
Google bans niche browsers from Gmail? - dTal
https://www.reddit.com/r/kde/comments/e7136e/google_bans_falkon_and_konqueror_browsers/
======
dessant
Google is also going forward with deprecating the blocking portion of the
webRequest API, it is already in Chrome Canary. The change will break
extensions, and will make several use cases impossible which are not related
to ad blocking, but center around privacy and security, or just a need to
modify requests for various reasons.

Their reasoning is so baffling, and technically incorrect about browser
performance and security, that there is one conclusion to be made: Google and
the Chrome team is dishonest about why they're partially deprecating the
webRequest API.

Extensions are free to observe requests and page content, and exfiltrate data
at will, but you no longer have full control over the requests Chrome is
making. It is about control, not your privacy and security.

~~~
userbinator
_It is about control, not your privacy and security._

The big organisations behind browsers have been spinning it this way for
_years_ , and unfortunately the majority still haven't realised the truth.
It's the same strategy that makes "think of the children" and "war on
terrorism" arguments so pernicious --- taking away freedom by reasoning that
it's for a cause so "ostensibly good" that no one would be seen arguing
against.

~~~
dTal
If you ask me, the same is true of the current culture of "a device must
receive (automatic!) OTA updates from the manufacturer or it is insecure, and
local administrative control is dangerous." And the the underlying logic is
the same, a kind of nannying philosophy that holds that people are too witless
and irresponsible to be trusted with freedom, and for their own good must be
shepherded and coddled by a friendly Big Brother.

Between my laptop running Linux, on which I am root and no changes in software
are made unless I specifically authorize it, and an Android tablet which is
constantly downloading "updates" from Google (and uploading god-knows-what), I
know which one makes _me_ feel more private and secure.

------
Const-me
I prefer my e-mails in a standalone IMAP client.

E-mail clients don’t serve ads.

For security reasons, they block linked content by default, meaning google
can’t track what I do with my e-mails.

Google can terminate an account any time without any reason, if they do that,
I won’t lose access the e-mails I’ve received or sent.

My screen refresh rate is 60Hz, ping from here to gmail.com 36ms, this means
web interface has at least 3x latency compared to a locally running app.

I don’t care about their web interface re-designs, or browser compatibility
issues like the one discussed.

Gmail can’t turn off IMAP as it would break e-mail on smartphones. Large share
of these smartphones run old versions of Google Android which will never be
updated, this also helps to ensure their IMAP access is here to stay.

~~~
eblanshey
> Google can terminate an account any time without any reason, if they do
> that, I won’t lose access the e-mails I’ve received or sent.

A) Assuming you keep copies of all folders/emails locally B) Assuming Google
isn't evil and won't delete all your mail first before shutting down your
account, thus causing your IMAP client to sync their deletion

~~~
Const-me
A) Yes I do

B) I’m not sure Google ain’t evil. Even if they’re good, if I fail security on
my side, some other evil person, unrelated to google, may be able to delete
all my e-mails before shutting down my gmail account. That’s why e-mail client
alone is good but not enough, also need backups of that local DB.

~~~
eblanshey
Agreed. Just pointing out the fact that IMAP alone isn't enough. Nothing
replaces backups (whether from your IMAP client or from Google's own backup
service.)

~~~
NotSammyHagar
Google doesn't go out of their way to screw people. The problem is their
automated spammer systems pick up people and kill their accounts and all their
google accounts and you are stuck. That's the problem. There's no human to
talk to. It's been a problem for more than a decade.

~~~
krageon
> Google doesn't go out of their way to screw people

We can't know that. There is no recourse when they do screw people and it
would look the same from the outside whether it was an automated system or a
manual one (or more likely, a mix of both).

------
dTal
Screenshot: [https://imgur.com/a/wfi3hFR](https://imgur.com/a/wfi3hFR)

I have reproduced this on OpenSUSE Tumbleweed, with stock Falkon browser
(QT+Webkit) and javascript enabled. I have confirmed that this is accomplished
through UA sniffing. I reproduce the message in plaintext below:

Sign in with a supported browser To help protect your account, Google doesn’t
let you sign in from some browsers. Google might stop sign-ins from browsers
that:

Don’t support JavaScript or have Javascript turned off. Have unsecure or
unsupported extensions added. Use automation testing frameworks. Are embedded
in a different application.

~~~
tpmx
Opera went through this fight between e.g. 2004-2013.

It wasn't really fully resolved until the browser engine was switched to
Blink/Chromium.

Now, of course Opera is ~indirectly managed by the chinese government, so no-
one should be using it. Please just trust me on this one. The desktop browser
is now built in Poland (not Norway/Sweden). The remaining technical management
is very weak when it comes to things like principles.

~~~
linux2647
Do you have a source on China (indirectly) managing Opera?

~~~
tandr
According to
[https://en.wikipedia.org/wiki/Opera_(web_browser)](https://en.wikipedia.org/wiki/Opera_\(web_browser\))

"Opera is a freeware web browser ..., developed by Opera Software, a Norwegian
software company, ... with the majority of ownership and control belonging to
Chinese businessman Zhou Yahui, founder of Beijing Kunlun Tech and Chinese
cybersecurity company Qihoo 360."

------
3xblah
Javascript is obviously not required for Google Mail to work. Browsers that do
not support Javascript work just fine. If we adjust the user-agent string to
match a "supported browser" there is no need to change any Google settings.
See
[https://support.google.com/mail/answer/15049](https://support.google.com/mail/answer/15049)

What is happening here is Google is only requiring Javascript to be turned on
when the user signs in so Google (or its partners) can uniquely track users,
even when users have indicated _they do not want to be tracked_ , such as
using session-only cookies, clearing stored cookies after signing out,
enabling the DNT header, etc.

[https://en.wikipedia.org/wiki/Device_fingerprint](https://en.wikipedia.org/wiki/Device_fingerprint)

~~~
brunoTbear
This is not necessarily about uniquely tracking users. This is likely about
telling automation from manual traffic to login.

Credential stuffing is a large enough problem for account takeover and the
cost to a user of losing their gmail account so high that at some point a team
has to make tradeoffs about what can and cannot be used to log in.

edit: am Googler, not working on this area. Have background in account
takeover/browser fingerprinting.

~~~
parthdesai
You say that, but my friend's google drive account is basically locked because
of "spam/take over detection" and there's no response from google's customer
support. Does google really care about end user here?

------
luxuryballs
Stop using gmail, it seems daunting but it really only took me a few solid
hours to switch all my important accounts to a paid provider like fastmail.

Think about how many important accounts you link through email and then think
about how, if you don’t pay for gmail, Google doesn’t owe you access to your
email or any service at all.

It feels great being free and you can setup forwarding so you can pick up the
stragglers.

You also get the added spam freedom and security benefit of changing both your
email and password which is great since we have no idea what leaked
email/password lists are floating around out there... it’s like the ultimate
unsubscribe!

~~~
zzzeek
I've switched to fastmail, and am staying with it. However, almost every
aspect of it is objectively worse than Gmail; browser UX more awkward, Android
email clients besides Google mail are awful and Google mail itself has very
broken behaviors with it, spam filtering is poor, i had to give up things like
nice calendar and address book integrations, etc.

However, as i pay Google for many other services, that means I am vulnerable
to total and permanent account lock out if someone steals my credit card and
gets it flagged by Google as fraudulent, as has been reported by more than one
blog post. As long as Google does not address the issue of customer service
being within their top 25 list of priorities, it is insane for anyone to use
Gmail for important mail identities.

~~~
officeplant
>Android email clients besides Google mail are awful

I still use K-9 Mail to handle my non-gmail accounts. I find it very usable
with how it threads my work emails.

Although from what I understand its not actively developed anymore and the
last post I see on the playstore says Sept 2018. I'm open to suggestions if
anyone has them, especially if they are available via F-Droid.

~~~
jdofaz
Looks alive to me
[https://github.com/k9mail/k-9/releases](https://github.com/k9mail/k-9/releases)
, F-Droid has the most recent pre-release from last week.

~~~
tecleandor
Releases were stalled for a long while, and then, past week, released a really
big update, both technical and cosmetic.

------
pcmaffey
I only use gmail in chrome. And I only use chrome for google services (and
development). It's like a quarantine. All my other browsing happens in
firefox...

~~~
dhimes
Exactly how I work also.

------
ginko
It's really becoming a pet peeve of mine when people randomly add question
marks at the end of titles on HN (the linked article doesn't). Especially when
it doesn't make sense grammatically.

