Back when it was announced, several people brought concerns up with the supposedly open AMP project, and they were closed or locked, and the head of AMP blocked us. During that time, we found out that while AMP was supposedly "open", Google teams such as Gmail and Search would implement it however they wanted, and that no open governance would impact them at all. In essence, the idea that it was open was only so far as Google would also like you to implement whatever Google was already doing.
It seems unsurprising that joining a project with the purpose of stopping it would fail. Wouldn't that be the case with any open source project? The goal is that people who want to work on a thing together can collaborate, not to come to agreement with all the other people who hate the whole idea?
They do, but it's also common for some major players in an industry to form an organization to standardize something and for other players (who disagree or don't care) not to join.
In the end, it's about market acceptance. If few people use it, it's likely that Google will eventually cancel it.
> People are not forced to use Google Search of Gmail.
I think the GP misspoke. It's more accurate to say that people are forced to use Google products. Even if you use DDG and Fastmail there's no escaping reCaptcha, AMP, and Google Analytics - unless you want to limit yourself to only a few websites.
I don’t think so. I think GP used the term monopoly when oligopoly would have been more appropriate. I use the term oligopoly but it’s quite common to say monopoly because it’s a very similar thing. Also Duck Duck Go is not comparable to Google Search or Bing.
But the AMP infection has spread to those as well. Well, DDG at least. I had to stop using the "news" tab on DDG because of the high percentage of results there that are AMP links.
Do you know what the word monopoly means? It comes from mono- meaning one. So if there are alternatives, there isn’t one option, therefore, it isn’t a monopoly
Google doesn't have to be literally the only search provider to have a monopoly. It just has to have virtually all the market share (it does) and high barriers to entry (it does). Microsoft had a monopoly on operating systems in the nineties, despite the existence of other OS's.
Don't have to be pedantic about it. Google is big enough and controls enough marketshare that it can be considered a monopoly. Especially when it rolls out something like 'AMP' that eventually causes others to follow suit to support it.
Nobody's "forced" to use it. Users can turn off AMP in Gmail, and email authors can continue to just use HTML emails if they don't like AMP. HTML emails will continue to display in Gmail just fine for the foreseeable future.
Even if they wanted to, Google couldn't kill HTML in Gmail without breaking a huge number of emails for their users. AMP adoption would have to be near universal before they'd even consider something like that. Gmail, for example, still supports plaintext email just fine even though HTML has been supported in just about every mainstream email client for years now.
> During that time, we found out that while AMP was supposedly "open", Google teams such as Gmail and Search would implement it however they wanted
Reminds me of the doc/xls formats with the difference that those were proprietary and become (controversially) open as a response to the standardization of the odt/ods formats
The problem with monopolies is that nobody else has a choice. If Outlook or Yahoo were to fail to adopt the proprietary Gmail standard, they would eventually end up incompatible with the now-proprietary format of email. Whilst AMP4Email can fall back to HTML, the reality, as with text-only emails after HTML, that many providers will not bother sending multiple formats.
Your team has repeatedly refused to address criticisms of AMP from users and the community at large, and continued forward with a program that nobody wants[1]. There's still no way for someone to opt out of AMP as a whole except to use a search engine that doesn't support it, and Gmail seems to lack an AMP switch in settings, so I'm guessing you currently have no plans to let Gmail users escape it either.
... Microsoft and Yahoo think it's a good idea and want to support it. There's no particular reason email needs to sit around in the gutter while the rest of the web gets more multimedia and more performant.
> sit around in the gutter while the rest of the web gets more multimedia and more performant
I (sincerely) appreciate reminders like this of just how much online opinions and experiences vary.
My sense of the last few years of web changes is that performance is mostly a product of script-blocking or AMP-degraded functionality, and new multimedia is mostly a user-hostile attempt to boost revenue. Whether it's five-point stories broken across five page loads, Reddit's "use our app" links breaking in AMP, or Techcrunch's insane scroll-down-to-redirect-to-homepage layout, the last ~3 years of web development are full of changes I find actively negative.
I understand the fight over something like AMP for email much better when I remember how far from universal that is. It's not really a surprise there's so much disagreement over what to do next when there's this much divide over what's working well at present.
AMP seems less like a response to 'the web is slow' and more a response to 'people who are tired of slow websites are using content blockers so we need an alternative so they don't block our ads'.
Some HTML in email is fine, I would say the subset that can be expressed by markdown. Making text bold, italic etc should be possible. The real problem I have is how limited email HTML/CSS and email clients are compared to the web, so that every "rich" email will use table layouts that render terribly on mobile.
That ship sailed the moment it got named email, leading people to think of it as an electronic form of mail, and so to expect that eventually it could be used for any documents you would send by mail.
With mail, I can send anything I can print or handwrite on paper, which includes text in multiple fonts, graphics, charts, tables, in a variety of colors. I can also include anything that fits in the envelope, so I can include files on floppy or disc or memory card or a thin thumb drive.
Sure, earlier email systems could not handle anything more than plain text, but because it was called email many people assumed that was just because common computers and displays didn't have the capability to handle more.
Once the GUI became prevalent for home and office computers, rich email was inevitable.
In retrospect, if the people who designed the earlier email systems had wanted the restriction to plain text to be a design goal, rather than just a consequence of the technology of the day, they should have named it etelegram to make it clear.
There's been rich-text email since (at least) 1980 and by the mid- to late-1980s there were many competing efforts: CMU's AMS, BBN's Diamond/Slate, NeXT's NeXTMail, and probably several others.
I'd go so far as to argue that the parent's reaction -- "email should be plain-text" -- is exactly why the horrors of HTML are what we have today. No one adopted any of the better alternatives out there and then Netscape -- a web browser, after all -- hacked in HTML mail, and "worse is better" won the day yet again.
Technically email is plaintext, though for the definition you aspire towards, it was in the early days. But then various RFC's added this and that and now email processing/sanitisation is scary.
But then email is one large unsanitized input that has so many rules to be applied, what could go wrong.
That's why email attachments alone are an utter MIME-field when it comes to security.
Not seen that, watching now (about half way thru) and nice to retouch upon a feild I've not working in for many years and seeing how not much has changed. Equally a little depressing, to see the same types of problems 10 years on.
I'm guessing the point you're driving at is "these things obviously aren't on the web, so this is wrong"?
The web is an abstract information space that can contain arbitrary links between objects. The web isn't something you load in a browser, it's a way of organising links between things. So, yes, you can link to books, movies, etc. Anything with a URI.
You might be interested in this early document about the World-Wide Web:
If the definition of the web is "anything addressable via URI," then the definition of the web is no longer useful. I can imagine a URN scheme for every atom in the universe. Welcome to the web -- you're soaking in it!
More seriously, I think that -- if pressed -- I'd say that the identifiers are on the web, but the things are not. Other than that, I believe we would agree???
That said, the origin of this discussion is in relation to Google's launching of AMP for e-mail. The justification was that e-mails are on the web, so it's OK to use AMP to push them forward. A better viewpoint, though one I disagree with, relates AMP to being a better mode of HTML. (As opposed to one of the Web.)
Yet still, without a webmail client (a client that specifically takes an offline protocol and puts it on the “web”) email would not have a URI. You an “link” to a mailbox, but not create a particular mail with a particular identifier then later retrieve it with that same URI. The URI identifies the users mailbox, NOT their mail.
> There's no particular reason email needs to sit around in the gutter while the rest of the web gets more multimedia and more performant.
"The rest of the web" is the ad-laden, tracker-infested, bloated gutter of the internet. Email is (was?) a little morsel of the old open internet (along with RSS/podcasts) that has not yet drowned in the morass.
More performant then text? What are you comparing it to smoke signals FFS?
And let me see if I understand you correctly, you _WANT_ multimedia in your emails?
What is the point? To send miniature versions of web-pages?!?
Google is looking for alternative channels to sell ads through. Adding more complicated media to email increases the type of ads that can be sold. It won’t be right away, but it’s coming.
As their users spend more time with voice assistants and less with search result pages, Google needs to make up for those losses somewhere else. If they don’t, their revenue growth will end or invert, the stock price will drop, and the amount of money they can pay all of their employees will significantly decline.
For all of the messaging platforms Google tried to build and messed up, it is a real possiblilty that Google could end up killing Gmail through management screw ups.
I favor this view of outcomes. The backlash caused by AMP in the first place was loud, but small. More people seem to be catching on with the negatives of it... AMP for email may not be the downfall of Gmail, but it opens new decision pathways that could be very harmful for the platform, such as inserting ads into private email conversations.
Ads are easy to block, even with this development. The delivery may have changed, but not the how to. Blocking ads at the DNS level is always effective. I enjoy the cat and mouse game with the ad companies. It's always interesting to see how the adblock guys do their thing. Employing a Pi-hole has been one of the best decisions I have made in regards to my own network. Couple the Pi-hole with uBlock Origin, Privacy badger, Decentraleyes, and a few other tweaks, and you get the WWW the way it was intended to be: content only.
I am unapologetic about blocking ads, beacons, cookies, trackers of all kinds. My computer, my rules. Just as I'm not required to look at roadside ads, and I don't, I refuse to allow my network to become compromised to give someone else another BMW. Running a website is the cost of doing business. If you cannot afford the domain name, bandwidth, etc., choose another business model. Ads were and are a horrible business model. I haven't seen an ad in literally years. I plan on keeping it this way.
Can still block them with element blockers. Elements are quickly cataloged, added to block lists and shared. Happens in mere minutes. A lot of this is automated, but it can be hand curated as well for some that were not noticed or perhaps new. An entire "industry" exists to keep the web clean. uBlock Origin does a fantastic job in this regard. In fact, it's one of the only methods that kills adblock blockers. I've not seen a successful adblock blocker since using it. It kills them dead. No more nag screens. Nothing but a clean content-only website, as nature intended.
There are some very smart people in the blocking arena. Since most of this stuff is delivered via JS, it's fairly trivial, at least at the moment, to handle same-domain ads. The game may change in future, but the adblock people usually prevail.
