Tell HN: Google removing Gmail access from IFTTT

[+] joefkelley|7 years ago|reply

Context:

In ~July 2018 there was some outcry because Google was "letting third parties read your emails" (e.g. https://www.cbsnews.com/news/google-reportedly-allows-third-...). Of course, these were all explicitly installed by users who gave these apps access. But somehow people were mad anyway - maybe users shouldn't be given the option to make choices they don't understand?

Anyway, as the message mentions, Google announced new requirements for these apps on October 8: https://cloud.google.com/blog/products/g-suite/elevating-use...

Apparently, IFTTT (which does personal automation, integrating with many third parties), does not comply with the new policy.

[+] o10449366|7 years ago|reply

> Of course, these were all explicitly installed by users who gave these apps access. But somehow people were mad anyway - maybe users shouldn't be given the option to make choices they don't understand?

It's interesting to see the difference in attitude on HN towards Google and Facebook. Many readers on HN shared the media's outcry when it was "revealed" that Netflix and Spotify were given read/write access to users' messages if they had authorized those Messenger plugins/platforms. I'm not attacking your position--I wholeheartedly agree with it--it just seems like there's a double standard on HN when it comes to certain tech companies.

[+] mappu|7 years ago|reply

If your addon works entirely locally, you only need to be "verified as non-malicious software", but if there is any network component then you need the "full assessment" from an independent 3rd-party auditor:

> The assessment fee is paid by the developer and may range from $15,000 to $75,000 (or more) depending on the size and complexity of the application. This fee is due whether or not your app passes the assessment

[+] londons_explore|7 years ago|reply

The missing detail here is the policy requires a third party audit which is expected to cost ~$100k.

Most small startups won't think that's worth it.

[+] unknown|7 years ago|reply

[deleted]

[+] canada_dry|7 years ago|reply

> ...explicitly installed by users who gave these apps access. But somehow people were mad anyway...

Yah, and we know that 99% of folks just next - next - next when installing everything on their phone, laptop, console.

So many apps want access to stuff that isn't obvious (e.g. games that want to access your photos, emails, and msgs) though most people skip the alerts when installing.

[+] jakelazaroff|7 years ago|reply

> maybe users shouldn't be given the option to make choices they don't understand?

Not sure if this is meant ironically… but no, they definitely should not.

[+] chii|7 years ago|reply

[deleted]

[+] tyingq|7 years ago|reply

What's funny is many of these IFTTT integrations appear to have been written by the Google Gmail team themselves.

Like this one, for example: https://ifttt.com/applets/jMfVncBv-press-a-button-to-quickly...

[+] soylentgraham|7 years ago|reply

That's not an integration, just a task/applet.

[+] flocial|7 years ago|reply

Here's IFTTT's statement:

https://help.ifttt.com/hc/en-us/articles/360020249393-Import...

[+] deanclatworthy|7 years ago|reply

A little odd statement. I am in no doubt that it would require "massive back-end & infrastructure changes" as they point out, but this is the business model for IFTTT. They integrate these services as doing it yourself is a pain in the ass.

[+] miki123211|7 years ago|reply

And now I will have to write my own thing with imap suport, find a place to host it, integrate with Dropbox's API etc. Thanks, Google. I think I'm seriously moving out.

[+] gerardnll|7 years ago|reply

When you register an account in Facebook it tells you to connect your Google account to check for the confirmation email. There's no button that says 'no thanks', it kind of makes you think it's the only way to go forward. I don't want to know what kind of information they scoop out, but I guess, all that they can. It's incredible. But here, IFTTT is the problem... I'm pretty sure they don't care about your emails.

[+] aboutruby|7 years ago|reply

More info on the reddit threads:

- Main one: https://www.reddit.com/r/ifttt/comments/b3umeo/gmail_is_bein...

- Alternatives: https://www.reddit.com/r/ifttt/comments/b3zv1z/alternative_t...

[+] matb33|7 years ago|reply

I got the exact same email but substitute IFTTT for Gmvault, which I use to make backups of my emails.

[+] gmvault_unnn|7 years ago|reply

Yeah, there's an issue with a few comments already: https://github.com/gaubert/gmvault/issues/335

[+] crazygringo|7 years ago|reply

Will IFTTT update to comply?

Also, does this prevent sending emails to my Gmail, as opposed to reading? That was what I used the most.

