Boah, fuck Google, ey.
Critical security alert! Someone used your password to log in, but Google has blocked it.
Yes, and Google has fucked me off by blocking it. (I don’t have the work Android thingy at hand.) Now what’s so critical about that… grml…
@mirabilos
Same for Microsoft… and all of them really!
The very dangerous intrusion attempt that they are preventing is me in 100% cases.
The only time I got a meaningful alert of this kind was from EverNote — my account had a very simple password, but it remained dormant for at least a decade. And I used this as a reminder to delete it completely.
@mirabilos
For me it's MS — as outlook.com has an easy way to use SMTP, I use it in different scripts to send notifications which should work even when other machines on my home network are down. And every time I'm stupid enough to use TOR for a browser that is logged into my MS account I have to go through this: change the password six times to reset it back to the old one, generate new unique passwords for legacy software — these ones are used to connect to SMTP…
@mirabilos
…and update .netrc or scripts themselves on different machines. I hate it! Nearly an hour of time completely wasted on this nonesense 😩
But as this doesn't happen often enough, I'm still too lazy to automate it or look for a different email provider to do this — still, every time a major frustration!
@m0xee … all I can say is DDTT (don’t do that then) (here: use MS stuff)
@mirabilos
Yes, good point! It's reasonable to jump ships and use a different e-mail provider, but something I have a weird feeling that all the free ones are like that, I have no valuable information in some of these accounts — and yet everyone seem to go full-on with their security measures as if someone's life depends on it. They should just add an option "I don't care about this account" — something like it 😂
@pyrate
Works fine for one-off registrations — but not for my use case: sending messages out. If something like that existed, it would be exploited by spammers and I would be uncomfortable giving out my real email address — the one I send notifications to, to a service that I'm unsure whether I can trust.
@mirabilos
I posit one crucial suggestion.
Completely IP block India.
@m0xee host yourself ;-)
@mirabilos
I might start migrating off ProtonMail for my domains at some point, but it won't solve this particular issue, I still need a third-party provider for these notifications, when it's just a short script, it's the script itself that might fail, and msmsp might not be able to reach the SMTP server, if it would use my server, it might go down too, or temporary be unable to deliver the message — too many moving parts. And I might want alerts about the mail server going down too 😂
@m0xee hmmh. I guess I’m too old: I just don’t want notifications, period ☻
@mirabilos
Yes, I'm also getting rid of all the unnecessary ones, but I'm talking about the notifications I send to myself from scripts — like transmission-daemon finishing downloading the movie I want to watch, or command finishing execution — building gcc on an old PowerPC machine might take hours or might break midway, and instead of chiming in every now and then over ssh to check on it, I can use notification. There is nothing sensitive in this type of messages, so privacy isn't a concern.
@mirabilos
Maybe I should just use IM like Matrix for these, but email is what I'm more used to and what I'm more comfortable with 🤷
@m0xee (plus, those providers are usually the ones you’d want the data secure from…)
@m0xee yeah, RocketChat also explodes every time it logs me out and I have to log in again… sigh