One idea I have if the sites start outright blocking blocking users, is to sort out how to write the ads to a form of /dev/null while making the site think they've been shown. I used to do this with Flash cookies/LSOs. I wrote them to /dev/null so I could take advantage of Flash back when it was a thing, yet have no LSOs on my machine to track me. Coupled with referer blocking, history blocking, no fingerprinting, and other settings, it worked a treat.
I'm willing to bet that if we cannot "block" them as part of the domain, we can sort out a way to block the element, shunt the ads into the bit bucket and continue on our merry.
>One idea I have if the sites start outright blocking blocking users, is to sort out how to write the ads to a form of /dev/null
I think several dns-based ad blocking programs can do this today, but so far I have not had a problem with returning NULL address (0.0.0.0). Pihole talks about the pros and cons of common approaches: https://docs.pi-hole.net/ftldns/blockingmode/. One downside is you have to run a webserver to catch the redirect and all the overhead that comes with it.
None of those "Advantages" were advantageous to the end user. This only benefits Google or other corporations, and anything that benefits them harms me.
With respect, "anything that benefits corporations harms me" is a weird attitude.
AMP in email could, hypothetically, allow me to hit the "checkin to my flight" button for a Southwest flight directly from my confirmation email without having to bump over to their website. That's cool, convenient, and simplifies my life. It also benefits the corporation (their resource allocation is easier if they have a firm count of flyers) and it benefits Google (I'm more likely to use an email client that facilitates this).
The business world is full of win-wins, and this has the potential to be one of them.
That’s theoretically possible now if not actually implemented already. AMP in the email isn’t going to automatically make this possible. The SWA devs and the Delta devs and the AA devs and the Alaska devs and the Northwest devs, ad naseum are all going to poorly implement their version just as poorly as their REST version (if they have one). The implementation mechanism isn’t really going to improve the experience. It will just be something different that is broken or slow.
Let me introduce you to Actions and Highlights, which do exactly this without leaving the email UI. AFAIK Gmail has the best (only?) support for them, but anyone could support them.
It also allows for even more invasions of user privacy. We’re already tracked like tagged coyotes, so where does it stop? Obviously, not when users say so, because we can’t afford the lobbyists and lawyers that industry can.
So now we just have to lie back and think of profits?
What an incredibly bad example. Many airlines already include a link for a one click checkin. They already induce people to checkin (southwest for sure) with boarding priority based on checkin time.
You’ve perfectly summed up AMP for email with a use case that’s already been solved by a simpler technology that nobody has complained about.
Email has in some ways sat around in the gutter but media reasons are not why. The protocols are insanely complex and archaic and you need about 20 bits of software to actually run an email server. And then its all completely insecure because email was never built with end to end crypto.
imap is so insane that every email provider reinvented it to have a sane api for their web client and app. Fastmail also created JMAP to have a standard json api for email.
>There's no particular reason email needs to sit around in the gutter while the rest of the web gets more multimedia and more performant.
No technology has angered me more in the last few years than AMP. I have literally switched my main search engine just so I don't have to deal with AMP.
At no point have I ever appreciated AMP. It has only been a disadvantage.
How could email possibly be more performant? Its just a few blocks of text. I click on the email and it loads instantly because its already downloaded.
How long until the sender’s ad targeting subcontractors know you read it?
How long until they can act on that information to manipulate you into sending cash, voting to sabotage the government, or otherwise act against your own interests?
With static email, all of these latencies are in the days, or at least hours. With amp email, it can be accomplished in 100’s of milliseconds.
Google doesn't have a monopoly on email. Check your (personal) inbox - I'd bet the majority of emails on the first page are not from Gmail users but rather from various companies and organizations. Even among individuals, while many people get their email from Google, the most popular client (which is what's relevant in this case) is the mail app on the iPhone. Microsoft and Yahoo still have decent market share as well, though much less than I thought before I started writing this with 12-18% between them according to my not-super-rigorous Google search.
This effort destroys half of what makes email useful. I know that moving forward, I won't accept amp emails. If anyone sends me one, I'll just have to tell them to please send me a plain-text copy if they really want me to see it.
On the plus side, this could make spam much easier to detect: if it's amp-based, then it's most likely to be spam.
> if it's amp-based, then it's most likely to be spam.
Which is particularly funny because amp URLs have also become a major tell for spam. Want your sketchy sign-in page to come from a legitimate-looking domain? Just set it up with AMP and all the "check the pre-.com URL" rules people know will completely fail them!
I wonder if AMP for email will produce the same hell of broken redirects that it's created for webpages?
At smaller firms, IT security training often consists of sending phishing emails, and trying to get employees to somehow navigate the (literally) dozens of TLD’s that outsourced company functions use for official company business.
I get the impression most industries are moving this way (by outsourcing everything they possibly can to *aaS).
There’s probably a depressingly large and profitable industry waiting to be invented by the person that solves that problem.
From what I can tell, AMP email is a step in the other direction: run JS and active content as the email loads, presumably from an unauthenticated sender, and no https padlock that users already understand.
Yes, I disallow HTML as well. Well, technically, I don't allow HTML to render. If the email is important, then I'll read the HTML source myself and extract the parts that are important.
No, I actually use Thunderbird. I disallow HTML for security reasons. It lets me avoid having any remote resources (such as images, etc.) load and eliminates the possibility of any sneaky JS or somesuch executing.
You don't need to disable HTML for that. Thunderbird blocks remote content in HTML by default and only displays images embedded in the email.
Isn't the tracking pixel mostly snake oil since it mostly tell if the user use gmail (preloading images) or an email client that block remote content by default?
And in 9-12 months, HTML fallback will become optional for senders who want to "optimize" their content. And to prevent "inconsistent user experiences, which are causing user confusion."
Senders can include or not include any MIME types they want; that's just how email works. Though it seems unlikely they'd skip HTML fallback, since not every email client connected to Gmail is necessarily going to support AMP.
I guess that the HTML fallback is not cost free to create. I bet that some of them will be links to the website, like the "read this message on the web" links that are almost the only fallback we have from complex layouts now.
That's what the specification says they should. Just like HTML emails should not have an empty "text/plain" as an alternative to their main "text/html" content, but some mailers do that anyway.
And I do mean empty, not absent, so MUAs don't even try to convert the HTML to plaintext.
Or sometimes, the plaintext version is buggy, eg. because the mailer forgot to remplace {{template variables}}. Or because it sent a boilerplate text. Or the content of a mailing that was sent years ago. (All of these are true stories, I got emails like these.)
The conclusion being that if some format (AMP, HTML, ...) becomes prevalent, developers will stop caring about other formats.
The future of email should be a deprecation of email. Email is an archaic system, where different clients implement their own versions of rendering or sanitizing email. Some platforms don't even include proper email headers. Now there's this 'AMP' that's being shoved up our throats. Not to mention the nuances around deliverability like spf records and dkim. There's also the issue of spam.
I'd love to see email go away and more modern messaging platforms take its place. Having worked on apps and platforms that work with and parse email, email is not the future.
Having different clients is probably an anti fragile mechanism of email. It literally helps keep it around and mostly working.
I think the single worst thing to happen to email is the consolidation to so few vendors, ironically. This move is not changing my view. Does make me think heavily of ditching Gmail as a client. I was using emacs, but can't with advanced protection turned on. :(
I don't disagree that there's room to move away from email, but how do the current crop of messaging services promise to overcome the problems you mentioned? They all seem as varied in their implementations as you suggest email is.
I'll also add that I think if something were to replace email, hopefully it would incorporate the slow response expectation of it. IM etc usually implies an expectation of an immediate answer; the length and expectation of not receiving an immediate reply afforded by email is immensely valuable.
I'm worried that if email gets deprecated, it will be deprecated by a proprietary service because it's more convenient for users (or worse: several incompatible services, most of which proprietary).
Like IRC mostly got replaced by Slack and Discord.
I really don't want to go back to the days of having multiple incompatible mail systems. The fragmented instant messaging landscape is terrible enough as it is.
> while AMP was supposedly "open", Google teams such as Gmail and Search would implement it however they wanted, and that no open governance would impact them at all
And that's exactly how any open standard works, isn't it?
Or were you expecting that some standard board would have power over Google (or any other company) and be able to dictate how Google (or any other company) can implement the standard or not?
Your statement is overly broad, open standards bodies certainly can and have shaped how Google and others implement things, and will continue to do so. Standing up an open standards body in itself does not create pressure though it has to be stood up with backing by different groups with vested interest in guiding the design. This is where the AMP open standards group failed.
Users of AMP do not necessarily have a vested interest in the design beyond "I'm able to use it if I want". This is e.g. the difference (or at least was for the last ~decade) between mail.yahoo.com using a web feature vs Firefox/Chrome/IE/Safari implementing a web feature.
How about this then? There are members from Microsoft, Twitter, and Pinterest on the project's technical steering committee: https://github.com/ampproject/meta-tsc
This is not new information, it just brings us back to where the conversation started. I'm not pointing out that there wasn't an open standards body or that big name corporations were not part of it I'm pointing out none of these had/have a vested interest and bigger control of the implementation beyond how it is consumed.
You don't think engineers at major companies using the standard have a vested interest in how it is designed? Even considering that those engineers are on a committee whose entire purpose is to influence the design of the developing standard?
Individual engineers may or may not, those companies however stand to make no change in margin by agreeing or disagreeing with Google on how the AMP works behind the scenes.
There are number of different definitions for "open standards". Requirements for open standard often include restrictions for the process and completeness.
such as:
* Further development must be open for anyone to participate in
* Further development must be open for anyone to view
* Technologically mature standards must be implemented by
multiple vendors or an open reference implementation
You're absolutely right. Those are key elements for the developments of open standards!
Is it perhaps possible that "further development" in this context refers to development of the standard, and does not come with any notion of open governance of implementation?
It introduces new ways for senders to revise history after an email has been sent. Sent an ad claiming that you had a given price for a full week, and then decided you didn't want to sell it for that anymore two days later? Handy that you can remove all evidence of your advertisement after you sent it.
