Good old email remains the most important digital communication tool. What makes venerable email so useful and enduring over time is its openness and standardization. Email is radically different from today's "applications," which bundle all parts of the technology—server, client, and protocol—from a single monopoly provider. With e-mail, we are free to choose the server (provider) and client in any combination. It provides tremendous flexibility, additional privacy and security. Indeed, the provider does not control my client and cannot add backdoors; there is no monoculture of client software with all its attendant security risks (any security vulnerability is global). Email is one of the few technologies that is very resistant to Internet censorship. An oppressive state can easily block a website and even force an app store to remove an app ( like Navalny's "Smart Voting") . Also, the app store might remove it for any other strange reason. But blocking a mailing list is much more difficult: it is easy to redeploy and recreate it on a different server (even with this, users will not notice anything). In addition, the user can easily create several different email-based identifiers (for example, a separate one for politically sensitive activities), which ensures anonymity. And anonymity means physical security in some countries.

Not surprisingly, many Internet services use an email address for user registration, authentication, password recovery, and other similar purposes. Open, standardized and decentralized email is one of the most important technologies on which everything else depends. In the end, the flexibility offered by email technology - the freedom to choose all parts (provider, client, etc.) - is just very convenient, at least for an advanced user (you can add new features on top of what the provider has implemented , even against the will of the provider - isn't it convenient?).

All email technology is built on open protocols, not a centralized platform. This promotes competition, provides better and fairer service, and reduces the possible influence of malicious monopolists ( Masnick, 2019 ).

Google's Gmail has long been one of the main pillars of email that millions of people rely on every day. We have to commend Google for popularizing email as a mainstream technology among the masses. I started using Gmail many years ago when it was in beta and invite-only. At that time, the openness and unlimitedness of Gmail just went through the roof. The web interface was lightweight and not cluttered with ugly banners, unlike other email providers. There were advertisements, but small and unobtrusive. Gmail supported all major protocols (POP, IMAP, SMTP) for a long time, allowing you to use any standard client software, and it was available for free (some other providers were greedier and only allowed it on paid plans). Google's POP, IMAP and SMTP implementations were (and still are!) quite idiosyncratic, incomplete and not quite up to standard which caused various glitches (e.g. deleting messages and sorting by default is weird, I've always hated Gmail shortcuts). But it was tolerable.

Serious privacy concerns and threats to Gmail , such as scanning a user's email for context-sensitive ads ( before 2017 ), or an AI tool that can provide access to some pieces of data to third- party developers . It's almost a disaster that can't be fixed because snooping on user data is at the heart of Google's business model. But who cares as long as it's free! I have been using and promoting PGP encryption for a long time, which can solve many privacy (and security) problems. Yes, PGP is critical for individuals and companies , and yes, a concerned user can encrypt .

Gmail was still free and relatively open, while the alternative of deploying a private mail server is time-consuming and tedious (for example, ensuring that emails from a tiny private server don't end up in the spam folders of intended recipients). I used to pay with some of my privacy to get the convenience and stability of Gmail.

But as time went on, I became more and more concerned about Google's apparent tendency to make open email more and more difficult to use outside of Google's monopoly ecosystem. There are signs of the famous reach, expand, and redeem strategy. The Gmail API is feature rich and powerful... but only if you really need complexity and like to play with Google's rules. If you don't like seeing ads, for example, and you use the standard IMAP mail client of your choice to do so, you must suffer. If you want full PGP support in the mobile client, which Google never offered, you're out of luck and will have to use an IMAP-based mobile app like Android K-9 Mail , which requires some reduction in usability.

Google seeks to attract users to its browser, its own applications and APIs in every way in order to obtain more personal user data and display ads. For that matter, the security of using Google has just gotten abysmal. Annoying access blocks when a mobile user with an IMAP client navigates through IP addresses can drive anyone crazy... Access can be blocked even if the user simply switches to the next IP address within the same provider's IP pool.

