Alistair Barr and Rolfe Winkler:

The move, announced Wednesday at the company’s developer conference in San Francisco, is a first step toward turning Gmail into a platform for developers who want to leverage the contents of users’ email for productivity and other applications. A travel app, for example, could scan your email inbox for booking confirmations and automatically compile them into an itinerary. An expense app can dig through your inbox for receipts and automatically file them to your cloud-based account.

This clearly sounds horrible from a privacy standpoint. Who wants developers sleuthing through their emails? I sure as hell don’t.

In an interesting note about the privacy, WSJ notes:

The new Google API may help with this. With IMAP, developers had to access all of a user’s messages to make their applications work, even if the apps only needed one specific type of data. The new API lets developers access only what they need. For example, if their app just sends mail on behalf of a user and does read mail, developers can limit their request to send-only, DeFriez said. “There are actually less privacy concerns than IMAP,” Mawani said.

I find this statement really odd. The phrasing starts off to make it sound as though you have fine grain controls over what someone can access over the API. I picture something like: “Only emails with Confirmation in the subject line.” That actually would be pretty great.

And then you read the rest of the sentence and it sounds more like the API privacy controls will be more like: “Send only, Scan only, Send & Scan.” Which is really nothing to brag about.

All of that leads me to: how is this less of a concern than IMAP?

Also, why does Google hate IMAP so much? Granted it is not great, but it’s a standard.


Posted by Ben Brooks