I can confirm just about all of this because of a recent job in this space. Whatever you do, do not do two way sync with Google's CardDAV servers or you will end up with a lot of lost data.
I wonder if they should even be allowed to call it CardDAV since you'd expect it to actually adhere to the standard.
Google is large enough not to care about this though, as long as it works with their address books on Android phones it is probably good enough for them.
Note that this post seems to be from 2014 and the situation isn't much better today!
They also operate "SMTP servers" that violate the applicable RFPs, have done so for many years, and are not concerned about the potential damage that can result:
https://lee-phillips.org/gmailRewriting/
You don’t seem to understand the standards you are complaining about. You are using mail submission, not relaying. RFC5321 specifically says that it does not cover submission, and defers to RFC4409 (3.6.1) which specifically allows From header rewriting (8.8).
If you’re going to complain about the standards-compliance of other people's services it’s important to understand the standard first.
After considering some of the comments below, I retract my statement that Google is violating the relevant RFPs. They are operating their servers in violation of reasonable user expectations, and potentially causing harm in doing so, but they are still, strictly speaking, in compliance. I plan to update my article to reflect this.
This does suck, but you can actually use From: aliases if you set them up first in the Gmail interface. You also have to enable two factor auth. Hard to be too mad about spam fighting measures.
I doubt their poor compliance to standards is done maliciously. I'm guessing it's more about needing some service, finding an open standard or code that does what they need, making changes that are convenient for them, then moving on to the next project.
I think to get past such issues with providers like this, you first need to understand what it is and what it is not.
Forget the brochure, the ads and the nice tutorial, those are NOT CardDAV/SMTP/IMAP/... servers. What they are instead are ways to access their own proprietary special thing using standard protocols that your software and tools already supports, if you can't use the dedicated api.
It applies to pretty much every system for which Google has made their own thing, with their own api (contact api, mail api, ...), and then offer an alternate way to access their system by standard protocols.
And what this means is that the ruling system is the underlying one, the one which can be accessed in several ways, including that standard protocol. If their contact system discards the field "foobar" because it doesn't want it, then it doesn't matter if CardDAV says it should be kept.
Sure Google should totally make this clearer, and sure as an user I'm not a big fan, and yes I totally understand and agree with the "but as a result they break the standard, lose data and cause unexpected behavior and that's terrible", but from a purely engineering perspective it also makes total sense as to why those things happen this way, and is actually rather predictable.
You're feeding data to a special system that just so happens to have a CardDAV/SMTP/IMAP/... endpoint plugged on top of it. Of course that endpoint doesn't rule how the special system will behave.
And frankly any one who has had to build/support that kind of "api on top of an api" for some time has faced that sort of situation before.
In fact you don't need to go that far; I mean how many of your web applications take PUT or DELETE requests ? The HTTP protocol certainly says it should work and the http server you're using supports it. And let's not talk about all those sites that give a full page answer to a HEAD request.
PS: again, I am most definitely NOT saying I like that it works that way, I'm just saying ... "well no big surprise there".
The distinction between being a "real CardDAV server" and being a server that exposes CardDAV is undefined and irrelevant, possibly non-existent. There is a spec, and if you implement it, you have a server that implements that spec. That's it.
You can of course deviate from certain parts of the spec... dropping unknown fields as you mentioned might be a reasonable tradeoff. But then that deviation has to be documented. It isn't.
You're completely leaving out the other issues that the author describes: Timing out TCP sessions, discarding UIDs. Both things are not reasonable design choices in any world. And then the response to bug reports.
Address books, calendars and task list contain private and sensitive data by their nature. We believe that individuals and companies should be able to be in full control of their own data. This means the freedom to choose where and how the data are stored, and freedom in choice of software. CalDAV/CardDAV are open protocols and thus can be used with various server and client software.
Setting up your own CalDAV + CardDAV server such as Radicale is easy. Chances are if you are reading HN, you can do it yourself. Do it.
I recently upgraded from Radicale 0.10 to 2.x. One of their migration scripts didn't work correctly for the calendar, but since I was in control of the data, I could just look at the ics file, see what they were doing, and write a small python script to do it myself.
If anyone wants to do it in Docker, I have a really simple Dockerfile here:
Recently switched to Radicale, and it is pretty much setup-once-and-forget. Highly recommended. I'm using the tomsquest/docker-radicale image, if anyone else wants to set it up.
Like many google skeptics I moved to Fastmail. Fastmail have accounts and calendar that you can access over CalDav and CardDav with DAVdroid, which is exactly what I do.
For CalDAV: http://agendav.org/ is much prettier than infCloud, but actually has it's own php-backend and mysql database. A bit heavier and is not strictly only-CalDAV. Could be a viable solution though.
For CardDAV: https://github.com/owncloud/contactscould be used as a frontend, since it advertises it's talking to CardDAV-backend, but it's not actually deployable as a standalone interface.
It's better than infCloud both architecture-wise and UI-wise, and could be the best opensource solution available, if you're willing to adapt this frontend to stand-alone usage (or integrate into whatever you need it for)
Seconded. I did this myself a few months ago and it is not hard at all.
I used to feel sufficiently uncomfortable about handing reams of personal data to Google that it stopped me using calendar services on my phone - so it's actually made an appreciable difference to my life.
Slightly related: try to sync an external calendar feed in iCalendar format (also used in CalDAV) with Google Calendar.
