[HN Gopher] Show HN: I made a Chrome extension to clean up your ...
___________________________________________________________________
Show HN: I made a Chrome extension to clean up your Gmail inbox
locally
Hi everyone, My motivation for building this was to address the
trouble of mass unsubscribing from unwanted emails and deleting
bulk emails while ensuring privacy and control over the process.
With this Chrome extension, emails are not sent to any external
servers. All calls to the Gmail API happen locally on your device.
Feedback and suggestions are welcome!
Author : thefisola
Score : 79 points
Date : 2024-05-15 14:33 UTC (8 hours ago)
(HTM) web link (www.inboxpurge.com)
(TXT) w3m dump (www.inboxpurge.com)
| hansoolo wrote:
| Funny! I am working on something similar for myself. But not
| restricted to just Gmail. I really want to clean up this mess in
| my accounts.
|
| How did you go about the unsubscribe functionality? Also, I think
| I saw that Gmail has that feature themselves now.
| thefisola wrote:
| Oh that's cool!
|
| As at Febuary, Gmail introduced new guidelines for bulk email
| senders to make it easy unsubscribe from by adding a value for
| "List-Unsubscribe"
|
| https://support.google.com/a/answer/81126?hl=en&visit_id=638...
|
| So unsubscribing is simply a POST request to the value of this
| email header (List-Unsubscribe) - which is a link and comes as
| part of the email headers in the Gmail API response
|
| The alternative approach is to parse the content of the email
| and use regex to get the unsubscribe link using the likely
| words. e.g links with words like: unsubscribe, opt-out etc..
|
| Yes, Gmail has the unsubscribe functionality. Unfortunately,
| you cannot mass unsubscribe. If you have over 100 unwanted
| subscriptions you would have to unsubscribe from each one at a
| time.
|
| Hope that helps you
| hansoolo wrote:
| >Yes, Gmail has the unsubscribe functionality. Unfortunately,
| you cannot mass unsubscribe. If you have over 100 unwanted
| subscriptions you would have to unsubscribe from each one at
| a time.
|
| That is a valuable info. Thank you!
|
| >The alternative approach is to parse the content of the
| email and use regex to get the unsubscribe link using the
| likely words. e.g links with words like: unsubscribe, opt-out
| etc..
|
| That's how I started to implement it. But then again you will
| need to go through every unsubscribing process manually...
|
| Best of luck with your extension!
| thefisola wrote:
| Thank you!
| toisanji wrote:
| nice work, I wouldn't pay monthly for this, but I would buy a one
| time license.
| thefisola wrote:
| Thank you! I appreciate. I'm happy to help if you have any
| questions or feedback.
| netsharc wrote:
| I don't get it...
|
| > With this Chrome extension, emails are not sent to any external
| servers.
|
| Don't you have to send an "Unsubscribe" email? To an external
| server?
|
| > All calls to the Gmail API happen locally on your device.
|
| Aha, you mean in comparison to a "SaaS" where these things happen
| on a third party server...
| thefisola wrote:
| I assume you've answered your question but just to explain
| further:
|
| So generally in order to actually help you mass unsubscribe
| from unwanted emails, most email cleaning tools handle your
| email data on their server. The process of parsing email data
| to fetching unsubscribe links or unsubscribe instructions etc..
|
| So there's a trust problem where some tools have been caught
| selling user data:
| https://www.nytimes.com/2017/04/24/technology/personal-data-...
|
| So the goal here with InboxPurge is to move all these processes
| related to your email data to your device(browser), ensuring
| your privacy.
| philsnow wrote:
| In another post, you mention that there's a header that can
| include an https link to POST a request to unsubscribe. So
| this extension and anything like it must be able to read
| email and send POSTs to arbitrary endpoints[0].
|
| > ensuring your privacy
|
| But only if we trust the extension author (and the authors of
| all of the transitive dependencies) to be neither malicious
| nor incompetent... right? I don't know of resources that
| explain _exactly_ what actions each permission in the
| manifest grants the extension to perform, nor a
| characterization of the execution environment of extensions.
| Do all browsers handle these matters similarly? Does some
| browser provide any more isolation or sandboxing than any
| other?
