
Is it futile to un-Google? - tsagi
http://tsangiotis.com/is-it-futile-to-un-google
======
mulander
No it's not futile. Every little bit helps.

I switched from google search to duckduckgo. I still hit an occasional search
on google but that's a percentile of the searches they got from me before that
decision.

I host my own mail server. Yes I still have that gmail account for stuff that
are not important enough to migrate and look it up from time to time but the
majority of my personal email traffic now goes through my own server. They
still get some of my mail if the recipient is a gmail account but guess what?
It's not all of my mail.

I don't host files on Dropbox or the Google drive. I have my own owncloud
server on the same box as the mail server.

I host my own jabber server for real time chat - mostly with my wife as a lot
of people no longer use anything except google/facebook chats. I talk on IRC
with tech friends/work, jabber for personal stuff and once in a blue moon I
open up that g+ chat to check if someone wanted something from me.

I do my backups on tarsnap, feels great.

I run Linux for my work machine and OpenBSD for my private machine.

I do have an Android phone but I essentially stopped carrying it with me
everywhere. I hate being a slave of the phone, no longer have a mobile data
plan and I take the phone with me only when I really need to be reached.

Does Google know a lot about me? Yes. Are they still learning more from people
I communicate with? Yes. The point is, they are getting less information. I
already noticed a large quality drop in the accuracy of google
searches/youtube recommendations for my account.

Side effect from all of this is that people in my close circle of friends tend
to pick up some of the habits (duckduckgo & other small bits). You don't take
down a giant with one stroke, you cut it up piece by piece.

~~~
chmars
Aren't you worried about your data security? Yep, you've great skills but in
the end, ports are open and software needs to be trusted (although it cannot
really be trusted). Should I really expose an ownCloud installation to the
Internet?

~~~
mulander
Yes I am worried, and not extremely happy about ownCloud. I was thinking about
limiting access to it to my home IP but that limits the usability of sharing a
link to some pictures etc with friends.

Don't get me wrong. The whole setup is both a burden & a liability as suddenly
I am responsible for stuff that was done for me (security upgrades, proper
configuration, monitoring, backups). That's the price I decided to pay for the
ability to learn and control my own privacy. I may wake up to a hacked server
- that's true. On the other hand I could wakeup to Google banning my account,
then what?

~~~
chmars
OK, thanks, I like your mindset!

I sometimes envy my friends who simply don't care because they don't know …
and are happy as long as Gmail and iCloud are running.

------
yuvadam
Approaching the "to google or not to google" question is impossible without
stating your _casus belli_.

If you care about opsec, there are many reasons why you _would want_ to use
google services: e.g. a hostile actor will have an extremely hard time
stealing your emails from Gmail while there's a might higher chance you fucked
up a config on your self-hosted setup. Usually, as always, it comes down to
smart compartmentalization and using the right tool for the job.

Personally, the ethical perspective is a much stronger reason why to stray
away from data behemoths like Google and Facebook. First of all I believe the
"usefullness" of many of these services is over-exaggerated: Facebook
noawadays is more of a brainwashing service to expose you to "content" that
does nothing more than dull your mind and keep you mindlessly scrolling and
endless stream of irrelevant advertisements. But even if this isn't the case
for all online services, some come at a price I am personally not willing to
pay.

We are entering an era of digital slavery where our entire lives are managed
by data monopolies that are bound by no rules other than those they create for
themselves. I don't care how convenient these commercial services are, if the
price is giving up the sovereignty of my data, and the core liberties of my
human existence. I make a conscious choice to not be part of this system, and
we will all have to face this choice sooner or later.

For more on this topic, I highly suggest Aral Balkan's talk from re:publica
this year [1].

[1] -
[https://www.youtube.com/watch?v=jh8supIUj6c](https://www.youtube.com/watch?v=jh8supIUj6c)

~~~
manigandham
Useful to you != useful to others. That kind of generalization does no good.

These companies don't have billions of users because they produce nothing of
value.

If that value exchange doesn't work for you, just stop using it. But these
strange posts about "slavery" and "liberties" just seem out of place. It's a
corporation, like any other. What are you expecting?

~~~
afarrell
Your second sentence isn't strictly shown to be true. Heroin has millions of
users, but would you argue it provides value to people's lives?

~~~
manigandham
If you're going to bring it down to that kind of strange technicality then yes
- those people are using it because it provides them value in whatever form.

It's not up to you to judge what that value is and whether you think it's good
for them.

~~~
UnquietTinkerer
This is just playing games with microeconomic terms. However you choose to
define "value", using heroin is self-destructive and usually (always?)
irrational. If you choose to include that kind of behavior in your definition
of value then the word loses most of its useful connotations.

~~~
manigandham
No it doesn't - because that's the definition of "value". Anything beyond that
is your subjective interpretation.

