Hacker News new | comments | show | ask | jobs | submit login

What's the difference between this and using an app such as Mailbox?

> What's the difference between this and using an app such as Mailbox?

IMHO, for what it's worth, this is why I would never use Mailbox.

On the HN thread for the blog post announcement yesterday, tptacek said "I don't care who the company is, or how trustworthy you think they are: avoid giving third parties credentials to your inbox."[0]

I would agree with that above statement - whether it's a company with a good reputation for security or a bad one (or even a nonexistent one), that's way too much power to give to any third party.

Remember that when we talk about security being about trust, it's not only about trusting their intentions, but also their power and ability. Mailbox has access to inboxes of thousands of people, some of whom have incredibly valuable emails in their inbox. Combine that with the number of services that use email as a means for authentication, and you have an incredibly attractive target for an attacker.

For what it's worth, I should mention that I've been working on a self-hosted product that provides the functionality of Mailbox/Boomerang, but without the privacy and security implications of using a third-party: https://github.com/ChimeraCoder/go-yo

[0] https://news.ycombinator.com/item?id=6600879

Asked the same question, but nobody answered. https://news.ycombinator.com/item?id=6601179

I mean, Mailbox literally does the same thing (editing your messages on their backend -- http://www.mailboxapp.com/blog/?p=1#javascript-now-filtered-...) and no one cares. LinkedIn does it and the Internet goes shit crazy.

I have never heard of Mailbox before, but I have heard of LinkedIn.

Mailbox is part of Dropbox

Worth noting is that they originally were not. http://techcrunch.com/2013/03/15/mailbox-cost-dropbox-around...

I've never heard of Mailbox before, but based on that description, I would never use it.

Welcome to Hacker News.

There is at least one difference: Mailbox only supports gmail, and as such only asks for oauth credentials with permissions to read from and write to your inbox, not username/password. Linkedin does the same thing with gmail (and google apps) but they also support mail services that don't have this support.

I guess Mailbox will support other email soon

More people know what LinkedIn is.

And, perhaps more importantly, people don't like LinkedIn.

Tons of people use LinkedIn...

Using it and liking it aren't the same thing. Shedloads of people here use Facebook, and a fair percentage of them would no doubt gleefully criticize it given half a chance.

And there's also tons of people who don't necessarily like using the service, but somewhat forced to for a number of reasons. I, for one, don't find the service that useful, however, most employers find it particularly odd if you don't have one.

So, you're kind of put into an odd position by electing to go against the service in this day and age. Granted, no one is putting a gun to your head and telling you to use LinkedIn. Yet societal pressures (specifically in professional circles) have somewhat made it difficult to go against the grain.

No. It's pretty simple actually. You delete your account and you say you're not on LinkedIn.

Intro doesn't have a waiting list.

In terms of access to your mail data, there is no difference. The Oauth token you grant is operationally equivalent to an IMAP password.

Nothing, and that's why I won't use either.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact