For what it's worth, here's what Moroney is saying:
"I’m out on vacation right now, and will respond when I get back. But these allegations are completely untrue, and massively distressing to me, and to others."
It is the truth that I was out on vacation at that time, and largely incommunicado, or at least I was supposed to be until these false allegations arose.
It is the truth that it was, and continues to be, massively distressing to me to be falsely accused like this.
It is the truth that I paid (out of my own pocket) for a blue check, because in the new Twitter that gets me 10x engagement, and I've always used my platform to enable and lift up others. That's what makes these accusations, and the follow-on abuse and attacks over email and otherwise so distressing.
Yeah I don’t understand how he gets tagged on an issue thread like that and doesn’t say anything until it reached enough eyes. Definitely seems suspicious. He also could have easily pointed out some specifics instead of just saying it’s untrue and saying he’ll get back to it after vacation.
> But honestly, it freaks me out that Google might someday disable my account.
Then don't wait. There are plenty of alternatives such as Fastmail. You pay a small amount of money but you can talk to a human being if anything goes wrong.
I also don't get why people put all their eggs in one basket. I'm so glad that my email, password manager, YouTube profile etc are not the same account.
I think the point is that you don't abandon gmail right now, you give yourself an alternative, and when you access a service or decide to change something about it or need to recover an email, you change it then (and store the new info in your password manager, maybe mark/rename the old info as OBSOLETE if you have that sort of control), and eventually you've decoupled yourself mostly.
Truly decoupling yourself is hard, and you'll probably be finding old accounts and dealing with them for years, but getting 95% of the stuff moved over the next year or so will likely give you a lot of peace of mind if you're actaully worried about it.
FWIW if you're actually worried about it, you should also make sure your email is through a domain you control (even if just pointed towards a service, or even gmail) and that domain service is not linked administratively to the same account that you use for email (e.g. don't register domain through google and then point at gmail), so worst case you can change the destination service by changing MX records and just swap all your email at once to a new handler (or if you're a masochist or as a last resort point towards your own mail server you admin). Just make sure it never expires (in the end, there's always something to worry about, you need to find the risk you're most comfortable with).
I tired that for 6 months. Fastmails crappy spam assassin bases filtering is a deal breaker. I ended up just pointing it back at my gmail. Just an inundation of spam.
I also found their search (which I rely on heavily) to be a joke compared to gmail.
I transitioned to my own domain plus fastmail years ago, and found I barely get any spam. I made sure to make a unique email per service and barely get any spam, and if I do, I can ban the email address. Helps you detect breaches or spam sales way before it becomes public.
I still have the old gmail account, but almost nothing of value goes through it.
The key is the domain, you don't even need to go away from gmail, but own your domain.
Ideally, you get your own domain and point that at whatever provider you feel like. Should you ever be locked out by a provider you point the domain to another one. If you follow a semi regular back up schedule for email you could even import your existing emails to some providers.
It’s much, much easier to change account details when you can still access the old email. Get your own domain for $20/year and you never have to worry about losing access again. You can always redirect your domain to a new email provider if something happens
It's not as bad as you think. Fastmail has a great import process.
Transitioning to a new email address isn't really that bad. I did it about 15 years ago. Whenever you log in to a site and you notice that it's using your old email address, you go into your profile settings and update it. After about a year you'll probably have hit 90% of your meaningful accounts.
I migrated some family email to Zoho the other day. There's a decent free tier and their email service alone is pretty cheap ($1/user/mo). For $1.25 you can get exchange activesync support as well.
I started my move in November of 2018 according to my Fastmail billing history.
I've _still_ got a few places that insist sending mail to Gmail (mostly sites that don't let me switch email for some weird reason).
I got my own domain, set it up on Fastmail, imported all my old mails from Gmail and set up a permanent forward from Gmail to Fastmail.
Then I set up a filter on Fastmail that shows all mails that were sent to my Gmail address and slowly went through that list and switched from @gmail.com to my own domain.
Now I'm the customer for my email instead of the product and I 100% own my own domain so no single company can take it away.
There isn’t anything really. I drank the koolaid and I lived in my mail for decades. My inbox has 100000s emails and my life is there. Alternatives I tried, for instance outlook, fastmail and others simply die when I turn the hose there. And that’s just new email, not import which I need too, of course. Gmail doesn’t flinch and is always fast.
You still end up beholden to a service. They have human beings now, but they might not in the future. Or they could vanish. Even running everything on your own systems is risky because you still end up being reliant on domain registrars.
It still shows it's a good idea to separate your e-mail from your YouTube or whatever account though.
When I still used Gmail I was always worried something like this would get me locked out of everything. I use YouTube much more now that my e-mail is safely stored elsewhere.
My YouTube account used to be independent from my Google account, just using my gmail address as the e-mail address. Then Google bought YouTube. Then Google merged my YouTube account with my Google account against my will.
1Password is also inherently more secure because of the extra Secret Key. If a breach like this ever happens to them, users with weak master passwords will still be safe.
Also, Lastpass doesn't encrypt URLs. There's really no excuse for that.
1Password does encrypt URLs. It also requires an extra Secret Key [0] in addition to your password. This makes it much, much harder to use the data even if encrypted vaults were stolen.
They also have a development team that's very active. Lastpass had been coasting for years.
Look, I hate the "new" 1Password as much or more than most, but to say they're coasting is disingenuous; just last week they published their "op" plugin system allowing running "gh" and "glab" and a bunch of other common commands as subprocess of their "op" binary to inject the api tokens. I think the SSH Agent behavior is also post-money
They've also listen to our bitching about requiring the master password every 2 weeks even with biometrics turned on, and rolled that back to a configurable setting
It's not a large development team. I moved away from them years ago because support for FIDO keys for example was always "coming soon" and still isn't there. They've been coasting for years and this breach doesn't surprise me at all.
Yes but they don't support the WebAuthn/FIDO2 standard. The Yubikey option they have is less secure because I think it's OTP under the hood, so it doesn't protect against phishing.
> All providers mess stuff up occasionally. Everyone has a customer support crisis at some point, with someone.
I think this misses the point. With Fastmail, if they mess up, I can still talk to a human. With Gmail there is no customer support to begin with so you're screwed whenever something goes wrong.
I migrated the important stuff and then just incrementally moved things over whenever I happened to login somewhere. At this point, the only emails I get on Gmail are random crap I don't care about.
It's so nice to have my Gmail only for Android and other Google services. It was a big relief.
> people will realize that only 50 of their thousands of followers can be found on mastodon, and then move back in a few weeks after giving up on the experiment
My Mastodon feed felt very empty a few months ago, but nowadays it's pretty good. A lot of folks switched or set up cross-posting, many of them not technical. Mastodon is doing much better than I expected back then.
"I’m out on vacation right now, and will respond when I get back. But these allegations are completely untrue, and massively distressing to me, and to others."
https://twitter.com/lmoroney/status/1702695501542597080
How convenient he's on vacation right now. Why didn't he respond sooner if it's all untrue?
(Also why am I not surprised to see this guy paid for a blue check...)