Comments for Xoopit: Proof that Gmail Needs a Better API

Xoopit: Proof that Gmail Needs a Better API

2008-03-31T18:52:34Z

Email media management application Xoopit launched in private beta today (invite link below) and announced a $5m venture round from some big backers. Would a good feature set and reputation be enough for you to hand over your Gmail username and password to this application? It's not good enough for me.

Xoopit is aimed at the widespread practice of sharing media like photos, vidoes and PDFs by email. If anyone but the big webmail vendors is going to launch an "inbox 2.0" type product, though, there's going to have to be a better API that lets me access content without giving up my password.

]]> Xoopit lets you view, sort and share all the media in your GMail inbox through a web page, Firefox plug-in or Google Gadget. Integration with other webmail programs is coming soon. It's a pretty good experience, though readers here probably run in more sophisticated circles where plenty of media is shared on websites dedicated to that purpose. None the less, this could be a particularly good example of a mainstream end-user opportunity to leverage data portability - if it were able to be done correctly.

Xoopit doesn't offer a Flash player to listen to music or view PDFs in your inbox, you still have to download those locally and consume them with other applications. (See PDFmenot.com, by the way.) The service may be appealing to more mainstream users who communicate almost entirely through email. Will those users give up the usernames and password to their email accounts, though?

If you'd like to try it out yourself, you can access a beta account through this link. We've written about email password horror stories here before and RWW does take any responsibility for anything that happens if you give a third party yours.

We Need Webmail Content APIs

Gmail released a Gmail Contacts API this month. That's a great way to see who among your friends uses a new application you're using. It does not allow access to the content of your emails, however. All the webmail vendors, most prominently Yahoo!, are working on creating an "Inbox 2.0" experience for users - moving beyond simple one-off messaging and offering an Attention Data driven, media savvy communication hub.

Should users demand more portability, though, for the actual content of our email? Secure portability of content into the hands of 3rd parties seems like a vital step in enabling a whole ecosystem of innovation. Otherwise instead of best practices in user authentication, we get stuck with virtual home decorators unable to anything for us unless we give them a copy of our house keys. At least the people in an analogy like that would be licensed and bonded. Let some brand new web app startup into my email account, with my username and password? No thanks.

Comment from Tom Liv on 2008-03-31

2008-03-31T21:15:51Z

"...RWW does take any responsibility for anything that happens if you give a third party yours."

That's REALLY kind of you!

Comment from rick gregory on 2008-03-31

2008-03-31T21:35:36Z

Spot on Marshall. I read about this over on CNET a few minutes ago and got to the part about handing over my username and password... and immediately lost interest. These folk might be the nicest, most ethical people on the planet - but I'm NOT handing over my username and password.

The industry is sending out contradictory messages right now - manage your online reputation, guard against ID theft... but give your login information to cool new services. We absolutely need some way for those to both happen and not be contradictory.

Comment from Brian on 2008-03-31

2008-03-31T22:45:32Z

Some things don't need an API. Email content is one of these things. Once you make something portable, it automatically becomes a little more insecure. For example, my mobile phone is a little more insecure than my laptop, which is a little more insecure than my desktop, which is much more insecure than the unwired, stationary ENIAC that's sitting in some coffer somewhere. I think Google's done more than enough in offering content portability by offering IMAP access in addition to POP.

Comment from Jonathan Katzman on 2008-03-31

2008-03-31T23:04:10Z

Hi, this is JK, one of Xoopit's founders. We've seen the comments regarding email passwords and privacy issues here and elsewhere. You can think of Xoopit as a mail client, which makes it possible for you to access your mail data. We use industry best practices to secure our service and encrypt your password and have rigorous internal policies on the same.

We just put up a very frank post on our blog on how we manage your data (and we link back to Marshall's post, as we want the same APIs he's describing here).

http://blog.xoopit.com/2008/03/how-xoopit-mana.html

Please comment or email me if you would like to have a further conversation on this.

Comment from Oren (Hydra) on 2008-03-31

2008-03-31T23:37:13Z

OR...

It seems as if you can give xoopit ANY valid gmail login info, but use it on all your accounts. The plugin is native to the browser, not the account, so you can just signup an empty new gmail, plug that info in, but use it on your real account...

Comment from JeanHuguesRobert on 2008-04-01

2008-04-01T09:44:20Z

"Mailbox as a Filesystem"

When is it that I can "mount" my Mailbox in my PC's filesystem?

Comment from Lenwood on 2008-04-01

2008-04-02T04:15:29Z

I agree to a point, but for me the argument loses some merit when you consider that the mail in your Gmail account belongs to you but its stored on Google's servers. A couple of years ago I read that they never delete anything from their servers. You may delete a message from your inbox, but it stays with Google indefinitely. Having said that, you definitely raise some good points here. The bottom line is that Google should offer advanced APIs. Does anyone know of a link or address where we can petition Google?