Google Calendar will use random intervals to synchronize. Often taking more than 24 hours... which is, in most use cases, quite useless.
Sync in the same way with Facebook's event feed (same format) and changes appear within minutes.
This has been the case for years. Google Groups are full of questions about this.
I don't want to demand anything from a free product (Google Calendar is very useful in many ways). But somehow some feedback about 'shortcomings' like these would be hugely appreciated.
This (good, but sad article) is actually about "How" it's different, not "Why".
Why don't they care at all about standards? I don't know; they talk a good game. At least some companies who violate standards are open about it -- Google trumpets it but often simply pays lip service.
Relevant: The author of the post worked on Sabre/dav, an open source CardDAV/CalDAV server (linked at bottom of the post). Unfortunately, it is no longer under development: http://sabre.io/blog/2017/development-on-hold/
Google doesn't like existing standards, and have generally been bad stewards of their power in that place, they like to make new ones though that they expect everyone to jump on. I am wondering if the engineers and product developers are still in charge at Google?
Readit News
I wonder if they should even be allowed to call it CardDAV since you'd expect it to actually adhere to the standard.
Google is large enough not to care about this though, as long as it works with their address books on Android phones it is probably good enough for them.
Note that this post seems to be from 2014 and the situation isn't much better today!
They also operate "SMTP servers" that violate the applicable RFPs, have done so for many years, and are not concerned about the potential damage that can result: https://lee-phillips.org/gmailRewriting/
If you’re going to complain about the standards-compliance of other people's services it’s important to understand the standard first.
Forget the brochure, the ads and the nice tutorial, those are NOT CardDAV/SMTP/IMAP/... servers. What they are instead are ways to access their own proprietary special thing using standard protocols that your software and tools already supports, if you can't use the dedicated api.
It applies to pretty much every system for which Google has made their own thing, with their own api (contact api, mail api, ...), and then offer an alternate way to access their system by standard protocols.
And what this means is that the ruling system is the underlying one, the one which can be accessed in several ways, including that standard protocol. If their contact system discards the field "foobar" because it doesn't want it, then it doesn't matter if CardDAV says it should be kept.
Sure Google should totally make this clearer, and sure as an user I'm not a big fan, and yes I totally understand and agree with the "but as a result they break the standard, lose data and cause unexpected behavior and that's terrible", but from a purely engineering perspective it also makes total sense as to why those things happen this way, and is actually rather predictable.
You're feeding data to a special system that just so happens to have a CardDAV/SMTP/IMAP/... endpoint plugged on top of it. Of course that endpoint doesn't rule how the special system will behave.
And frankly any one who has had to build/support that kind of "api on top of an api" for some time has faced that sort of situation before.
In fact you don't need to go that far; I mean how many of your web applications take PUT or DELETE requests ? The HTTP protocol certainly says it should work and the http server you're using supports it. And let's not talk about all those sites that give a full page answer to a HEAD request.
PS: again, I am most definitely NOT saying I like that it works that way, I'm just saying ... "well no big surprise there".
You can of course deviate from certain parts of the spec... dropping unknown fields as you mentioned might be a reasonable tradeoff. But then that deviation has to be documented. It isn't.
You're completely leaving out the other issues that the author describes: Timing out TCP sessions, discarding UIDs. Both things are not reasonable design choices in any world. And then the response to bug reports.
Has to be documented in order to do what? To claim to be standards compliant? Do they ever make that claim?
Address books, calendars and task list contain private and sensitive data by their nature. We believe that individuals and companies should be able to be in full control of their own data. This means the freedom to choose where and how the data are stored, and freedom in choice of software. CalDAV/CardDAV are open protocols and thus can be used with various server and client software.
Setting up your own CalDAV + CardDAV server such as Radicale is easy. Chances are if you are reading HN, you can do it yourself. Do it.
If anyone wants to do it in Docker, I have a really simple Dockerfile here:
https://github.com/sumdog/bee2/tree/master/dockerfiles/Radic...
It's a bit messy to set up but the config file is extensively documented and you generally only need to touch it in the initial setup.
[0]: https://www.inf-it.com/open-source/clients/infcloud/
For CardDAV: https://github.com/owncloud/contacts could be used as a frontend, since it advertises it's talking to CardDAV-backend, but it's not actually deployable as a standalone interface. It's better than infCloud both architecture-wise and UI-wise, and could be the best opensource solution available, if you're willing to adapt this frontend to stand-alone usage (or integrate into whatever you need it for)
I used to feel sufficiently uncomfortable about handing reams of personal data to Google that it stopped me using calendar services on my phone - so it's actually made an appreciable difference to my life.
Google Calendar will use random intervals to synchronize. Often taking more than 24 hours... which is, in most use cases, quite useless.
Sync in the same way with Facebook's event feed (same format) and changes appear within minutes.
This has been the case for years. Google Groups are full of questions about this.
I don't want to demand anything from a free product (Google Calendar is very useful in many ways). But somehow some feedback about 'shortcomings' like these would be hugely appreciated.
Why don't they care at all about standards? I don't know; they talk a good game. At least some companies who violate standards are open about it -- Google trumpets it but often simply pays lip service.
That's just terrible. Why would such a thing be implemented ?
The only valid explaination I can think of, is to deter abuse. But even for that there are better solutions than this.