It also introduces an entirely new playground for phishing scams, which I think you'll see using an abundance of new tricks, after Google has extremely unwisely made users comfortable entering data into emails they receive.
The head of the AMP project threatened to "enforce the CoC" on people who brought up these valid concerns.
I was under the impression that those kinds of tricks already happen with today's technology.
Advertisers will put the advertised price in a hotlinked image served from a server, and they will both (1) use the image being fetched as a proxy for the email being downloaded/opened/read, and (2) change the contents of the served image after-the-fact. ("Save this email and open it every day this week for a new deal" and other horrors.)
Alphabet's Code of Conduct can be found at https://abc.xyz/investor/other/google-code-of-conduct/ . I'm pretty sure "all our users" is intended to include advertisers and rightsholders (like music labels, movie companies).
I don't have any inherently issue with CoCs, though I find it irritating when threat of "enforcing the CoC" is used as a method to silence legitimate, reasoned criticisms.
I'm curious what the implied violation was, if only for the benefit of other people thinking about CoCs.
The "What We Believe" section certainly has lots of open-ended language; it's quite easy to declare any unwelcome criticism 'unconstructive', or any dissenting views 'tactless'. But the "Don't" section is quite a bit more concrete, and mostly wouldn't apply. Was the implication that "this is a fundamentally bad idea" counts as "derailing" or "unstructured critique"?
true, I initially missed the final response & only noticed it now when I linked the discussions. It is a bit disappointing and follows the common "wait until it cools down & give a non-response" pattern. But it's actually more than I expected.
A response like this shows that they really were in a bit of a blinder there for a sec :)
> It introduces new ways for senders to revise history after an email has been sent.
Why can't you just set your email client to archive every version of the message that you see? It wouldn't even take up much extra space, since it would just have to store the JSON responses.
Are you imagining that someone other than the original recipient might want to verify the transcript? Unfortunately there's no way to do that with existing protocols; we would need something like TLS-N [1].
They can only hit a JSON endpoint in the same DNS zone (eTLD+1) as the sender's email, e.g. if the email is from sender@mail.example.com, it can only hit endpoints on example.com and its subdomains.
> The email client strips out the text/x-amp-html part of the MIME tree when a user replies to or forwards an AMP email message. This is why it is important that an email provide alternative content in the HTML part.
If we're talking a vendor actually altering their offers, it's in their best interest to do so generally. They don't want a civil lawsuit for false advertising to get to discovery where they'd be compelled to answer questions about their process.
Why not have replace email with a Merkle Tree, and also kill off the DNS federated system that makes you have an arbitrary choice of provider?
For that matter, why have human-readable addresses? That only leads to abuse. If you want to share an address you already know, you can copypaste it, use a QR code and so on. If you REALLY want to say it verbally, then simply list it on a search engine of your choice. DNS is a glorified search engine.
Depending on where you live, you could claim the ad was binding, but now you have no email to refer to. You could probably make a screenshot, but OP has a point
Emails already support updating by including external image references inside the email.
AMP for email makes json requests proxied by the email client. Your client can decide to only make these requests once and then keep them stable or to show you a version history of the state of your email upon every time you opened it.
> Emails already support updating by including external image references inside the email.
I think this is not comparable. If an email links to an external image, the external image is not the email, it's a link and behaves as everyone expects a link to behave. The email itself is immutable.
This may seem to you like hair-splitting, but I don't think it is, since blocking external images is a common thing for people to do anyway. Doing so doesn't make email useless.
I realize you're arguing in the opposite direction, but removing mutable web history is one of the biggest justifications behind the push for IPFS and DAT.
At this point, I’m convinced google are actively harmful to the internet.
Trying to centralise as much of the internet and how people interact with it under their control is dangerous and open to widespread abuse - and this is already happening.
See:
YouTube demonetisation
YouTube content ID abuse
Chrome extension changes
Gmail is already completely broken on IMAP unless clients throw in google specific workarounds, and now they’re moving on to break the next layer of email too.
- a major way of embedding web fonts (Google Fonts)
- a hugely successful cloud document suite (Google Docs)
- a safe browsing service, making them effective gatekeepers of what can load in Chrome (Google Safe Browsing)
- an ever growing system for schools to manage assignments (Google Classroom) - this one particularly concerns me because paired with Chromebooks, it brings kids into an entirely closed Google ecosystem very young
"Each site you visit is checked against the Safe Browsing list on your system. If there's a match, your browser sends Google a hashed, partial copy of the site’s URL so that Google can send more information to your browser. Google cannot determine the real URL from this information." -- https://www.google.com/intl/en/chrome/privacy/#safe-browsing...
There's no way Firefox would be ok with sending all their user's visited URLs to Google.
Is there any alternative to reCaptcha? As I understand, it's the only system that works well against most spammers, is free to use and easy to integrate. I'd be happy to switch to another provider but haven't found anything remotely as easy and effective.
reCAPTCHA is a terrible thing for the web, in my experience. It is user hostile. It only gets used on websites because it is easy to set up. But really, the only reason someone would use it is because it is cheap and easy. There are much better options available that are less user hostile.
