Bonum Certa Men Certa

Bypass “Less Secure Apps” in GMail With SeaMonkey Mail Using IMAP.

Reprinted with permission from Ryan Farmer

Problem: Google doesn’t support STARTTLS or plain username and password over TLS anymore.



Google has declared war on mail clients. It will probably get worse in the near future, but for now, you can still log in with a proper email program, like SeaMonkey.



When Google makes these additional changes I’ll see if I can hack around them too and update everyone.



(Google really doesn’t like IMAP because they can’t shove ads that look like email messages in it like they do in the Web Mail version. These are basically a phishing attack that Google lets advertising companies pay for.)



To help keep your account secure, from May 30, 2022, ​​Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.



Important: This deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date.



If an app or site doesn’t meet our security standards, Google might block anyone who’s trying to sign in to your account from it. Less secure apps can make it easier for hackers to get in to your account, so blocking sign-ins from these apps helps keep your account safe.

-Google


Solution: Fake the User Agent for Google.com and GMail.



Even though SeaMonkey Mail doesn’t have any security problems that Thunderbird doesn’t have, Google allows Thunderbird and denies SeaMonkey. They both use the same code to implement mail support.



To get around this, lie to Google about your User Agent String.



In about:config, right-click, make a new String.



Paste in general.useragent.override.gmail.com and for the value, use Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:115.14) Gecko/20100101



Be careful there’s no whitespace. Then do the same thing, make the value



Paste in general.useragent.override.google.com and for the value, use Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:115.14) Gecko/20100101



Then select OAuth as the authentication type and set up your GMail account in SeaMonkey and sign-in again (you may need to click the “Get Messages” button), and instead of seeing the “less secure apps” warning, it’ll log in and fetch your mailbox.



Every 18 months or so you have to bump the fake User Agent. This should be easy because Thunderbird uses ESR branches of Firefox (currently 115) and the minor builds on this ESR branch normally go to .14.



They only check the minor revision to make sure it’s not lower than the minimum required Thunderbird. They don’t check the major version to see if it actually exists yet or not. So putting “current ESR plus .14” works even though there is no such version.



This is important because I have also found out that if you’re not “following minor versions” of Thunderbird, Google will log you out and your mailbox will disappear from SeaMonkey until you bump it. And you usually only get two minor releases behind before they do this!



So really the only thing to bump is the rv:xxx.xx part of the String, whereas the x’s indicate the major and minor build of Thunderbird you’re claiming to be.



If you look in the “apps with access to my account” you’ll see an entry for “Mozilla Thunderbird” with “Access to GMail”. This is SeaMonkey.



“Security that you lie your way past. I like it.



Very “I’ll make three Windows Registry entries and Windows 11’s installer has no Secure Boot, TPM, or minimum processor anymore.” (which is also a thing) of Google.



Recent Techrights' Posts

Writing and Coding Isn't Always Enough
Last year we had to assume a role we didn't have before: litigants
Autumn Has Come
Autumn should be exciting in all sorts of ways; it'll also mark our anniversary
 
Slopfarms Already Peaked, They Will Die When Slop Companies Run Out of Money to Borrow
slopfarms will lack an actual "engine"
“Sideloading” Never Killed Anybody
There are many online discussions this week about the misnomer "sideloading"
Slopwatch: Google News as FUD Vector Against Linux and Plagiarism Enhancer, Serial Slopper (SS) Uses LLMs to Googlebomb "Linux"
Slop destroys the Web not just by screwing with search engines and helping plagiarists. It's also responsible for de facto DDoS attacks...
Links 01/09/2025: "Attacks on Science" and China's "Soft Power" Grows
Links for the day
Links 01/09/2025: Fresh Backlash Against Slop and "Norway’s Electricity Crisis is About to Hit Britain"
Links for the day
Links 01/09/2025: Catching Up (Mostly via Deutsche Welle), "Windows TCO" Effect in UK
Links for the day
Gemini Links 01/09/2025: Linguistic Barriers and "Web 1.0 Hosting"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, August 31, 2025
IRC logs for Sunday, August 31, 2025
The UEFI 9/11 - Part IV - External Interference
They all seem to be playing a role in crushing Software Freedom and self-determination for users
Links 31/08/2025: Baggage Claim Scams, an Insurrectionist’s War on Culture, and a Sudden Robotics Hype
Links for the day
Gemini Links 31/08/2025: Reviewing Netsurf and Slightly Less Historic Ada Design
Links for the day
IBM Has Taken Control of GNOME
Don't expect a successor to be found any time soon
Links 31/08/2025: Google Gmail Data Breach and LF Puff Pieces for Pay
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, August 30, 2025
IRC logs for Saturday, August 30, 2025
This is What Google News Has Become
Moments ago
The Slopfarm WebProNews Has Turned Google News Into a Laughing Stock Full of Plagiarism by Slop
If Google News dies of neglect, that's one thing. It's starting to seem like active neglect by Google is a form of participation.
Do What is Moral, as What's Legal Isn't Always Moral
Do what's objectively moral, no matter the costs and the risks
Slopwatch: Google News Assisting Plagiarism and Anti-Linux FUD, Serial Slopper Rips Off Linux-Centric Journalists
This makes the Web a much worse place and lessens the incentive to do journalism
Links 30/08/2025: NVIDIA Fakes Results to Hide a Bubble Already in Implosion Phase, Data Breaches Galore, Important Win for Workers' Union in Canada
Links for the day
Representing and Speaking for Animals
If I ever choose to take this matter to tribunal with animals-centric NGOs on my side, it'll get some press coverage for sure
The UEFI 9/11 - Part II - Campaign of Censorship and Defamation Against Critics
In dictatorships, humour serves an important role. It's tragic.
In Kazakhstan, Yandex Estimated to be 20 Times Bigger Than Microsoft
Bing is measured as down this month
Shutterstock Not Enough? The Register MS Uses Slop Images in Articles (Seemingly More and More Over Time)
Cost-saving trajectory amid office shutdown?
Gemini Links 30/08/2025: Games, PostmarketOS, and Slop
Links for the day
Links 30/08/2025: Imgur Uproar and Many Ukraine Updates (Mediazona Reports Over 200,000 Russians Died for Putin)
Links for the day
How Not to Build Software
code forges that need a Web browser perhaps fill some 'niche' demand
GAFAM and "MATA"
The use of dark humour there hopefully helps illuminate what a lot of "modern" technology became like and how it interacts with human civilisation (to what ends and whose gain)
Birds Are Not "Pests and Vermin", Privacy is Not a Crime, and GNU/Linux is Not 'Hacking Platform'
I could not help but think of Free software analogies
The Sites Should Be Very Fast Again
That issue is now resolved
Flying in 2025
worse than ever before
Activists, Including Technical Activists, Need Not Pursue Affirmation
Techrights doesn't play or participate in a "popularity contest"
The UEFI 9/11 - Part III - Chaos is Scheduled to Happen Second Thursday of September (No Matter What the Microsofters Tell You)
The clock is ticking
Downplaying the Impact of "UEFI 9/11" is a Losing Strategy
we won't publish much whilst on holiday
Government Sites Should Run Free Software
Not proprietary bloatware with buzzwords
LLM Slopfarms Take No Breaks
When people run sites by bots they don't need to worry about "breaks"
GNOME Having a Meltdown Again
Thanks and farewell to Steven Deobald
Gemini Links 30/08/2025: Low Tech and Hunchbin 1.0.6
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, August 29, 2025
IRC logs for Friday, August 29, 2025