|
| _Edit: by no means did I mean to throw shade or cast doubt
| on your extension, I'm just grumpy in general and in
| particular about browser extensions, since nowadays "the
| browser is the OS"._
|
| [0] or maybe there's a gmail api that does it for you, and
| this extension actually can't make arbitrary http
| connections?
| thefisola wrote:
| I might be misinterpreting your question but I'll try to
| explain further, hopefully it makes sense:
|
| So the way most email cleaning tools work is:
|
| - Scan your emails for all your subscriptions - via Gmail
| API - Each subscription has a link, that link is what is
| used to unsubscribe the link can either be in the email
| header or email body - This can be a POST request or a GET
| request, in some complex cases a mail send to unsubscribe -
| With this link for each mailing list, mass unsubscription
| can happen
|
| So the main difference here is, other tools do this on the
| third-party servers. InboxPurge does this on your
| browser/device (specifically the email scanning bit).
| Making HTTP requests to the Gmail API from your device.
|
| Yes, it's also possible to build a browser extension that
| does this on a third-party server.
|
| *Other things happen depending on the email cleaning tool
| but I've tried to simplify to explain better.
|
| Hope it was helpful.
|
| You can find the list of browser permissions a Chrome
| extension can request for here: https://developer.chrome.co
| m/docs/extensions/reference/manif...
| dvh wrote:
| I've set up a filter that moves emails that contains word
| "unsubscribe" to trash.
| thefisola wrote:
| Filters only affects new incoming emails. If that's your
| intention, then that works perfectly. Of course this also means
| you never want to see a newsletter in your Inbox.
|
| In cases where you want to mass delete older emails that you
| previously subscribed to, you might find InboxPurge useful.
| ncocacola wrote:
| You can apply filters to older emails.
| thefisola wrote:
| Oh interesting, didn't know this
| fckgw wrote:
| Did you know you can just click the unsubscribe button and then
| you won't need a filter?
| abirch wrote:
| I assumed that if you hit unsubscribe they would immediately
| sell your email. I've seen a lot of spam sent with an
| unsubscribe option.
| cynicalsecurity wrote:
| Don't click on unsubscribe, click on report spam instead,
| without unsubscribing.
| jabroni_salad wrote:
| Unfortunately I have found that a lot of transactional mails
| include unsub links even on things that maybe I should not
| unsubscribe from, like receipts and billing statements and
| customer service interactions that I initiated and thought had
| gone unanswered.
| lxe wrote:
| When you say "locally" it usually means it uses the browser's API
| to navigate the inbox and perform whatever actions necessary.
| This extension instead requires pretty intrusive permissions,
| just like the alternative competitors (which are under fire for
| selling your data).
|
| I appreciate that you state that "data doesn't leave your
| device", but the whole point of "local" extension is that I don't
| have to take your word for it.
| thefisola wrote:
| "Locally" here means, calls to the Gmail API are triggered
| directly from your browser(device) not on any third-party
| servers.
|
| I totally understand your concern. Unfortunately, to perform
| those actions(unsubscribe/delete etc..) on your behalf while
| using the API, those "intrusive" permissions are required. If
| it wasn't needed, Google oauth verification team would not have
| approved.
|
| I tried to explain the usage for each permission here:
| https://www.inboxpurge.com/permissions
| saurik wrote:
| But if you are a browser extension I would have expected you
| wouldn't need your own permissions at all: you would either
| be scripting the UI of the client to accomplish your goals or
| stealing its authentication.
| lanternfish wrote:
| Stealing the authentication is arguably way more invasive
| than this strategy.
| saurik wrote:
| I mean, we can argue lots of things, I guess ;P, but an
| extension already has access to that authentication
| token, and pretending otherwise is a bit...
| "performative"? The expectation I have with an extension
| --as someone who used to manage an entire ecosystem of
| such extensions of native software for a decade--is that
| it is a true extension of the application that it is
| extending, similar to if we had the original source code
| to patch.
| thefisola wrote:
| Tbh I didn't really consider this approach as I didn't
| think it was possible (that's if it is). Also I'm not so
| comfortable with hijacking authentication session. I very
| much prefer making the user actually grant permissions to
| the required scopes and making it clear what the access is
| used for.