Akismet is a third party service that works really well. You send data there with a HTTP POST and it will reply with a yes or no, it is spam or not spam. It is not that hard to implement. You do have to be aware that you are sending user data to that service, which you have to mention in your privacy policy.
Stop Forum Spam is a similar third party service. You send it an ip address and an email address. It will reply on both items if it is spam, together with a confidence level. Quite interesting way to reply :) It is originally intended to fight registration spam, but you can use it for comment spam or contact forms as well.
JavaScript spamfilters can be very usefull. Most spambots do a HTTP GET for a page with a form. They fill in all the fields and submit it with a HTTP POST. They don't run any JavaScript on that page. You can have honeypot and timeout fields on a form that get manipulated by JavaScript, and spambots will not validate. Works really well, and all transparent to the user. The only "risk" is that in the future spammers might start using more sophisticated spambots, like using Electron or Chromium. I implemented spamfilters like this in a WordPress plugin and it works really well for me: https://wordpress.org/plugins/la-sentinelle-antispam/
Making your own works fine, even if it's a simple "type these words". On HN I see enough articles about breaking reCAPTCHAs with (claimed) 90% accuracy and I know spammers also employ humans. You can't make the perfect CAPTCHA, but anything custom will almost certainly do. For smaller sites it's also perfectly fine to just include a few "are you humans?" type questions to which people should reply "yes" or some other obvious answer. Having to spend development effort just to flood you with messages is probably not worth it. You will still get the one-off message when the CAPTCHA was solved by a poor worker anyway.
My knowledge is a year or two out of date (haven't hosted forms in popular websites anymore), but it doesn't seem like this could have changed that rapidly. Bots don't suddenly understand English, and neural nets aren't much better or worse at word CAPTCHAs than picture CAPTCHAs. It's just that Google didn't need books anymore.
I do still host a bug report form on a smaller site, and that just filters <a href, and more recently, http://. If someone enters that, the site gives the helpful message that http is not allowed for spam reasons and they should use hxxp:// instead and that I'll understand what they meant. Haven't gotten any spam since I started including that.
The cases where reCAPTCHA is a good idea are really rare. Logins can be solved with exponential back-off, forms can use spam filters similar to email and a simple CAPTCHA to catch the vast majority. With reCAPTCHA, I often spend minutes solving the because Google has no other markers to go on (deleting cookies, localstorage). I used to not mind them when other people were all complaining about those word CAPTCHAs (I found them easy) but now reCAPTCHA just take your time instead of your reading skills and they're absolutely awful. It rewards not using privacy technologies in your browser and so a lot of laymen don't experience the issues. Please don't use reCAPTCHA if at all possible...
News to me doesn't seem that popular of a news mechanism but the others are extremely widespread. With maps you have Apple Maps but that's a bing-tier competitor.
Would you argue they should be broken up? Asking honestly, I don't really have a strong opinion. On one hand, I don't like the idea of punishing companies for their success. On the other, the barrier to entry has become too high for anyone to make a dent, giving them alone effective control over whether or not your company succeeds.
Google wields too much control and is forcing the evolution of technology to further their grasp. They reach into every sector of technology, and every play they make deepens their moat.
Look at how fast they spin up new products to see if they can claw into a new space. They move mountains if they sense they can grapple something new, and if it doesn't work out they tear it down without considering the users. It isn't about the individual - they want total control.
Google is 90's Microsoft's Embrace/Extend/Extinguish executed to perfection.
(See my thread from yesterday [1] where I argue these points as they pertain to the app store.)
I'm going to talk with my local lawmakers. I don't know what leverage I have, but I'll be damned if I sit on the sidelines.
> On one hand, I don't like the idea of punishing companies for their success.
For better or worse, this is how it has to be for the market economy to function well in a society. A company can be successful up to a point - they cannot be allowed to win. The victory every for-profit entity seeks - permanent domination and monopolization of their market - is something potentially disastrous to society at large.
>The victory every for-profit entity seeks - permanent domination and monopolization of their market - is something potentially disastrous to society at large.
OTOH it's like a standard that you can build upon if it's foundational communication infrastructure (channels, touch points).
This means that stability on lower levels facilitates competition on higher levels. As long as nobody is excluded it's not problematic. It shouldn't be allowed to scrap services users depend on though, this would be a good organic regulator.
Standards like these may be proposed by a single entity, but they're not controlled by it.
The problem with amp4email isn't that it makes everyone part of Google (though I'm willing to bet it'll ultimately imply all MUAs will end up having to embed Chrome engine). The problem is with Google using its near-monopoly position to push a "standard" that makes e-mail serve its users less, and serve companies seeking to exploit those users more.
The problem with Google is not their success, the problem is that they both have and abuse monopoly power. If they don't want to get targeted they shouldn't abuse it.
I think there's a far more beneficial alternative that doesn't have the effect of, like you mentioned, punishing companies for success. Instead of trying to break up the biggest players which tends to ultimately just result in them reforming, officially or not, instead create rules specifically designed to make it vastly easier for smaller players to succeed. There are a countless number of ways to do this.
