Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

B S Magnet

macrumors 603
Original poster
Buried in my spam box this afternoon, I found a repetitive email warning from Google (repetitive, in that the same message was sent to the multiple Gmail accounts I’ve set up since 2004).

The warning, in short, is Google is making OAuth 2.0 a mandatory function of accessing one’s Gmail email from outside the (heavy) confines of the Gmail web page, effective 30 May 2022:

1647300785162.png



This shift, of course, is going to leave a lot of email clients high and dry across several platforms (OS X/macOS, Windows, etc.) and architectures (PowerPC, Intel, and even Apple Silicon).

For me, this hits the use of the same (and preferred) email client I’ve used since ’04, GyazMail, on not only the PowerPC side, but also on the Intel side (as even the latest, 64-bit build of GyazMail, released 2021, compatible with Apple Silicon running Monterey, presently does not support OAuth 2.0). Other third-party email clients may be facing a similar situation.

[Personally, I will need to shift my email management away from Gmail as much as I can. It’s something I should have done long ago anyway, but this is probably the prompt to get me off my duff and actually map out a long-term working plan. (I do have my own domain hosting, but I also know many do not have that affordance.) That plan, in my situation, will mean closing mostly-dormant Gmail accounts I’ve had kicking around for ages; updating web services which rely on those accounts; and for the rest, forwarding Gmail to my own hosted domain’s email accounts.

Google’s compulsory shift will be a heft of a pain for everyone who relies on not only tried-and-true legacy email clients which have never failed them, but possibly also the reliable hardware on which that software depends. It may lock out most paths when originating from a PowerPC setting, which is why I’m posting this here.

tl;dr: This thread is to help bring the many brilliant minds of our community together to begin to aggregate known methods and possibly lesser-known email clients which may continue to run in a PowerPC Mac (or even a PowerPC Linux) setting, and which will also support OAuth 2.0 — provided, of course, there are paths for doing so. These paths will come in handy for anyone who must still rely on Gmail for their email needs (I imagine that will be a lot of us who read this).


Last bit: Allowing for how many solutions are offered by the PowerPC/early Intel community, I may open this into a WikiPost. We’ll see how it goes.
 
I haven't used passwords for my Gmail in some time now, so this may be outdated, but…can't you just set an app-specific password?

I've done that in the past, but again it was quite some time ago.
 
I haven't used passwords for my Gmail in some time now, so this may be outdated, but…can't you just set an app-specific password?

I've done that in the past, but again it was quite some time ago.

An app-specific password method is a 2-step authentication alternative which, as I understand it, may also no longer be supported once Google migrates to compulsory OAuth 2.0 usage.

The 2-step authentication method is, presently, not useful for email clients which do not support it. The email client I use does not support it.
 
Does Entourage even support imap which is what I use ? Personally, I hate gmail and google and looking for better email that work with PowerPC. I also have Office 2001 on my OS 9 Titanium - will it too continue to work?
 
Does Entourage even support imap which is what I use ? Personally, I hate gmail and google and looking for better email that work with PowerPC. I also have Office 2001 on my OS 9 Titanium - will it too continue to work?
04 does. Just use a App Password and it will still work after the cutoff date (?) Instead of putting in your gmail password you put in the fancy code
 
I am not sure I understand. What you mean, example: I normally log into gmail with my username and password.. but on the client email app I use also that as well.
 
It does look like app passwords will still work after the 30 May cutoff.
Source: https://support.google.com/accounts/answer/6010255

The pink-box info up top isn’t any clearer for applications (I’m deliberately using “applications” here in the traditional desktop sense, not “app” as contemporary shorthand for electron-style standalone apps one might grab from the App Store for an iOS/watchOS device) which use a username and password only to access a Google service like Gmail:

To help keep your account secure, starting May 30, 2022, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.


Please note this deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date.


For more information, please continue reading.

Special Note on Apple Device Sign-Ins. Users who have not recently signed into their Google Account using only username and password will be able to only make new sign in attempts using the Google account type starting from February 28, 2022. Existing users may continue to sign into their Google Account using their username and password until May 30, 2022.

Google doesn’t elaborate what an “Apple Device” is. Is this, by their reasoning, a mobile Apple device, a desktop Apple device, or is it both?

That, along with the remainder of the passage, “Existing users may continue to sign into their Google Account using their username and password until May 30, 2022,” doesn’t indicate continued support of any kind for an application running on an Apple product, beyond that date, if that application only uses username/password authentication (via TLS, STARTTLS, or whatever encryption scheme) to access data from an account on Google (such as a Gmail account’s contents, via IMAP and/or POP3).

I know my desktop email application, GyazMail, checks my email accounts routinely. I assure this happens because otherwise Google will deactivate the existing “sign on using ‘less secure app access’”. (Under this interpretation, GyazMail would be an “app”.) Typically, this deactivation occurs between 96 hours and one week, based on past experience of having to manually re-activate this account toggle.

My reading of the email message I screencapped in the original post, along with the pink box text in your reference link, would suggest the same information: a user’s ability to retrieve and/or send email using your Gmail account, from an older, third-party application, will no longer be able to do so, effective 30 May 2022.

Again, that’s my read of it.
 
  • Like
Reactions: TheShortTimer
I don't have much to add, besides not using ProtonMail if you do switch from Gmail. They've proven themselves untrustworthy. Not that you should inherently trust any other email service, but ProtonMail is the one that publicly doxxed (as in, we know about it, not that they posted their dox online) a climate activist for so much as squatting in a bildimg.​
 
  • Like
Reactions: barracuda156
I don't have much to add, besides not using ProtonMail if you do switch from Gmail. They've proven themselves untrustworthy. Not that you should inherently trust any other email service, but ProtonMail is the one that publicly doxxed (as in, we know about it, not that they posted their dox online) a climate activist for so much as squatting in a bildimg.​

Link requested. I want to catch up on this. Cheers.

I have one protonmail account. I use it for one thing: to receive correspondence from my hosting provider (which, likewise, is situated inside Switzerland). Google, Microsoft, and Apple don’t need to know about my hosting provider activity.
 
  • Like
Reactions: lepidotós
I know The Verge is sort of the Burger King of tech news, which is itself the Wendy's of journalism, but it is at least a slightly potentially credible source. Slashdot and Wired also covered it but I'm lazy and don't want to keep posting links.​
 
  • Like
Reactions: B S Magnet
An app-specific password method is a 2-step authentication alternative which, as I understand it, may also no longer be supported once Google migrates to compulsory OAuth 2.0 usage.

The 2-step authentication method is, presently, not useful for email clients which do not support it. The email client I use does not support it.

Physical key won’t work on PPC, right?
 
I know The Verge is sort of the Burger King of tech news, which is itself the Wendy's of journalism, but it is at least a slightly potentially credible source. Slashdot and Wired also covered it but I'm lazy and don't want to keep posting links.​

Thanks for the link. Every now and again, one gets a shameful jones for a Whopper with cheese, especially after a few pints…

(or wait, is that just me, haha whoops ^_^; )

After doing some reading on what happened, this parsed less as a “dox” in the literal, classic sense (i.e., unsolicited cracking/leaking; brigade-style crowdsourcing of a subject’s identity; then slapping that personally identifiable info onto a media site/forum for everyone to see and spread, etc.), and more a one-two punch of legal stiff-arming across international jurisdictions, coupled with the end-user of that Proton account posting their email address in less-than-secure locations (and within the visibility of parties who weren’t welcome to that address, i.e., cops). It sucks that it went down like that.

Shy of an email service’s servers being sited on a micronation (like the Principality of Sealand), I’m unsure even privacy-robust nation-states like Switzerland are bona fide safe from all circumstances of being compelled by a determined legal force to turn over specific data. As one comment noted in the link you pasted, it’s a healthy praxis to practise good “identity hygiene”.

/off-topic
 
  • Like
Reactions: lepidotós
Titan Security Key, I guess.

I don’t know. That solution seems tantamount to calling a fire brigade to extinguish an inferno on the candle of a birthday cake.

EDIT to add: macports apparently has “py-fido2” — a library for working with FIDO devices (like Google’s proprietary Titan Security Key). As to whether that can be made to work on a PowerPC Mac? Who even knows. How many of us on here even have a Titan Security Key — much less one for personal, non-work use? I can’t imagine it’s a big number.
 
Last edited:
EDIT to add: macports apparently has “py-fido2” — a library for working with FIDO devices (like Google’s proprietary Titan Security Key). As to whether that can be made to work on a PowerPC Mac? Who even knows. How many of us on here even have a Titan Security Key — much less one for personal, non-work use? I can’t imagine it’s a big number.

Well, I was curious to check, and at least the said library does build on 10A190:

Code:
36-120:~ svacchanda$ port -v installed | grep fido2
  py39-fido2 @0.9.3_0 (active) requested_variants='' platform='darwin 10' archs='ppc' date='2022-03-15T20:24:01+0800'
  py310-fido2 @0.9.3_0 (active) requested_variants='' platform='darwin 10' archs='ppc' date='2022-03-15T20:19:55+0800'
 
  • Like
Reactions: B S Magnet
Well, I was curious to check, and at least the said library does build on 10A190:

Code:
36-120:~ svacchanda$ port -v installed | grep fido2
  py39-fido2 @0.9.3_0 (active) requested_variants='' platform='darwin 10' archs='ppc' date='2022-03-15T20:24:01+0800'
  py310-fido2 @0.9.3_0 (active) requested_variants='' platform='darwin 10' archs='ppc' date='2022-03-15T20:19:55+0800'

I wonder if either libfido2 and/or pan-u2f are needed for that.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.