Sergey Budaev

Apr 22, 2022

Goodbye Gmail

The old good email remains the most critical digital communication tool. What makes the venerable email so useful and sustainable over the long time is its openness and standardization. Email is radically different from the modern "apps" which integrate all pieces of technology--the server, the client, and the protocol--by a single monopolist provider. With email, we are free to choose the server (provider) and client with any combination. It provides enormous flexibility, added privacy and security. Indeed, the provider does not control my client and cannot add backdoors; there is no monoculture of client software with all the related security risks (any security vulnerability is global). Email is one of the few pieces of technology that is very resistant against internet censorship. Repressive state can easily block a web site and even force an app store to remove an app (as the Navalny's "Smart Voting"). Also, an app store can delete it for any other bizarre reason. But it is much more difficult to block a mailing list: it is easy to redeploy and recreate it on a different server (without the users even noticing anything). Furthermore, The user can easily create several different email-based identities (e.g. a separate one for politically sensitive activity) which adds anonymity. And anonymity means physical security in some countries.

It is not surprising that many internet services use the email address to register users, authenticate, restore password and other similar purposes. Open, standardized and decentralized email is one of the most critical technology everything else depends on. After all, the flexibility offered by the email technology--the freedom to choose all pieces (provider, client etc.) is just very very handy, at least for an advanced user (you can add new features on top of what the provider realized, even against the provider's will--isn't it convenient?).

The whole email technology is build around open protocols rather than a centralized platform. This facilitates competition, makes for better and fairer service and reduce possible impacts of malicious monopolists (Masnick, 2019).

Google's Gmail has long been one of the main pillars of email, millions used to rely upon every day. We should praise Google for popularising email as the basic mainstream technology among the masses. I started using Gmail many years ago when it was in its "beta" and available only by invitation. At that time Gmail openness and unrestricted nature was just blazing. The web interface was lightweight and not really cluttered with ugly banners, unlike other email providers. There were ads but they were small and unobtrusive. Gmail had long supported all the basic protocols (POP, IMAP, SMTP) that allowed to use any standard compliant client software, and that was available for free (some other providers were more greedy and allowed this only on paid plans). Google's POP, IMAP and SMTP implementations have been (and still remain!) quite idiosyncratic, incomplete and not really standard-compliant which caused various glitches (e.g. message deletion and default sorting are weird, I always hated Gmail's labels). But this was bearable.

The serious privacy problems and threats of Gmail, such as user email scanning for context-specific advertising (until 2017) or AI tool which could provide access to some pieces of data to third-party developers. That is nearly a disaster that cannot be fixed because spying on the user's data is at the heart of Google's business model. But who cares as long as it is free! I have long been using and promoting PGP encryption which could fix many of the privacy (and security) problems. Yes, PGP is crucial for individuals and businesses and yes, a motivated user can encrypt.

Gmail still remained free and relatively open while an alternative of deploying private email server is time-consuming and tedious (e.g. ensuring that emails from a tiny private server don't end up in spam folders of intended recipients). I used to pay with some of my privacy to get the usability and stability of Gmail.

But over time I became increasingly concerned about the clear trend taken by Google to make the open email more and more difficult to use outside of the Google monopolistic ecosystem. There are signs of the famous embrace, extend, and extinguish strategy. Gmail API is featureful and powerful... but only if you really need the complexity and like to play with the Google rules. If you don't like to see ads, for example, and for this use a standard IMAP mail client of your choice, your must suffer. If you need full PGP support on a mobile client, never offered by Google, you are out of luck and have to use an IMAP-based mobile app like Android K-9 Mail that requires sacrificing some usability.

Google tends to draw its users by all means into its browser, its own apps and APIs to get more user's private data and show ads. For that matter, Google's security usability has become just terrible. The intrusive access-blocks when a mobile user with an IMAP client moves across IP addresses can drive anyone crazy... Access can be blocked even if the user switches just to the next IP address within the same provider's IP pool.

Google security alert

I have to use VPN with fixed IP address to avoid these stupid blocks!

To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google.

The Google's insistence on rather complicated and heavyweight OAuth2 mechanism for basic email client access (remember, most email programs do not require you to enter your password every time, diminishing the risk of phishing) is understandable only as a means to limit all uncontrollable third-party clients. Yes, OAuth2 is logical for complex workflows of data access delegation across multiple web-based services with different login/password combinations (the "Auth" stands for authorization, not authentication). Whenever I need access to my own emails I need to authenticate my identity granting full access. But isn't OAuth2 client secret kept on the device just as the username/password combination? Yet, limiting the (power) users access to their own data provides just an illusion of security at a large cost to usability and compatibility.

The Google's move to OAuth2 authorization seem to point that the Gmail-hosted emails do not belong to me any more. My emails are now owned by Google, who just "authorizes" (delegates) me access to some of the data without trusting me. This is not what I need from my private communication. Does Google pretend to "zero-trust" any third-party apps? Maybe it doesn't trust its users (the owners of their data), assuming they are all idiots?

If you think your users are idiots, only idiots will use it [your service]. --- Linus Torvalds

And there is another side effect: as Google increasingly deployed more and more heavyweight frameworks and technologies, Gmail became very sluggish and bloated. It is cluttered and confusing, especially to those who don't use it often enough to remember all the idiosyncrasies. And it's still poorly adaptable to the user's needs. How can I get a fixed-width font for my plain text message? Where is my favourite basic (and very fast) HTML web interface?

Enough is enough. I now go away from Gmail, and primarily not because of big privacy concerns (which is quite expectable) but because of deteriorating usability and growing incompatibility. It looks like the people at Google have forgotten their old motto "Don't be evil." While I have been paying Google with my privacy currency in the past to get functionality and usability, the benefits of Gmail continuously went lower and now reached an unprofitable level.

Migadu is my choice

There are many hosted email providers, some are focused on privacy and security. For example, Protonmail is a fantastic project that makes it nearly trivial to use PGP even for an uninitiated. But its drawbacks are that it is non-standard and has too high publicity making it quite undesirable in certain authoritarian countries. Simply said, if you use Protonmail in some countries you may be suspected; Protonmail can be blocked by the authorities, and worse still, blocked in quite idiosyncratic way. Some services may also reject registration using this service.

What I have finally chosen is Migadu. It is not yet another standard email hosting provider. It is a domain-based service. Once you have got your own domain name (domains are now cheap), you can make your own email service for your domain. That simple. This makes it super useful for companies, families, groups and NGOs without large budgets. For a reasonable price you get nearly your own mail server with many configurable features (any custom mailboxes, aliases, forwarding, regexp, webmail, etc.) but without the need to maintain all this complex system.

If you have a web site, you necessarily get a domain name for it. Now it's easy to get your own email identity. True that some hosting providers also do host email. But if you decide to switch to a different hosting it will create a trouble: you need to move also email and this fact strongly limits your next choice. Having a completely indpendent email system for your existing domain avoids such hoster lock-in and makes life much easier.

By the way, the Migadu standard webmail interface is sleek and very simple. Looks modern but lightweight and quite fast. No bloat whatsoever, only the most crucial functionality. I am not big fan of web-based email, but use it from time to time. And there is even some very basic support for PGP! (But remember that web-based PGP is not a very secure solution.)

I found the mail server configuration (including more esoteric stuff like DNS setup and DKIM signatures) very easy. In my view you do not need an IT degree to configure your email server with full functionality. I like the admin panel, it is minimalist and easy to use, no stupid and distracting visual effects. And Migadu is advertised as fully open standard compliant service without proprietary glitches and limitations. So any standard (open source or closed source) software is very likely to be fully usable. This freedom is very important. And they are also clear and honest about the limitations and drawbacks.

Finally, goodbye Gmail.

PS: Disclaimer: I have no links with Migadu.

This post is also published on Substack and Medium

Apr 03, 2020

Is ​Zoom safe to use? Is the company marketing and other information correct and can be trusted?

Zoom privacy and security problems

Zoom has demonstrated significant negligence with respect to cybersecurity. Additionally, the company has shown aggressive marketing campaigns and was caught at providing false information to its end users.

  • Zoom aggressively forces the user to download and install native application rather than use web browser for videoconferencing even though videoconferences will work in the web browser. This is a little suspicious. Browser-based conferences are more convenient for an occasional user and is safer due to browser sandboxing of network applications.

  • Serious security deficiency on the Apple Mac platform allowing any unauthorized remote attacker to activate web camera, connect to a conference and execute denial-of-service attack. Zoom tried to ignore and deliberately hide information about the very serious security vulnerability and was slow to fix it. ​ See here for more details, ​ and here (technical information is ​ here and ​ here). Zoom management response seem to point to quite irresponsible corporate culture.

  • More recently it appeared that Zoom was sending users' data to Facebook servers without the user's consent. This is now fixed. See ​ Vice paper ​ and this follow-up.

  • Zoom was caught at providing false and misleading information that the videoconference has "end-to-end" encryption while this was not so. Check out this. The explanation for this provided by Zoom is unsatisfactory.

  • Zoom had a serious security vulnerability that could lead to user password leak in Microsoft Windows. ​ See here for details.

  • Zoom has a strange privacy policy that, even though states that "privacy is very important to us," requires quite large collection of private user's information. There is little explanation about to why this information is collected. Unlike many other similar companies, Zoom does not release transparency report(s). See here: ​

  • Electronic Privacy Information Centre has filed complaint to FCC

    • alleging that the videoconferencing company Zoom has committed unfair and deceptive practices in violation of the FTC Act. According to EPIC, Zoom intentionally designed its web conferencing service to bypass browser security settings and remotely enable a user's web camera without the knowledge or consent of the user.
  • See more details here

  • There is a growing concern on the privacy deficiency in Zoom, for more details see ​this and ​ this. Also see The Guardian.

