of IMAP only in situations where the app ALSO complies with our User Data Policy. To further answer your question - yes the https:&#x2F;&#x2F;mail.google.com&#x2F; scope is required to use IMAP BUT to gain access to that scope you must comply with our User Data Policy.<p>Under our Google API Services: User Data Policy &quot;we require that developers do not request access to information that they don&#x27;t need and should only request access to the minimal, technically feasible scope of access that is necessary to implement existing features or services in your application, and limit access to the minimum amount of data needed.&quot; The usage of IMAP for your app alone does not justify the need for https:&#x2F;&#x2F;mail.google.com&#x2F; as the functionality of the app can be achieved using more granular scopes. 
&quot;&quot;&quot;
======
newscracker
I got a notice from Google on changes coming up in G Suite with respect LSAs
(Less Secure Apps). Initially I was miffed at it since I thought IMAP access
was going away, but on reading it closely, I understood it as "even less
secure protocols like IMAP and others have to be authorized through OAuth
(with user consent on information shared), but we will allow the domain
administrator to decide whether to continue allowing these apps or not".

This seems to be aimed at controlling the information that apps may collect,
but I'm not so sure if that's the intent or if that will be really achieved.

I agree with your point that if IMAP is broken or deficient, then the industry
needs to come up with good alternatives. But it hasn't happened all these
years. JMAP still seems to be several years away from widespread adoption, and
I don't know enough to say if it's a better replacement for IMAP in all
respects to be a stand-in replacement (with email clients changing to support
it).

I wish Mozilla hadn't made Thunderbird into a community project and had
instead stood by it as a steward of industry standards and adoption (and
worked with Fastmail on JMAP). I can't think of any large non-profit company
working on email. Mozilla still supports Thunderbird in multiple ways, but
it's not like how it was before the project was spun off.

Companies like Google and Microsoft have strangled email in various ways and
are making it tougher for other contributors and players to do much, IMO.

I'd love to hear what the JMAP team thinks of these changes that Google is
bringing and what it means in general for email.

