Curious if you belong to mailbox or if you are just an ultra-fanboy that doesn‘t allow any critisism of his favorite service. But alright lets go into detail:
„So the user can still use 2FA if they want“
Yes, but the big problem is that they only backpaddled after some users made posts and critized this feature heavily. It was not by mistake, instead the mailbox team decided on purpose that its ok to bypass 2FA with an IMAP Application password.
„Cry about it. Not a good reason to remove mailbox“
Lol what an attitude. The fact that they are far behind the other competitors is of course not the only reason to remove the service but instead the cherry on top why it should be removed. If they would offer any meaningful advantage over the competitors or even be on-par with them would make this vulnerability (and the other security issues) maybe more tolerable, but they have worse security while also being behind with other topics → a dealbreaker
„You can view which devices are logged in in the dashboard settings.“
Great, so they now fullfill 1 out of 6 points I mentioned. Not really a good argument. They still don‘t have failed logins, recent actions like password changes. No notification when 2FA was activated, when password was changed, when IMAP password has been created.
„Not really anti-privacy features.“
„Not really an anti-privacy feature so moot point.“
Looks like somebody does not understand that security and privacy are often depended on each other. But ok, if you want to hear how bad they can be regarding privacy:
A few months back for about 9 hours emails from a catch all accounts were displayed in other mailboxes withing the same domain.
Very private to have your emails visible in another accounts…
„Mailbox is still the best email provider that supports third party email clients“
„Mailbox is the best in its class“
„Still, Mailbox is the best for the average user.“
How can you seriously still claim something like that after all those arguments?