[+] istjohn|7 years ago|reply

No, IFTTT doesn't intend to update to comply. See: https://help.ifttt.com/hc/en-us/articles/360020249393-Import...

[+] GuB-42|7 years ago|reply

Gmail is just another email address. So no problem sending emails to your Gmail.

[+] arihant|7 years ago|reply

I'm not sure how much user security will come out of the new Gmail policies. A lot of companies will just start asking for username/password for IMAP access. Now the user is more vulnerable than if the developer was allowed OAuth access. Unless they plan to break that somehow as well.

[+] qbaqbaqba|7 years ago|reply

So IMAP is the next on the kill list. RIP email.

[+] tmp28342342|7 years ago|reply

Data privacy offers a good reason for both Google and Facebook to close the few gates that still offered access for 3rd party apps to their walled garden.

And I don't think I can blame them. This kind of access provided very little benefits for them, but it has turned out to be a big PR problem.

[+] swiley|7 years ago|reply

IMAP still works though right?

It's strange that IFTTT would use some non-standard interface and that's why I'm asking.

I don't think I can keep using gmail if IMAP breaks.

[+] toomuchtodo|7 years ago|reply

Disclaimer: Worked someplace that does something similar to IFTTT, but not IFTTT.

You do not want to use IMAP for integrations at scale. You run into all sorts of weird issues retrieving and deduplicating messages. It’s a terrible black box to troubleshoot. The Gmail REST interface was a huge improvement over IMAP. If you can get access to the REST interface, you want to use it.

While IMAP is a legacy compatibility mode, I would not call it a “standard” interface for this purpose.

[+] runjake|7 years ago|reply

Apple's Shortcuts, too.

Claiming that IFTTT and Apple Shortcuts have not complied with Google's privacy policy. That's rich.

[+] dazbradbury|7 years ago|reply

Seems to be the same issue for Gmail backup tools, eg:

https://github.com/jay0lee/got-your-back/issues/195

Frustrating, given Google's own takeout tool doesn't work on larger inboxes! This is basically going to destroy the tools that were papering over gmails cracks.

[+] Vojojo|7 years ago|reply

Although it doesn't necessarily cater for the home market, Zapier is suitable replacement for many use cases IMO.

[+] amanzi|7 years ago|reply

What's different between the way that Zapier connects to Gmail versus how IFTTT does it? Both appear to use the same mechanism, so I guess that Zapier will get blocked soon too?

[+] m-p-3|7 years ago|reply

Integromat might also works as an alternative.

[+] harrisonjackson|7 years ago|reply

I use Zapier to do some basic email parsing / echoing important and interesting things into slack and SMS. Instead of giving API access to Gmail content I filter + forward the emails to an address they provide.

[+] welder|7 years ago|reply

Going to really miss IFTTT... auto-responding using Gmail Filters and Canned Responses only works for a few hours before it stops auto-responding.

[+] solarkraft|7 years ago|reply

You mean that the app I explicitly want to be able to manipulate the data I have given it access to will no longer be able to do so? Hm.

[+] ucaetano|7 years ago|reply

Yep, users made it clear that they can't be trusted to make such decisions, so now the apps have to comply with new requirements, including security audits by 3rd parties.

[+] unknown|7 years ago|reply

[deleted]

[+] solarkraft|7 years ago|reply

So what is the policy update and can IFTTT comply without breaking functionality?

[+] winkeltripel|7 years ago|reply

an independent 3rd-party auditor:

> The assessment fee is paid by the developer and may range from $15,000 to $75,000 (or more) depending on the size and complexity of the application. This fee is due whether or not your app passes the assessment

(snipped from above)

[+] flocial|7 years ago|reply

It's unfortunate that I could get most of the functionality I need if IFTTT offered a way to confirm Gmail's request to add trigger@ifttt as a forwarding address.

[+] unknown|7 years ago|reply

[deleted]

[+] uhsaywhat|7 years ago|reply

Maybe the goal is to remove IFTTT and build the features into GMAIL

[+] londons_explore|7 years ago|reply

The goal is to not let a Cambridge Analytica scandal happen to Google.

If users all choose to share their emails with a third party service, and that third party service leaks/abuses the mail, Google will get blamed.

Google doesn't want that, so now stops you choosing to share mail with all except the biggest companies.

120 comments