I'm utterly fed up with the vast quantity of dangerous phishing emails that are sent from #Gmail (yes, verified as coming from #Google servers, not spoofed). While Google is pretty good at detecting INCOMING spams and phishing attempts for Gmail, Google still appears to permit OUTGOING phishes (that is, to non-Gmail servers) to utterly flourish.

The majority of these I see every day now come from Gmail. And the "payload" for many of these are GCP (Google Cloud Platform) servers. Fake PayPal phishes (that even bypass DKIM checks) are particularly numerous, but many don't even try to forge the From:, they just use their Gmail addresses, hoping to entrap as many users as possible.

Does Google care about this? Apparently not, probably because these are largely the same class of non-techie users Google routinely shows disdain for (e.g., in account lockout situations).

Do I need to write another formal blog post on this?

L

I have like 5 accounts that I can’t use my personal e-mail for so I’m looking to find a GMail alternative for them to continue my journey to be 100% off Google products.

Does any email provider (paid or free) offer the same level of deliverability, uptime, and have something similar to Google’s Advanced Protection Program (https://landing.google.com/intl/en_us/advancedprotection/)?

*****Beware of Google's latest passkeys push! *****

#Google, which itself in my experience is a massive source of spam and phishing attempts sent from #Gmail to non-Gmail mail platforms, is using scare attempts again to try trick users into using their flawed passkeys system instead of passwords, without these users necessarily understanding the full implications.

While the phishing attack model described in the link below is real and the result of what is essentially a flaw in Google's handling of DKIM-"protected" email checking systems (I see phishing attacks daily from Gmail users that have passed DKIM checks), I will repeat my concern that passkey implementations routinely result in many users who are not sophisticated techies getting locked out of their Google (or other) accounts, especially if they access the Internet via a single device.

I routinely hear from such users, and Google typically tells them to pound sand -- that is, tough luck -- you're screwed.

The march by firms to push users into giving up passwords is theoretically a laudable one -- for many years I have noted the need to move beyond the password model. Unfortunately, the rushed and poorly thought out passkey systems now being pushed on users by various firms continue to result in many users being locked out and left behind to rot without access to their email or other data.

The proponents of passkeys will argue that the risk of getting locked out of your account is acceptable when viewed against the damage that can be done by the various types of sophisticated phishing attacks -- that are indeed real and are increasingly difficult to detect by many users.

However, given the absence of humane account recovery policies on the part of Google and some other firms, the risk to many users of TOTAL lockout is so severe that their using passkeys becomes a much more problematic scenario.

I have continued to recommend to Google specific approaches to improve their account recovery and passkeys systems to avoid harm to many innocent users, but continue to hit a brick wall of apparent disinterest on their part.

Of course it is your decision whether or not to use passkeys, and to weigh their advantages and disadvantages. Personally, I am not willingly using any existing passkey implementations, especially Google's, and if firms begin to force their use, they will do even more damage to many innocent users whom they in many cases already treat so very badly when account access problems occur.

L

https://www.forbes.com/sites/zakdoffman/2025/04/18/google-confirms-gmail-update-stop-using-your-password-now/

Voici les résultats d'un sondage comptabilisant le vote 292 membres du groupe Facebook qui ont partagé leurs préférences pour les #alternativeEU à #google #Gmail

Voici les résultats en pourcentage :

1. ProtonMail : 25.68%
2. Mailo : 25.34%
3. Infomaniak: 18.49%
4. Autres : 13.01%
5. Orange: 9.25%
6. Laposte: 8.22%

N'hésitez pas à partager vos réactions en commentaires et à proposer VOS #alternativeEU #alternativeFR

En espérant que cela puisse aussi vous aider dans vos choix de #BoycottUSA

https://www.thenation.com/article/society/google-employee-speaks-out-war-contracting/

Let’s stop using Google and its products. Boycott now.

What the heck, Google?

Got this email today telling me they're changing the country and state I live in for my gmail account. Uh, no, I do not live in Washington. WTH?

cannot believe it is occurring to people that #DOGE IS NOT ABOUT EFFICIENCY BUT #SURVEILLANCE. just like #creditCards #Paypal #Uber #Tesla #Doordash #Amazon #Netflix #GMail #Instagram and every fin/techbro business.

the apartheid clown’s #malware is a ruse to give techbros the power to spy on all Americans.

these are the consequences of your silence while many of your friends & relations vilified us for saying, DEFUND THE POLICE. we didn’t just mean PDs. we meant the whole police state.

I sent my first #email msg through #gmail on Sep 13, 2004. We're more than 20 years later now and it's time to move on.
I registered my own domain this time and I'm looking at alternatives like @fastmail , @Tutanota , @protonprivacy, and @mailfence .
It's good to see that they all have mastodon accounts, although not all of them seem active anymore?
If anyone has another good suggestion then please let me know!

"Die betroffenen #Kinder müssen von Rechts wegen in die Schule gehen und dort #Chromebooks ... verwenden, vom E-Mail-Dienst #Gmail über Chat-Dienste und Google Docs bis zum KI-Sprachmodell #Gemini. Opt-outs sind nicht vorgesehen. Die allermeisten dieser Schulkinder sind minderjährig. Für die Verarbeitung...müssten die Erziehungsberechtigten zustimmen; #Google versuche gar nicht erst, deren Zustimmung einzuholen, ...."

https://www.heise.de/news/Heimliche-Browser-Ueberwachung-von-Schulkindern-Google-verklagt-10343707.html

Ich mach das #Internet jetzt aus.
#Datenschutz

If you're using #GMail and you've learned about their latest claim to introduce real end-to-end #encryption: it's a lie.

Google has the control and/or you can't do anything against that Google takes control any time.

Real #E2EE works differently: only the sender and receiver are able to access the protected content.

https://arstechnica.com/security/2025/04/are-new-google-e2ee-emails-really-end-to-end-encrypted-kinda-but-not-really/

https://michal.sapka.pl/2025/gmail-e2e-is-as-terrible-as-expected/

#Meta also defined E2EE such that the message is encrypted from the sender to them, processed in clear text and re-encrypted for the transmission to the receiver.

Don't let them fool you with false claims and wrong definitions.

Just to be clear: If #Google decides it’s okay to no longer send non-Gmail users the ACTUAL #email, but only a LINK to some bullshit #proprietary service that you must click to “unlock” the TRUE contents, then Gmail ceases to be an email provider but is merely a spam service which bullies unsuspecting users into using their proprietary crap.

While this seems to be limited to (fake) E2E for now, I’m afraid it could get worse if people do not resist.

I know why I don’t use #Gmail.

Latest issue of my curated #cybersecurity and #infosec list of resources for week #14/2025 is out!

It includes the following and much more:

➝ The European Union (#eu) will invest €1.3 billion in cybersecurity,
➝ #Apple has been fined €150 million by #France's competition authority,
➝ National Security Adviser Michael Waltz and his team used personal #Gmail accounts for government communications,
➝ Surge in Palo Alto Networks Scanner Activity,
➝ Five #VPN apps in the App Store are linked to the Chinese military,
➝ A new security fund opens up to help protect the #Fediverse,
➝ Royal Mail Group suffered a significant #databreach with 144GB of sensitive information stolen

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-14-2025

I really hope this was an April fools joke.

If you send me an email that requires me to use a stripped down Gmail to read it you can bet I’ll add you to my spam list.

Just another attempt of Google to make email even more proprietary forcing people to use their offering.

Still looking into the claim that workspace admins have access to the encryption keys. Which means we should really talk about the meaning of E2EE… #gmail #google #privacy

https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses