Ask HN: How can you trust non open source, third party email clients?
I might be over paranoid and correct me if wrong but as far as I understand, almost all the email clients out there either store your credentials or the access token to be able to send you push notifications for new emails.
Once they have the credentials/token, they have full control over your emails, what happen if they get compromised or they leak your data? Even 2FA will not protect you in this case since you already give them the auth token after a successful 2FA auth, or a specific app password.
Considering the email is used to reset almost all other accounts passwords, how can you trust a third party email clients? Am I missing something? Thanks.
17 comments
[ 0.17 ms ] story [ 51.2 ms ] threadHow can you trust any app that has access to your data?
For G Suite (personal) - I use gmail web client.
For Office 365 (work) - I use Outlook.
For my own mail server - I use Thunderbird or forward to gmail.
First party = me
Second party = Microsoft
Same with gmail client.
How do you trust every line of an open source package without auditing it yourself?
In your hierarchy of risk/trust, this one is pretty small.
Can you prove that you exist?