You know it makes sense, so get that Google passkey set up now.
Unfortunately you'll be guided to storing those in your Google account too, so your everyday user will still get locked out, in some ways it's worst because a lot of sites will only allow passkey recovery if you can supply a "recovery key", email confirmation is no longer enough (not that it matters if your GMail is also locked out)
> Ten years old being younger than the account had actually existed for, it is 12 years old apparently, might, you would have hoped, set off some Google alarm bells in these days of advanced AI protections, but no.
I think the larger question is why are we all (or most of us?) still using Gmail? Why can't an average person host their own email server with open source software with straightforward security upgrades instead of trusting BigCo or the latest SmallCo?
I think its fundamentally more difficult to host communications services where spam is possible and there is no auth/contact system in place before first communication can happen.
I'm not an expert in this area but from what I understand what was once novel content spam filtering is not at all novel now, there are easily trainable model strategies (BERT?) that get you to 99%.
A whitelist, auth/contact is ideal for messaging without spam and is more workable with a large federated group that can adopt an evolving open source protocol.
>Why can't an average person host their own email server with open source software with straightforward security upgrades instead of trusting BigCo or the latest SmallCo?
The average person isn't qualified to administer a server and would rather pay $1/month or whatever for a hosted solution.
Do you mean average person around here? Or average person in general?
Too many unknowns and moving parts.
Have you ever worked with the general public and computers?
The average person was wondering why their wireless router needed cables. They did not update their computers for the entire time they owned them. Somebody else ignores big red text saying this will delete everything and hits next anyway, then wonders where their photo collection has gone.
I cannot believe the average person would be capable of registering a domain and configuring their DNS to point at this simple mail server they’re running.
If somebody else is taking care of all of these parts, I am not sure they’re really hosting it themselves.
Maybe we need a new protocol and we can replace all of this? How do we get everybody on board?
Especially with all the codified footguns (or the "Tyranny of the Default" — as Steve Gibson would put it) where a lot of critical apps ship with very insecure defaults, and even a seasoned Dev that's an expert on one domain doesn't have time to muddle through the whole of man pages + mail archives + stack overflow threads for every option.
As someone who works in this space. A large org like Google often separates the feature work and counter abuse teams. The org structure leads to unintended feature consequences. It sucks when your trying to provide value to people and it's taken advantage of by bad actors.
You know it makes sense, so get that Google passkey set up now.
Unfortunately you'll be guided to storing those in your Google account too, so your everyday user will still get locked out, in some ways it's worst because a lot of sites will only allow passkey recovery if you can supply a "recovery key", email confirmation is no longer enough (not that it matters if your GMail is also locked out)
> Ten years old being younger than the account had actually existed for, it is 12 years old apparently, might, you would have hoped, set off some Google alarm bells in these days of advanced AI protections, but no.
Good god what happened to editors?
I think the larger question is why are we all (or most of us?) still using Gmail? Why can't an average person host their own email server with open source software with straightforward security upgrades instead of trusting BigCo or the latest SmallCo?
I think its fundamentally more difficult to host communications services where spam is possible and there is no auth/contact system in place before first communication can happen.
I'm not an expert in this area but from what I understand what was once novel content spam filtering is not at all novel now, there are easily trainable model strategies (BERT?) that get you to 99%.
A whitelist, auth/contact is ideal for messaging without spam and is more workable with a large federated group that can adopt an evolving open source protocol.
>Why can't an average person host their own email server with open source software with straightforward security upgrades instead of trusting BigCo or the latest SmallCo?
The average person isn't qualified to administer a server and would rather pay $1/month or whatever for a hosted solution.
Do you mean average person around here? Or average person in general?
Too many unknowns and moving parts.
Have you ever worked with the general public and computers?
The average person was wondering why their wireless router needed cables. They did not update their computers for the entire time they owned them. Somebody else ignores big red text saying this will delete everything and hits next anyway, then wonders where their photo collection has gone.
I cannot believe the average person would be capable of registering a domain and configuring their DNS to point at this simple mail server they’re running.
If somebody else is taking care of all of these parts, I am not sure they’re really hosting it themselves.
Maybe we need a new protocol and we can replace all of this? How do we get everybody on board?
Especially with all the codified footguns (or the "Tyranny of the Default" — as Steve Gibson would put it) where a lot of critical apps ship with very insecure defaults, and even a seasoned Dev that's an expert on one domain doesn't have time to muddle through the whole of man pages + mail archives + stack overflow threads for every option.
As someone who works in this space. A large org like Google often separates the feature work and counter abuse teams. The org structure leads to unintended feature consequences. It sucks when your trying to provide value to people and it's taken advantage of by bad actors.