Reading the fine print

Upon contemplation, blaming a time zone issue for the mail server problem just doesn’t seem right. Email works just fine across all the various time zones; why should it fail over something so simple?

When I “solved” the problem it was by updating the time zone, and bringing the server into proper sync with the client. But why would this be needed? As I made the change, I noticed something else unusual – there was a persistent connection to my mail server’s IMAP port, from the Amazon cloud. That struck me as odd, and potentially undesirable. So I closed the connection, and waited… and it reestablished itself within seconds. I put this down to being the tech-support diagnostic from the email client vendor, and then went about the business of kicking them off the server (write email to them, remove the extra account created for them, changing master passwords). As always, when I’ve opened a diagnostics port for outsiders, when it’s finished I go back and reset any master passwords which might have been [inadvertently] exposed – in this case, the password to my primary email – access to which had been the impetus for the whole exercise.

Changing the password on that email requires updating not just the mobile client on the phone, but also the mobile clients on the notebook computers, and the POP3 client on the administrative computer.  It’s an easy routine; pull up the client, stop the automatic message pull (which will fail as the password has changed), then make the change, do another message pull to validate, and we’re done.

Not so, this time. Instead, upon updating the password in the POP3 client, I get a “server closed connection” message. What? Did I type the password wrong? Let’s go try that again… get the same error… but that’s the wrong error for a password change. So it’s off to the mail server console to see what’s happened now – and the primary email account is now on ‘auto-ban’ status, meaning too many attempts were made with the wrong password in too short a time frame. I remove the account from auto-ban, do the POP3 pull from the client (works fine), then check the phone app.

It’s complaining it can’t connect. And that’s when it hits me – that persistent cloud connection was from the phone app. But why would it care? I’ve told the phone app to poll the server every 15 minutes… let’s fire up wireshark and do some packet analysis, see what’s happening. And sure enough, it’s the phone app, probing the mail server every 60 seconds for new email. Say what? And then I notice the section on the app menu, about privacy, and look in there. “Erase your data from our servers” – ahem. What data are you storing? Selecting Yes to “Erase data” tells me I may no longer use this app, and when I persist, it deletes the account from the app – resetting it back to the beginning.

Let’s go examine that app again… I should have been a bit more aware (read the fine print!) as to what was going on; how did a no-ads-install-for-free app have a dedicated tech-support team, without a visible source of revenue? Well, if you’re not paying, you’re the product, not the customer. In this case, the company providing the app is indeed reading the mail and making marketing trend analysis data available – to third-party [paying] clients. That’s how the app makes money.

I’d complain about deceptive advertising but… GMail is essentially the same. So Edison Email comes off the phone, and it’s time to find a better client.

One thought on “Reading the fine print”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.