~~~
dTal
I did not add the question mark. Take it up with the site admins.

------
brenden2
I've been super happy with Fastmail, I suggest you give it a shot if you've
become as frustrated as I have with Google's products. When they killed Inbox
it was the final straw for me.

------
virtuallyvivek
I experienced something similar with Electron applications too. If you're an
Electron dev, do NOT handle authentication within Electron. Handle it in their
default browser.

------
pugio
I just encountered this with an Election app (Polarized Bookshelf) trying to
do an OAuth flow. I can no longer log in to my account on the app!

I'm not actually upset, though. Such is life when you rely on entirely free
services provided by another company. It's almost like the role Google plays
in my life is that of some natural phenomena, perhaps as seen by an ancient
civilisation: omnipresent, inscrutable, unthinkingly capricious. Such is the
way is the world, my son.

~~~
tedivm
Google isn't a natural phenomena though- it's a group of people making
decisions that have a huge ripple effect throughout our society. Google using
it's monopoly powers to restrict how the internet can grow is something we
should all take seriously.

------
vortico
This is why I fake my user agent. I use Qutebrowser
([https://www.qutebrowser.org/](https://www.qutebrowser.org/)) but pretend to
use the most common user agent on this list.
[https://techblog.willshouse.com/2012/01/03/most-common-
user-...](https://techblog.willshouse.com/2012/01/03/most-common-user-agents/)

~~~
The-Compiler
From what I've heard, setting a Chrome UA doesn't help with the Google Mail
sign-in.

~~~
vortico
Ouch, you're right. I can't log in anymore.

EDIT: Chrome's user agent doesn't work, but Firefox's does. I suppose it works
because if Google's sign-in form sees a Chrome user agent, it expects a
certain different browser fingerprint, so it rejects it. But maybe it's more
lenient on the fingerprint match if it sees a Firefox user agent. This one
worked for me, from [https://techblog.willshouse.com/2012/01/03/most-common-
user-...](https://techblog.willshouse.com/2012/01/03/most-common-user-agents/)

    
    
        Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0

~~~
The-Compiler
Note that setting that UA globally is a bad idea - it'll break stuff on
various other websites. You might want to try setting it with a
`[https://accounts.google.com/*`](https://accounts.google.com/*`) URL pattern
- or ideally, even only
`[https://accounts.google.com/signin`](https://accounts.google.com/signin`) or
so, if that works. Please let me know what works and what doesn't, as I still
can't reproduce this with my own Google account.

~~~
krageon
> setting that UA globally is a bad idea

What exactly will it break?

~~~
The-Compiler
I often talk to people reporting a broken website in qutebrowser where it
turns out to be due to a Firefox user agent.

Some examples (there are lots more via IRC/Reddit/...):

[https://github.com/qutebrowser/qutebrowser/issues/4302](https://github.com/qutebrowser/qutebrowser/issues/4302)
[https://github.com/qutebrowser/qutebrowser/issues/3822](https://github.com/qutebrowser/qutebrowser/issues/3822)
[https://github.com/qutebrowser/qutebrowser/issues/1187](https://github.com/qutebrowser/qutebrowser/issues/1187)

------
wtfrmyinitials
Reason number n+1 why Google is bad for the open web

~~~
vernie
Just use AMP it'll be fiiine...

------
a3n
Fastmail. Happy customer for many years.

------
tomaszs
Google decides what is good for you. You will will be safe!

------
smittywerben
Is this more robust than just User Agent sniffing? I'm pretty sure Google
basically assigns browsers a credit rating. i.e. UA string CoolBrowser v1.8.8
is good but CoolBrowser v1.7.0 is downgraded or blocked.

This goes against Google's own web accessibility guidelines circa 2008 that
they seemingly ignore now, but was the reason I left internet explorer to
begin with.

------
arminiusreturns
I really really liked squirrelmail when my host used it. It wasn't perfect but
had lots of plugins and was light and fast, and was open source. It was ugly
though, and had a few bugs.

Then my host pushed, despite objections from the community, atmail, a
proprietary gmail-alike webmail interface. It is even more buggy, and slow as
hell, but hey, at least it looks "cool".

------
rasz
In related news Vivaldi (spiritual successor to old, pre Chrome Opera) just
dropped its labelling/branding from User Agent string to counter this type of
shenanigans [https://vivaldi.com/blog/user-agent-
changes/](https://vivaldi.com/blog/user-agent-changes/)

------
mehrdadn
I see lots of people mentioning email clients. What email client do people
use? Is it fast and robust? Every one I know of seems to have severe lags
and/or have a lot of mess to clean up when it inevitably crashes.

