Is it safe to enter your email password into geary?

Hi, [Sorry for this dumb question!!!]

I searched for this online but didn't find anything - I guess no one is as paranoid as me!

Anyhow, I have never used an email client and intrigued with using Geary!
When signing in, it asks for my email ID and password...
Is it safe to enter my password into Geary? Won't that be sent to Geary servers which can later get hacked?
Also, in Settings, there's an option to connect to "online accounts" like Gmail and Outlook? What does that do? Should I connect [read: is it safe?]?


P.S: I know what you might be thinking! Doesn't this guy have an email app on his phone? Why does he trust that? Well, I use the Gmail app for Gmail accounts and the outlook app for Microsoft accounts because I guess it's their apps, and I am using their services. This is my first time using a third-party email client, which is why I am a bit worried!

Nothing is safe in this world.
Except that we all have to die and the earth will fall on the sun one day.

What seems safe today can be hacked tomorrow, so discussion is obsolete.


Obviously, the userid/password combo is required to access to your email. You do want to access your email right? I rather doubt that Geary sends your credentials anywhere but the server it's configured to access, but it IS open-source and you can verify that by auditing the code and compiling your own copy.
I also assume you know that every server you access will have your credentials somewhere and that your access to Google and MS services are multi-server: access/account verifications, side-server (dispensing HTML elements, ads,etc), resource server (email). You will NOT be able to determine what they do with that, since it is NOT open source and basically will be what most benefits the company. summary, your counter example isn't much of a difference really. If this bothers you, then don't do email or setup your own email server under your own control. Otherwise, not a pertinent issue. Pick your battles to die on.


Let me give you my point of view as a non-technical person.
Geary is FOSS and as such one could review the source code and make a decision.
This is not possibile for many of us, of course.
So, you should decide if you trust the FOSS community.
I do, and most likely many of us, using Linux...
Finally, also reviewing the source code you'd never be able to say what they do with the data they collect. This could be addressed, and not even completely, with on-site audits.
But we are entering in phylosophy and fantasy here :thinking::blush:


And you're paranoid?


Yeah! No, I mean, I understand where you are getting at!

The thing is, if you already use Gmail or Outlook, and if the companies want to spy on your mails, then they can already do that. No need to have the user use their specific email clients. So in my understanding, if you are using Gmail, then it's okay to use it with the Gmail email client - if you understand what you mean!

Now, with using a third-party email client is the fact that you are typing in your password into it. And I am not tech-savvy enough to understand the source code and how it operates! So maybe the password can get hacked while it's getting transferred to the Microsoft server. This is why I was asking the community if it's safe or not! Whether they know the email client is sketchy or things like that! Any bad name - you get the picture!


The third party client software doesn't work noticeably different than the host company software. They all transmit your identify from your pc to the server, there's always the possibility of interception of that secret. Welcome to the Internet.


Really? Even with the new encryption technology and stuff? I mean i use a desktop on Ethernet (although i do have a router connected)!

If i maintain best practices, is there a way person can hack me, without physical access to my hardware?

Everything is possible. The question your information worth the resources to capture it? Who would really care? I mean take precautions, but ultimately, everything is fair game if enough hardware is put against it.
The only possibly secure system is one that stands alone and is not connected to anything.


Well that is assuming your wife/GF isn't a spook working for some 3 letter gov't agency.

In that case all bets are off. :wink:


Yeah, I also think in that line.. just keep a low profile and you should be fine! Big corps might already have my data, but there aren't "ctrl+f"ing it because they don't know my name.. Maybe some key terms I have typed - in which they are interested in me as a statistic and not as an individual - which I believe is as much anonymity we can get at this moment!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.