The network effect "free" user generated content platforms (YouTube, Facebook, etc) are the low hanging fruit here. The reason they have sustainable monopolies is because they have exclusive use of the user generated content on their platform. This is really easy to fix. Require that companies beyond a certain scale (1 million users perhaps?) that make user generated content freely available default to free use + attribution licenses for that content, unless users specifically opt-out on a per piece basis. And furthermore mandate that companies provide a means of easily accessing said free use content, such as through an API. Also require that users be able to 'remotely publish' content to the site again, through something such as an API. And finally prohibit companies from censoring discussion of competing sites except in obvious cases of abuse such as e.g. automated spam.
There - problem solved. Now you can create an e.g. Facebook competitor where people can keep their exact same friends (and even talk to the ones still on Facebook) except gain whatever benefits the new platform has to offer. Similarly for something such as a YouTube competitor where now you'd be able to seed yourself with what would likely be the vast majority of the user generated content from YouTube. You might also want to add a rule that sites cannot clone content from sites smaller than they are. Again the idea is to create unique incentives for users to try new sites. You'd get access to most of the content you already have from big site + whatever unique content the smaller site offers. And, just like that, you now have created massive competition with minimal direct 'punishment' of the existing behemoths.
> I don't like the idea of punishing companies for their success.
I don't hear many people talking about punishing companies for their success. I hear a lot of people talking about punishing people for their abuse, though.
Truly independent governance of separate projects within Google at the very least, but ideally totally separate legal entities that are carefully regulated and monitored to ensure they're not giving each other preferential treatment.
If there was a shortage of competition, I would start getting worried. They are just one actor among thousands.
With power comes responsibility. Google has earned our trust with every new product they develop. If they misstep, they will hear it. In fact, they have to keep listen to keep being at top.
ReCAPTCHA is especially brutal if you aren't logged in to Google and are using Firefox. They make you do challenge after challenge after challenge and s-l-o-w-l-y fade in pictures as extra punishment. I've stopped using some sites because of it.
This is not necessarily Firefox, but because reCAPTCHA is designed to be more frictionless if Google can identify the user.
If you have their tracking cookies, if you don't use a VPN, and if you block ads (which would have more tracking cookies), Google's certainty of who you are is higher, increasing the chance that you are a human.
Firefox's default settings, especially with the new Content Blocking features, are enough for reCAPTCHA to be less sure you're a human, and try to make you prove it more often.
So Google manages to sell a product (reCAPTCHA), show good intentions (bot-prevention), increase usage of Chrome (because it's a smoother experience through reCAPTCHA), and get more information on everyone.
Google seems to have intentionally tuned reCAPTCHA to punish anyone who isn't a Google customer or is blocking Google's tracking cookies. This is a win for nobody except Google.
So you think the browser choice is relevant? Sounds like discrimination of users who use a competitors product... (probably illegal).
I mean, I have noticed those harder captures too since I switched to Firefox, but I didn't realize it was due to the different browser. I thought it was just a newer version.
I use Firefox with uBlock Origin, Privacy Badger, Google Container and Decentraleyes and am not signed into Google. ReCAPTCHA is an absolute nightmare under these conditions. It's sad because there is one site I absolutely need that has ReCAPTCHA when logging in. I literally keep another browser (Opera) around with no extensions just so I can log into that one site.
I sometimes use Random User-Agent as well to resist fingerprinting; this makes ReCAPTCHA not just extremely tedious (up to about 10 rounds of sl-o-o-o-wly fading pictures) but literally impossible (it never ends).
Not really. Network neutrality, to be precise, is about not treating network packets differently based on who is sending or receiving them. It has nothing to do with what happens at the application level.
They've also completely borked up Usenet (Google Groups), including the choice to simply put big padlock on whatever zombie Usenet groups are being used for spam, making it impossible to, e.g., read the messages posted to alt.rock-n-roll around the time of Freddy Mercury's death. [1]
There's no reason we have to interact with gmail at all. The time has come for a lightweight, client-side layer on top of email+pgp providing a new social network.
The fact that so many people who otherwise care about things like privacy, freedom, and competition all flocked to gmail anyway always seemed completely bananas to me. It's like a case study in how principle (or even long term self-interest) always loses to convenience.
I'm guilty as charged. I even sought out a Gmail Beta* invite back in the day. At the time I was naive and believed Google's "don't be evil" marketing.
*I later also sought out a Google+ Beta invite. That one is harder to justify with just naïveté.
In order to avoid interacting with it at all, you'd have to check the MX records of the domains behind the e-mail addresses of every one of your contacts, and then stop e-mailing the ones who use gmail.
They've gone out of their way to become impossible to reasonably avoid.
Regulatory action is the only thing that will stop them from completely destroying the concept of decentralization on the internet.
Can you please elaborate on those IMAP workarounds? I've been using mutt with gmail IMAP for years and while the experience is hardly perfect, I wasn't forced to attempt to fix it. But if there's a way to make it better, I'm all ears! Thanks!