| AgentME wrote:
| As someone with a lot of experience in working on a Chrome
| extension that interacts with Gmail specifically, there are
| two reasons I'd expect an extension like OP's to integrate
| with the official Gmail API instead of poking the Gmail web
| app's internal API directly: 1) the official Gmail API is
| stable, documented, and doesn't take reverse-engineering to
| use, and 2) the Gmail web app's internal API is pretty
| strongly rate-limited for some actions.
|
| If an extension only does actions involving the UI and data
| visible on screen within the Gmail webpage at a regular
| user pace, then I wouldn't expect it to strictly need the
| official Gmail API much. But this would mean the extension
| can't operate on emails that aren't on the current visible
| page, etc.
| ssernikk wrote:
| I like your attitude, but this statement:
|
| > while ensuring privacy
|
| ...is rather contrary to gmail's whole business model.
| jokoon wrote:
| I would rather be able to see statistics about the domains of the
| email I receive instead, to see offenders etc. I already created
| a lot of filters for that, which helps a lot do some cleanup.
|
| Also, I seem to have a lot of attachments, like a lot, and I
| can't clean them up, because gmail doesn't let me see the
| datasize clearly.
|
| I downloaded my mail as an export, I think EML, I wanted to build
| a mail list myself to see attachments with a python script, but I
| think gmail doesn't export all the metadata of how mail are
| chained with each other and such.
|
| Unfortunately, I think your extension cannot really do statistics
| on an existing mailbox, to see a map of mail counts per domain.
| thefisola wrote:
| At the moment the extension's side bar shows mail count per
| sender, not domain. You can also order from highest to lowest.
| Does that suffice for you?
|
| You're right Gmail does not show the datasize clearly, but to
| get emails with large attachments, you can use search filters
| like: "larger:15M", where 15M is 15 megabytes. It's not exactly
| what you want but might help
| JoBrad wrote:
| That reminds me of xobni, which MS acquired years ago. It was
| pretty awesome, when it first came out.
| siscia wrote:
| Gmail API gives you the email file as MIME file.
|
| From there is a bit up to you and depending on actually what
| data you get.
|
| But I had a reasonable simple time with parsing it and getting
| data out of it while building https://getgabrielai.com
| Ahmd72 wrote:
| Nice extension, though due to the permissions it asks for its not
| for me. I did browse around the CRX source code and would have to
| say the license part is easy to bypass. You might want to work on
| that if you don't want to miss on some of your sales.
| thefisola wrote:
| Thank you
| kleiba wrote:
| I recently made my first Firefox extension and was surprised how
| simple it actually was (just for personal use: I had to
| repeatedly copy lots of data which I already had in a spread
| sheet into a web form - the extension lets you copy a whole row
| of data from the sheet and paste in into consecutive form fields
| on the website). As usual, it's not clear whether it was actually
| less work to develop the extension than it would have been to
| just manually put in all the data, but it was definitely better
| for my mental health.
|
| Perhaps I will look into developing more serious extensions in
| the future, it was actually a quite pleasant experience.
|
| Is it fair to say that developing extensions for Chrome is
| comparable?
| thefisola wrote:
| Cool!
|
| Yes it's pretty similar. There just some minor API differences.
| e.g
|
| Chrome - chrome.tabs.query(queryInfo) Firefox -
| browser.tabs.query(queryInfo)
|
| So you could easily port any firefox extension to chrome and
| vice-versa using the same codebase.
| kleiba wrote:
| Oh, it's _that_ similar? That 's actually really cool then.
| insin wrote:
| For extensions which primarily add functionality to a target
| site, you can usually run the exact same extension code in
| Chrome, Firefox and Safari.
|
| The latter two have API differences from Chrome - e.g. using
| the `browser` namespace for extension APIs instead of `chrome`,
| and Promises instead of callbacks for async functionality - but
| for the sake of compatibility they also implement Chrome's
| version of these APIs [1][2], so if you just use the Chrome
| APIs and don't venture into the more browser-internal APIs such
| as bookmarks, the same extension code will likely run
| everywhere, with some specific differences/incompatibilities
| noted in the docs below.