I have to use a fixed IP VPN to avoid these stupid blocks!

To help keep your account secure, Google will no longer support third-party apps or devices that ask you to sign in to your Google account using only your username and password. Instead, you will need to sign in using Sign in with Google.

Google's insistence on a rather complex and heavyweight OAuth2 mechanism for basic access to email clients (remember that most email programs don't require you to enter a password every time, which reduces the risk of phishing) can only be understood as a means of restricting all uncontrolled third parties. party clients. Yes, OAuth2 makes sense for complex workflows of delegating data access between multiple web services with different login/password combinations ("Auth" stands for Authorization , not Authentication ). Whenever I need access to my email , I need to verify my identity by granting full access . But isn't the OAuth2 client secret stored on the device in the same way as the username/password combination? However, restricting (experienced) users' access to their own data only creates an illusion of security at the expense of usability and compatibility.

Google's move to OAuth2 authorization seems to indicate that emails hosted in Gmail no longer belong to me. My emails are now owned by Google, which just "allows" (delegates) me access to some data without trusting me. This is not what I need from my personal communication. Does Google pretend not to trust any third party apps? Maybe he does not trust his users ( the owners of their data), considering them idiots?

If you think your users are idiots, only idiots will use it [your service].

— Linus Torvalds

And there's another side effect: as Google increasingly deployed heavier and heavier frameworks and technologies, Gmail became very sluggish and bloated. It's cluttered and confusing, especially for those who don't use it often enough to remember all the features. And it still doesn't adapt well to the needs of the user. How can I get a fixed width font for my plain text message? Where's my favorite basic (and very fast) HTML web interface?

Enough means enough. Now I'm ditching Gmail, not primarily because of big privacy issues (which is to be expected), but because of deteriorating usability and growing incompatibilities. Looks like the people at Google have forgotten their old motto "Don't be mean". While in the past I've paid Google with my privacy currency to get functionality and usability, Gmail's benefits have steadily declined and are now at a loss-making level.

Migadu is my choice

There are many email providers out there, some of which are focused on privacy and security. For example, Protonmail is a fantastic project that makes using PGP almost trivial even for the uninitiated. But its shortcomings are that it is non-standard and has too much publicity, which makes it highly undesirable in some authoritarian countries. To put it simply, if you use Protonmail in some countries, you may be suspect; Protonmail can be blocked by the authorities, and worse, blocked in a rather peculiar way . Some services may also reject registration with this service.

In the end, I chose Migada . This is not another standard email hosting provider. This is a domain service. Once you have your own domain name (domains are cheap these days), you can create your own email service for your domain. So simple. This makes it very useful for companies, families, groups and NGOs without big budgets. For a reasonable price, you get almost your own mail server with a lot of customizable features (any custom mailboxes, aliases, forwarding, regex, webmail, etc.) but without having to maintain this whole complex system.

If you have a website, you will definitely get a domain name for it. Now it's easy to get your own email. True, some hosting providers also host email. But if you decide to switch to another hosting, this will create a problem: you also need to transfer email, which greatly limits your further choice. Having a completely independent email system for your existing domain avoids this kind of hoster blocking and makes life a lot easier.

By the way, Migadu's default webmail interface is sleek and very simple. It looks modern, but light and quite fast. No bells and whistles, only the most important functionality. I'm not a big fan of web email, but I do use it from time to time. And there's even basic PGP support! (But remember that Internet-based PGP is not a very secure solution .)

I found the mail server setup (including more esoteric stuff like setting up DNS and DKIM signing) very easy. In my opinion, you don't need an IT degree to set up a mail server with full functionality. I love the admin, it's minimalistic and easy to use, no silly or distracting visuals. And Migadu is advertised as a fully open standard compliant service with no proprietary glitches or limitations. So any standard software (open source or closed source) is likely to be fully usable. This freedom is very important. And they are also clear and honest about limitations and shortcomings .

Finally, goodbye Gmail.