4 Responses to “Giving MIT access to your email”

  1. irilyth

    If you give them your username and password, don’t they have access to your entire Google account? I mean, they say they wouldn’t use that, but in the nefarious-employee scenario, what’s to stop someone from logging in as you and doing whatever they want?

    • Jed

      That was what I initially thought they were doing, but it turns out you’re not actually giving them your username and password; you’re signing in through Google, using the standard authentication system. So the good news is that Immersion never sees your username or password; the bad news is that you’re granting them permission to do whatever they want with your email.

      (Which, I should have added, also probably gives them permission to delete your email if they’re so inclined, or mark it as spam, or whatever.)

  2. Jed

    I see now that I misphrased part of my entry; I did talk about giving them your username and password. I’ll fix that.

  3. irilyth

    Ah, ok, that makes sense.

    As has been noted elsewhere (not about this specific project, but in general), if someone has access to your e-mail, they pretty much have access to everything, at least if it’s the e-mail address you use for other things. e.g. they can submit password-reset requests and use those to get access to your other accounts, potentially even very serious things like bank accounts.


Join the Conversation