I started transitioning away from Gmail (to Fastmail) last fall, forwarding my gmail and using a signature asking people to update their address book. This is a good day to make the hard cutoff.
One strategy for explaining the problem to non-technical people is by comparing regular email to the walled-garden email used by some banks, phone companies, and the like--where you have to log into their website to see your 'inbox' and use a web form to send messages. It's super annoying and the other party has complete control of the communication channel.
"Dynamic email" could be implemented to inject this kludge into your email client, giving the AMP sender (who likely has more power than the user) the same level of control over the channel. Imagine opening your email client and finding a message which asks for two security questions and a captcha, then lands you in a messaging interface which limits you to 200 characters and denies basic affordances of email like archiving and forwarding.
I find the arguments that email is already mutable because images are externally-loaded unpersuasive. In 2013 Google started caching images in gmail "to protect you from unknown senders who might try to use images to compromise the security of your computer." [1] Email marketers were upset at losing engagement metrics. Now a practice that used to be considered abuse is being rolled out as a feature.
Did the same thing a few weeks ago. The original reasons were that gmail was incredibly slow in FF, and I wasn't really comfortable with Google reading my mail.
People point out that the email is read by an automated system, but that doesn't change the fact that Google is building a profile of me and selling it to advertisers.
With Fastmail there's a business model I can understand. I pay them money and they provide me a service.
The really dark side of all this is that we're quickly moving towards a world where you only get privacy if you can afford it.
Even if they stopped using the data for ad personalisation, they're obviously still scanning it. The new auto reply suggestions feature relies on that. While they might not be using that data for anything nefarious at the moment, there's nothing stopping them from changing their mind in the future.
Personally, I just feel more comfortable paying 4 bucks a month to a company that isn't trying to monetize me.
correct me if i'm wrong, but doesn't every email service scan emails? be it for spam, security, viruses. they have to scan them. i thought this is standard industry practice.
Typically, that's based on the email metadata such as the sender address, or mime types of the attachments as opposed to the actual content of the email.
The other dark side is that half of the email you send from your fastmail account will still be going to Gmail and hence can still be used by Google to build a profile of you, if they so desire.
After reading GMail's announcement about dynamic email and your position statement on AMP, I am thankful to have switched to FastMail and looking forward to remaining your customer. I'm writing to ask you not to implement AMP dynamic email. Even though you don't have a huge slice of the email market, your customers are probably disproportionately privileged and informed (they choose to pay for email...), which positions you to resist these erosions to privacy and democracy in ways that individuals can't.
More pragmatically, I see your non-support of AMP as a big feature. If you don't support AMP, companies can't as easily put pressure on me to use a communication channel where they have all the control.
As a FastMail customer and strong AMP opposer, I do understand FastMail's position that they may support AMP for compatibility. It's the unfortunate nature of the beast that most people have Gmail, and emails are hence sent under the expectation that the end user probably has Gmail. FastMail would be shooting itself in the foot to not implement AMP for Email if it becomes popular, because people expect their email service to work with the emails everyone else is sending.
However, if FastMail does add AMP for Email support, I expect them to do much more to ensure I can see the historical record of AMP data, and for them to take significant measures to ensure that user privacy is protected. And of course, that we can just shut it off.
>forwarding my gmail and using a signature asking people to update their address book.
That's why everyone should use e-mail with their own domain name. It gives you freedom to change e-mail provider whenever you want, without having to notify anyone about it.
Yeah, I switched my main domain email over to Fastmail two weeks ago (still on the free trial!). I'm liking it so far.
I just switched the MX records over, hopefully I can keep my grandfathered free G-suite account as a searchable archive for the time being (I should also back-up all the mail in there but haven't had time to). It wasn't quite organised enough for me to want to bring it over.
I'm using DuckDuckGo for search now on my home laptop and phone, Safari on my Mac and Firefox on Windows machines instead of Chrome, Apple Maps on my phone. The one thing I can't see moving off at this point though is YouTube since so much of the content I watch is only there.
To be fair. In some places at least there are regulation in place and non E2E-encrypted email is an insecure channel. The webbased inbox, mostly integrated in the respective e-banking platform is actually the most convenient and safe way to communicate with a bank. You (sadly) can't reasonably expect regular clients to know about and care to use PGP.
For OP it shouldn't be a big deal, because forwarding is just a temporary aid while transitioning from one email address to the other.
I've just about completed the move (to runbox) without forwarding and it wasn't that big of deal. Just set aside a bit of time every once in a while to update all the accounts that are still sending to my gmail account.
Eventually I'll set up a permanent auto-reply saying "this account is no longer monitored, please contact me at xxxxxxx@runbox.com".
Forwarding is definitely not just “a temporary aid.” To others, forwarding is quite transparent, your original address is the one they associate you with until you make the effort of switching
Back when it was announced, several people brought concerns up with the supposedly open AMP project, and they were closed or locked, and the head of AMP blocked us. During that time, we found out that while AMP was supposedly "open", Google teams such as Gmail and Search would implement it however they wanted, and that no open governance would impact them at all. In essence, the idea that it was open was only so far as Google would also like you to implement whatever Google was already doing.