|
| If you were to create a new cross-browser extension today, one
| of the main issues would be that Chrome Web Store no longer
| accepts new MV2 extensions so you have to use MV3 for it, but
| MV3 in Firefox currently has some serious usability issues
| around permissions which are being addressed in upcoming
| releases [3] so you'll want to use MV2 for it, however this
| likely just means you'd need to have separate MV2 and MV3
| manifest.json files which get bundled into different zip files
| for submission to the different browser extension stores. I had
| to do this recently for one of my extensions [4]
|
| [1] https://developer.mozilla.org/en-US/docs/Mozilla/Add-
| ons/Web...
|
| [2]
| https://developer.apple.com/documentation/safariservices/saf...
|
| [3]
| https://blog.mozilla.org/addons/2024/05/14/manifest-v3-updat...
|
| [4] https://github.com/insin/control-panel-for-
| twitter/commit/59...
| pspeter3 wrote:
| I still wish GMail supported deleting attachments without
| deleting the whole email.
| JZL003 wrote:
| I go through a lot of emails and what I love recently is being
| able to sort by sender - then all the emails from the same person
| are together and it's easier to skim through ("yup, all these are
| uneeded except this unusual one")
|
| Annoyingly thunderbird allow but not gmail, so I wanted to use
| thunderbird. But it doesn't easily allow archive-ing, like GMail
| does.
|
| Contrived but still easy solution: tag all your inbox you want to
| go through with two labels SetA and SetB. Open SetA in
| thunderbird, using `a` to remove emails from SetA as if you
| archived. Then in GMail, use the search `label:setB - label:SetA`
| and it gives all the emails you wanted to archive. Archive those
| and done
| aragonite wrote:
| I believe it's technically possible in Gmail by turning off
| conversation threading in the settings.
|
| Unfortunately there doesn't seem to be any quick way of
| toggling between threaded and non-threaded.
| siscia wrote:
| If you go through a lot of emails, you may be interested in a
| small product I have developed.
|
| GabrielAI (https://getgabrielai.com) can filter your emails
| given a GPT prompt and then make a special action, like
| drafting a reply or apply a label.
|
| I am now introducing a digest if emails. So that every 6 hours
| (or whatever time) you receive an email with the summary of all
| the unread emails in your inbox.
|
| It is free for now, but the summary feature is hide by a
| feature flag.
|
| If you are interested, I can ungate your account.
| RyanShook wrote:
| I wish it were clear this was a paid subscription up-front.
| thefisola wrote:
| It's free for up to 20 mailing list unsubscribes/deletes per
| month. You only have to pay if you want unlimited access. It's
| made clear on the landing page. Sorry if 20 was not enough for
| you.
| mateus1 wrote:
| I was looking for this for some time. Bought the 7-day license
| and it was useful.
|
| I would love to preview some emails (are these just promos or do
| they include receipts?), perhaps by hovering or clicking the
| sender.
| thefisola wrote:
| Thank you!
|
| Yes this is the actual working flow. When you click on a sender
| it should show the emails sent by that sender. Unfortunately,
| at the moment there's a bug. I'm waiting for a Chrome store
| review approval for the version with the fix to be published.
|
| I will reply here once it's approved
| nokun7 wrote:
| Can I use your extension to run stats on my inbox? Like I want to
| find which sender has been hogging my inbox space, by size and by
| frequency etc.
| thefisola wrote:
| The extension lists the mailing lists you're subscribed ordered
| by the frequency (the amount of emails the sender has sent),
| does that handle your usecase?
| nokun7 wrote:
| Yes, that is exactly what I want. Super cool.
| birdman3131 wrote:
| So this give very little info on how the bulk email deletion
| works.
|
| For instance at last look I had north of 40k emails from ebay. I
| can't just delete them all as I want to keep anything that is
| related to either an order I placed or an item I sold. I have
| went back 15+ years before to find part numbers before.
|
| But I have no interest in the 38000+ marketing emails from them.
| (I kinda wanna keep getting them but don't want them a week after
| I get them.
|
| And if I recall correctly the emails have often come from the
| same accounts so I can't even filter by that.
| siscia wrote:
| Would you pay for that?
|
| I developed GabrielAI (https://getgabrielai.com) an assistant
| for Gmail.
|
| You provide a GPT prompt and it scan all the new emails. If the
| email matches the prompt it will do an action. Either drafting
| a reply for you or set a label.
|
| It will be trivial to go through the whole inbox. But
| expensive.
|
| It is a nice feature to add though...
