Hacker News new | past | comments | ask | show | jobs | submit login

they can't, unless the email service gives them oauth.

and even then allowing a 3rd party to backup your emails is a very dangerous thing to do. they say that credit card is more dangerous, i say no. for credit cards you can claim fraud.

when your email gets hacked, potentially your whole digital life is gone




Then what you need to write is, "I think that unproven email backup services are a bad idea", not, "these guys are idiots because they store a retrievable copy of your email credentials" which is necessary for the service that they are providing.


what they could have done is to allow users to autoforward their emails over to their servers or something. not impossible, but i'm not their employee and i'm not responsible for thinking up business strategies for them.

so yea. not necessary


You can only archive incoming e-mails via autoforward, not drafts and not outgoing email (unless you use their mailservers, which is something completely different). If I want archiving for my e-mails, I have to give up my account credentials. You could actually do sufficient mischief with the archived e-mails, you don't need the account credentials in the first place. That sucks, but it's not their fault, this kind of service is inherently insecure.

Now, if you can demonstrate that this particular company has a particularly unsafe way of storing the passwords or the retrieved e-mails, then you're getting closer to having a valid point.


So what you're saying is that they should limit their market to those users that can successfully set up email forwarding, solely because storing passwords is bad.

Part of the service they're offering is that they'll restore the contents of your mailbox in case of accidental or malicious deletion. I have

    mail:/var/mail/associatedtechs.com/rob@associatedtechs.com# find . | wc -l
    24846
...almost 25,000 messages in my mailbox. How do you recommend that they restore 25,000 messages to my mailbox without my account credentials?


and by storing the passwords, they are putting their users at risk. and we are in an era where email security means more than anything. it means access to all your services.

they should go think about how they can design a service securely before offering it.


your argument is similar to: "it is impossible to design a bank that can be kept 100% secure from bank robbers, therefore we shouldn't use banks"




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: