
Ask HN: How can you trust non open source, third party email clients? - xeo84
I might be over paranoid and correct me if wrong but as far as I understand, almost all the email clients out there either store your credentials or the access token to be able to send you push notifications for new emails.<p>Once they have the credentials&#x2F;token, they have full control over your emails, what happen if they get compromised or they leak your data? 
Even 2FA will not protect you in this case since you already give them the auth token after a successful 2FA auth, or a specific app password.<p>Considering the email is used to reset almost all other accounts passwords, how can you trust a third party email clients? Am I missing something? 
Thanks.
======
nvr219
I don't use non-open-source, third party email clients.

For G Suite (personal) - I use gmail web client.

For Office 365 (work) - I use Outlook.

For my own mail server - I use Thunderbird or forward to gmail.

~~~
bhhaskin
Both Outlook and Gmail are closed source, third party email clients. You might
be able to peak at the front end, but you have no idea what's going on behind
the scenes. Sure, from a security stand point you are most likely fine for
most use cases, but Gmail dose scan your emails for advertising targeting
reason.

~~~
FLCL
Gmail is closed source, but it isn't a third party from the you->google
relationship.

~~~
gumby
Umm, what? You are trusting them with the contents of the mail -- they don't
even need your credentials. They are a third party between you and your
correspondent.

------
gumby
How do you trust someone else to manage your mail service?

How do you trust every line of an open source package without auditing it
yourself?

In your hierarchy of risk/trust, this one is pretty small.

~~~
hdhzy
Exactly this. If one doesn't audit and build the software yourself they can't
be sure what they are getting (remember we're still far away from reproducible
builds for everything).

------
davelnewton
Is this rhetorical?

How can you trust _any_ app that has access to your data?

------
quickthrower2
Send / receive encrypted messages. Print out encrypted data. Type into
computer you built yourself from individual transistors to do the decryption.

------
GoToRO
The same way you trust your surgeon. How do you know he will make you better
and not kill you in an elaborate way?

------
bradknowles
How do I know you are a real person and not a figment of my imagination?

Can you prove that you exist?