| hiatus wrote:
| Your privacy policy says this:
|
| > InboxPurge will only use your Gmail data accessed via the Gmail
| API to read or control Gmail message metadata (including
| attachment information), headers, and message content, to enable
| you to process (delete/move/archive/unsubscribe from) emails. It
| will not share this Gmail data with others unless required by
| law.
|
| But how can you share data if required by law when in a previous
| paragraph you say you are not collecting this data and it never
| leaves my device?
| parker-3461 wrote:
| Thanks for picking this up, I thought about trying it out and
| am very glad that you did go through it.
|
| I don't think I would touch it anymore.
| thefisola wrote:
| I already explained in a reply:
|
| "All these processes happen on your browser(device). The
| extension uses the Gmail API locally on your browser to
| perform all the necessary tasks. Your emails never get sent
| to any external server."
|
| Hope you give it a try.
| parker-3461 wrote:
| Sorry I feel like you really need to make the FAQ and legal
| terms a lot clearer.
|
| Otherwise I think a lot of people would be easily deterred
| by the current/similar statements.
|
| Thank you for sharing and taking the time to answer
| questions though.
| thefisola wrote:
| I totally understand. Unfortunately, that particular
| statement was required by Google OAuth verification team
| to verify InboxPurge. I'll figure out a way to make it
| clearer. Thank you.
| thefisola wrote:
| All these processes happen on your browser(device). The
| extension uses the Gmail API locally on your browser to perform
| all the necessary tasks. Your emails never get sent to any
| external server.
|
| I hope that answers your question.
|
| Edit: Just to add more context. The Google Oauth verification
| team requires that statement in the privacy policy.
| parker-3461 wrote:
| So what information "can" be shared with law enforcement
| agencies?
|
| And which jurisdiction is this service governed in?
|
| I think there is just many ambiguities which do not seem
| clear to me at all.
| thefisola wrote:
| I've added edit to explain why that particular statement is
| in the privacy policy
|
| It's technically not possible from InboxPurge's
| perspective. As there'd be no email information to share
| hiatus wrote:
| Just a heads up, you did not update the date of last
| update at the top of the policy following the changes you
| made.
| mock-possum wrote:
| I can't tell whether you're being cheekily obtuse or missing
| the point -
|
| If required by law to share that information, what steps
| would you take to fulfill that legal requirement?
|
| Is the implication that despite you being legally obligated
| to do so, you would in actuality have no method for sharing
| said information, and would therefore have nothing to offer
| law enforcement?
| thefisola wrote:
| I'm sorry if you felt like I was intentionally missing the
| point.
|
| I've added edit to explain why that particular statement is
| in the privacy policy
|
| It's technically not possible from InboxPurge's
| perspective. As there'd be no email information to share.
| pugworthy wrote:
| If data doesn't leave my device, how can you claim "37,414,937
| emails with our privacy-focused cleaner"? How do you know that
| number?
| thefisola wrote:
| We store stats like "unsubscription count" and "deletion
| count". Your emails do not need to leave your device for that
| data.
| alimbada wrote:
| I use a Google Apps Script to clean up my Gmail inbox. It runs
| daily, searches for various senders and/or subject lines which
| are older than a certain amount of time and moves them to the
| Trash/Bin. It runs without intervention and I've got it set up to
| report any failures back to my inbox. Since my workplace also
| uses Google I've even set up a Script for my work inbox on my
| work account. Various notification emails, e.g. from Slack get
| cleaned up if older than 3 days old.
| oski wrote:
| Can you share the code for this?
| alimbada wrote:
| Done: https://gist.github.com/alimbada/5bc5878338ead31b6308ac
| 9fd74...
|
| The queries are the same as what you'd type into the Gmail
| search bar to filter emails so you can test them out in Gmail
| and then add them to the list. I've added a comment to the
| gist with an image showing the trigger to run it daily. You
| can run it manually from the Google Script editor too for
| testing.
|
| Edit: Forgot to mention I removed a bunch of queries and only
| left a few in as examples.
| palidanx wrote:
| I do something a little different, I tag all credit card
| payment notifications in a particular label, and wrote a google
| apps script where when a new entry is added, it adds it to my
| 'tasks'. That way I don't miss any credit card payments
___________________________________________________________________
(page generated 2024-05-15 23:01 UTC)