Google Sign-In issues (fix and workaround available!)

[The-Compiler]

Given that information about this is a bit scattered at the moment, I'm opening (and pinning) this issue in the hope that it's easier to find that way. Here's what's going on:

Explanation

• Mid 2019, Google started blocking various smaller browsers from logging in to a Google account. This initially only affected few people, but seems to be rolled out to many Google accounts now (but not all of them, my own accounts are still unaffected...)
• Google claims that you're using "a browser [...] that doesn't allow us to keep your account secure". There's not much further rationale available for that claim - all I'm aware of is a blogpost titled "Better protection against Man in the Middle phishing attacks" where this originally was announced and a Google Help Center entry which also mentions that this change is targetting automation testing frameworks and browsers embedded in a different application. The change seems to affect much more than that - also see a Bleepingcomputer article and related Reddit discussions (/r/kde, /r/privacy and others).
• It looks like Google tries to block the QtWebEngine library which could indeed be used to build applications using a Google account by letting the user sign in and then "stealing" the cookie instead of e.g. using OAuth to log in and some API. It looks like blocking various browsers (including qutebrowser) just is collateral damage.

Fix and workaround

• Fortunately, it was discovered that setting the user agent to Firefox bypasses whatever weird check Google is doing.
• With qutebrowser v1.9.0 (2019-01-08), a content.site_specific_quirks option was added (see Site-specific quirks overview #4810 and Refactor user agent handling and introduce site-specific quirks #5157 for details). With it enabled (which is the default), qutebrowser sends a Firefox user agent for the Google Accounts page (and other problematic pages like WhatsApp), thus fixing the issue.
• As a workaround, you can get the equivalent of that fix by running :set -u https://accounts.google.com/* content.headers.user_agent 'Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0' (needs v1.2.0 or newer) (see below for an updated workaround)

Jan 2021 Update

According to some people, this might be coming back - but not all Google Accounts seem to be affected, or at least not to the same degree. If you're seeing this with your account, please answer here!

Aug 2021 Update

This came back for most (all?) accounts now, with the Edge user agent qutebrowser uses as a workaround in v1.14.0 (db13e52). Thankfully, the Firefox one still works.

See below for an updated version.

• The v2.3.1 release contains an updated workaround and should work out of the box
• For versions between v1.10.0 (inclusive) and v2.3.1 (exclusive), run :set -u https://accounts.google.com/* content.headers.user_agent "Mozilla/5.0 ({os_info}; rv:90.0) Gecko/20100101 Firefox/90.0" for an equivalent workaround.
• For versions between v1.2.0 (inclusive) and v1.10.0 (exclusive), use X11; Linux x86_64 in place of {os_info}.
• For versions older than v1.2.0, no workaround is available due to missing per-domain settings. Setting the user agent to Firefox globally is strongly discouraged as it breaks a variety of other pages.

October 2024 Update

• The v3.3.0 release contains an updated workaround and should work out of the box
• For versions between v2.3.1 (inclusive) and v3.3.0 (exclusive), a workaround is present, but with an older Firefox version. If you still have issues, try running the :set command from the next line.
• For versions between v1.10.0 (inclusive) and v2.3.1 (exclusive), run :set -u https://accounts.google.com/* content.headers.user_agent "Mozilla/5.0 ({os_info}; rv:131.0) Gecko/20100101 Firefox/131.0" for an equivalent workaround.
• For versions between v1.2.0 (inclusive) and v1.10.0 (exclusive), use X11; Linux x86_64 in place of {os_info}.
• For versions older than v1.2.0, no workaround is available due to missing per-domain settings. Setting the user agent to Firefox globally is strongly discouraged as it breaks a variety of other pages.

[The-Compiler]

Also, let me add my personal opinion on this, from an earlier mailinglist mail:

I wouldn't be surprised if Google just blocks pretty much everything other than Chrome and maybe Firefox. It's ridiculous, but it's yet another sign showing that maybe it isn't a good thing to make yourself dependent on Google - you're absolutely at their mercy, and they don't exactly have a good track record.

I've once tried helping someone who only got an internal server error when trying to open an important attachment of an older mail in GMail. We contacted Google Support, and as you'd predict, nothing happened.

Given that Google really doesn't care about its users, your only option is either switching browsers, or moving away from Google. I did the latter years ago[*]. Seeing what's going on here, this absolutely was the right decision, but I'm aware this isn't something everyone can realistically do...

[*] At least for stuff like Calendar and Mail. I still use Youtube (mostly via mpv/youtube-dl), Google Play and sometimes Maps (mostly switched to Openstreetmap/OSMand).

[JonnyHaystack]

Sorry for being possibly a bit off-topic, but out of interest what replacements do you use for GMail and Google Calendar?

[The-Compiler]

• GMail: uberspace - other providers I've seen people use are (in no particular order) Posteo, Protonmail and Tutanota.
• Google Calendar: I host a Nextcloud instance on uberspace (guide) and use DAVx⁵ to sync it with Android.

[JonnyHaystack]

Thanks! I'll check out all of those

[The-Compiler]

For anyone watching this issue: I just released qutebrowser v1.9.0 with the fix.

[jb55]

Sorry for being possibly a bit off-topic, but out of interest what replacements do you use for GMail and Google Calendar?

I run radicale and sync with DAVx⁵ as well. radicale works great! I haven't had any issues with it.

[The-Compiler]

I don't want to turn this into a conversation about Google, but either way: I just read Why I quit using Google – Kyle Piira which is a nice (even if horrifying) post which lists some more alternatives.