  • Recently SpaceX has banned Zoom because of privacy concerns, see here for details.

  • Zoom has close links with China. Even though the intellectual property, management and marketing are based in the USA, many if not most developers and engineers are bsed in China (see ​Form S-1 registration statement). This can potentially lead to serious privacy and cybersecurity issues, given the Chinese regime tightening of Internet regulation (censorship, privacy etc.). One example is ​MLPS 2.0 legislation, 2019 mandating China residents and any foreign companies unrestricted access to user data. (In China, Zoom has a network of agents acting under different names but using the same platform. )

Updates: More on Zoom problems

How to increase privacy and security of using Zoom on Linux

Sandboxing. On the Linux platform, one solution is always to run Zoom videoconferencing software only in a limited sandbox. Then, Zoom client would not have access to user's files and other processes running on the system.

  • Update: This recipe works for Zoom v. 3.5.361645.0301, but not for some later versions, e.g. 3.5.374815.0324, see update below on this.

Disable any unauthorized update/upgrade of Zoom client. Do not install Zoom software via the standard reopository. Use static tar.gz archive instead. Select Other Linux OS for installation. Uncompress the static distribution in a safe directory. Disadvantage of this is that update is only manual, check out Zoom web site for new releases and read changelog. But advantage is that zoom cannot silently install any unauthorized update or software on the system.

It also makes sense to register at Zoom with the institutional email but separate password, so Zoom does not use the main institutional login (SSO login). This might help against credentials leak in case of Zoom software vulnerability. Using the institutional email to register would ensure Zoom is registered as "licensed."

Install firejail sandboxing.

sudo apt install firejail.

  • Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. ... Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. The software includes security profiles for a large number of Linux programs: Mozilla Firefox, Chromium, VLC, Transmission etc. To start the sandbox, prefix your command with “firejail.”

Make a configuration file for Zoom in .config/firejail/. Here is the configuration file named as the main Zoom run executable: ZoomLauncher.profile (given the running executable is ZoomLauncher):

# Note: to delete all firejail profiles for all local trusted apps
#  run sudo firecfg --clean
# ----------------------------------------------------------------
# Duplication of zoom configs in noblacklist and whitelist
# sections fixes login credentials no save problem:
noblacklist ${HOME}/.config/zoomus.conf
noblacklist ${HOME}/.zoom
include /etc/firejail/
include /etc/firejail/
include /etc/firejail/
include /etc/firejail/
whitelist ${HOME}/bin/zoom
whitelist ${HOME}/.config/zoomus.conf
whitelist ${HOME}/.zoom
whitelist ${HOME}/.cache/zoom
whitelist ${HOME}/downloads
include /etc/firejail/
caps.drop all
protocol unix,inet,inet6
# Needed for latest versions of Zoom and perhaps certain other Qt/QML apps

Now Zoom client can be started from the firejail sandbox:

firejail /path_to_safe_install_location/bin/zoom/ZoomLauncher

To make it possible to use standard graphical menus, one need to make a zoom.desktop startup file in the user's directory .local/share/applications. The Exec entry of the file must include the firejail-based startup:

[Desktop Entry]
Name=Zoom Desktop [Jailed]
GenericName=Zoom videoconferencing
Comment=Zoom Desktop Client jailed
Exec=firejail /path_to_safe_install_location/bin/zoom/ZoomLauncher %f

Firejail caveats

Firejail can start serving all user's applications in its jail, which is often too restrictive (e.g. settings are not saved).

  • To force reconfiguring all application to run in firejail do (do not do this if you are unsure) this:

    sudo firecfg

  • To disable configuring all local applications to run in jail, do this:

    sudo firecfg --clean

  • Do this (sudo firecfg --clean) if you have problems starting applications after installing firejail.

  • To check if an application is by default starting in a jail, run it from the terminal. If terminal shows several lines like Reading profile /etc/firejail/ then the application runs in a jail.

A newer version of Zoom client (3.5.374815.0324) refused to run in a jailed environment and hanged.

A workaround for running recent Zoom in jail:

add the below line env QML_DISABLE_DISK_CACHE=1

to the firejail config file.

  • QML_DISABLE_DISK_CACHE Disables the disk cache and forces re-compilation from source for all QML and JavaScript files. (from QML Documentation)

How to increase privacy and security of using Zoom on Microsoft Windows

Here is a link on sandbox in Windows 10: How to use Windows sandbox.

I have not tested how this works.

Android sandbox

For Android, one solution is to use the open source ​Shelter application, then mobile Zoom can run in a secure container.

I have been running several programs that I do not like to give access to my data within Shelter. It works fine for me.


  • Contacts (address book) are not leaked to Zoom if a separate address book is used within shelter

  • All apps can be frozen to avoid them run all the time at the background, this reduces the chances of data leaks as well as battery drain. Freezing can be done automatically, after timeout.