~~~
shmerl
Kmail is not bad.

------
konart
Just use email client like you do (most likely) on your phone.

------
Endy
This makes me very glad that I don't use GMail regularly, and the only access
I have to it is via IMAP in Interlink.

~~~
petjuh
I access my GMail with Chrome and have no problems.

~~~
Endy
That makes you part of the problem of Google's takeover, not part of the
solution of a free Web.

------
foob4r
ProtonMail with Brave works really well.

~~~
eddieh
Not if you use ProtonMail for an anonymous Instagram account. Instagram will
lock almost all features like following/unfollowing, comments, descriptions,
etc.

~~~
foob4r
Don't use Instagram?

~~~
krageon
Just as "don't use anything but Chrome" isn't a good answer for Google login
problems, this isn't a good answer to their problem.

------
ha470
Anyone have any idea how they're doing this? Switching user agents doesn't
seem to help.

------
buboard
is this why i'm getting "basic HTML view" in my iphone ? i can't even find a
link to switch to normal HTML. And if i log out, "take me to the latest gmail"
doesn't work

~~~
dvtrn
I wish this were the only problem I had with gmail on the iphone (because I'm
not downloading the app) where switching accounts is essentially a roll of the
dice whether or not gmail feels like _actually_ taking me from one account to
another.

Fixed it in the end by just bookmarking the two account pages separately.

~~~
shantly
Google's the only of the big tech companies where my every interaction with
their products leaves me thinking they must let the interns do everything
while the presumably-brilliant FTEs eat free snacks and play Smash Brothers
all day, or something. Been that way for years. Even their libraries and SDKs
and such give that impression. It's so weird. I don't know what's wrong there
but it must be some deep-rooted cultural problem, is all I can figure.

~~~
lawn
What do you mean, doesn't Google only hire the best of the best?

~~~
krageon
Is this sarcasm? I genuinely cannot tell.

~~~
lawn
Yes sorry, it was sarcasm.

------
mnm1
How long before Firefox is considered a niche browser by Google and banned?
I'll start holding my breath. It won't be long especially if we, as tech
users, continue to promote Chrome to the rest of the world like it isn't the
cancer it has grown into.

~~~
seabrookmx
Google funds Mozilla by paying to be their default search engine.

I think we'd see that deal cancelled before Google dropped support for
Firefox.

~~~
mnm1
Yup and it'd be easy for them to do so. They could also just keep FF funded
with a low market share to pretend like they don't want to get rid of it in
the same way that large companies donate to different causes to pretend like
they are not the ones causing the essential problems that they are donating to
fix in the first place.

------
jrockway
In a world where half the population uses "password" as their password for
their identity provider and bank, I am not sure why we're upset that
fingerprinting is going on. It's that or a lot of hacked accounts.

Sure, _you_ have a nine million character password with eight hardware factors
to turn on your light bulb... but you have to realize that's rather uncommon.

~~~
plorkyeran
I don't understand how this comment is related to the submission in any way.

~~~
Avamander
The ban is because those browsers are "hard to fingeprint as safe".

~~~
rozab
Surely more obscure UAs are much easier to fingerprint?

~~~
Avamander
That's why the quotation marks, I don't believe it either.

------
mirimir
I don't get why this matters.

I mean, why would anyone who goes out of their way to use a "niche browser"
even have a Gmail account?

Edit: My point here is that Google is so invasive and fundamentally hostile to
privacy that using it with anything more secure than Firefox seems futile. And
if you love some niche browser so much, go for it. But use Firefox for Gmail.
Or even better, use Thunderbird.

~~~
AlchemistCamp
I use DDG app as my primary browser on mobile and I have a Gmail account. I
like both for their ability to limit the amount of interruptive advertising I
have to deal with.

~~~
mirimir
I don't see any advertising anywhere.

Except using Tor browser, which doesn't block ads.