------
mamon
I have a dream: I would like to have all the "cloud" services: Gmail, Dropbox,
Google Docs, online photo gallery, video streaming, etc. And I would like to
have them as downloadable software packages, so that I could buy my own
domain, set up my MacMini as a server and have all of the above services
hosted on the server I own and have full controll of. Do you think that's
possible to do ?

~~~
drdaeman
There are some steps in that direction. Two projects I know of:

\- [https://sandstorm.io/](https://sandstorm.io/)

\- [http://maidsafe.net/](http://maidsafe.net/)

I think I've seen some other projects but forgot to bookmark them (or maybe I
did but forgot to tag the bookmark...). Sorry.

Added: sadly, all those projects are about software packaging with a single-
click installers. I haven't ever seen a project that'd strive to have
installation and configuration recipes written in some configuration
management language using literate programming techniques, so the recipe would
act not as a mere set of instructions to the machine, but - _primarily_ \- as
an article to the user, explaining what's going on, why it's so and where to
tweak the knobs. Like those "set up your own server" blog posts on steroids,
and with a "not interested in details, just do this" button slapped at the
top.

~~~
Gmo
I would add Cozy Cloud : [https://cozy.io/en/](https://cozy.io/en/)

------
walkingolof
I switched from gmail to Fastmail
([http://www.fastmail.com](http://www.fastmail.com)) two years ago mostly
because I don't want to feed the monster. Surprisingly, in many ways, the move
was a step up in usability, I was prepared to scarify some comfort, but it
turned out that I didn't had to.

Fastmail offers everything I need, great mail client, calander, contacts,
notes, great app for both Android and iOS

I also got my family accounts on Fastmail, we ended up creating a family
account so we can share folders, calenders, contacts etc.

yes, it costs money, but I think its worth it.

*) I'm not affiliated with Fastmail in anyway, just think the service provided is great.

~~~
venomsnake
So instead of Google, fastmail have all of your email. Big improvement ... I
guess.

~~~
sigzero
Fastmail doesn't peak into your emails like Google does with gmail. That is a
big improvement.

~~~
krapp
How do you know?

~~~
lern_too_spel
He obviously doesn't know because he's wrong. Fastmail still analyzes mail for
spam and indexes them for search, among other text processing.

------
r3bl
I kind of found a sweet spot where I'm using a European-based email service. I
created my Google account with it, but I'm not really using it constantly
(just to comment on YouTube videos now and then and use Google+ like once a
week). I'm also using Google's Docs occasionally, but just to share the .pdf
docs with people I interviewed to show them a preview of the article that is
going to be public in a couple of days anyway. I'm using Facebook like once
per week (I don't have it installed on my phone), I don't own any Apple
products, I'm using OpenStreetMap instead of Google's Maps, I'm using
DuckDuckGo instead of Google's search (and I love it). On my laptop, I'm using
a Linux-based operating system. I'm perfectly happy. It's a perfect
privacy/usability combination for me.

I changed a lot of my habits since Snowden came out and I am perfectly happy
with it.

~~~
lucaspiller
> I'm using OpenStreetMap instead of Google's Maps

Do you have anything that provides turn-by-turn navigation and live traffic?

~~~
tdkl
You could try Here Maps, they've been bought by german car makers and doubt
they need to mine data.

------
runjake
A lot of people are recommending ownCloud.

After spending some time with ownCloud and pouring through it, I'll take the
relatively superior safety, security, and privacy of Google. I encourage any
doubters to examine the ownCloud source[1] and come to their own conclusions.

Migrate away from Google where you can, but do it in small steps with
rational, informed decisions.

1\. To head off the obvious response of "Then submit patches, make it
better!": That's akin to walking into a home fraught by fire and mentioning
the pictures could use a little dusting.

~~~
davexunit
I don't understand how you could possibly claim the Google Drive is in any way
more secure than OwnCloud. Proprietary software hosted in the cloud is
inherently unsafe, insecure, and not private. OwnCloud may not be the best
piece of software, but it can be audited by anyone and hosted on computers
that you trust. You have no idea if Google Drive is secure because it is
impossible for you audit it.

~~~
jqm
I use OwnCloud but I'm hopeful a better version in something like Python
emerges soon.

Have to agree with OP (who did audit the code as you suggest). PHP OwnCloud
feels a bit like a janky duck taped mess. I'm always a bit surprised it works
and it doesn't make me feel a whole lot more secure than using a provider like
MS, Dropbox or Google. I just like running my own stuff which is why I use it.

~~~
bildung
_> I use OwnCloud but I'm hopeful a better version in something like Python
emerges soon._

The web interface of Seafile
([https://github.com/haiwen/seafile](https://github.com/haiwen/seafile)) is
written in Python/Django. The server is C, though.

------
eps
> _51% of his emails passed through Google servers_

I was playing with an idea of an "off-Google email delivery" for Gmail
recipients. Basically they would get a short note saying that a reply to your
email is available, please pick it up [here], with a link leading to a TLS'd
page on a non-Google server. The same page would offer them an option of
replying to the conversation right there if there's a need to do that.

I'm pretty sure this would piss the hell off some Gmail users, but that'd be
exactly the point - to make them at least stop and consider that not
everyone's a fan of passing all their communications through Google.

Is there anything like this out there?

~~~
dreamfactory2
sound like linkedin, fb or some other messaging platform and equally annoying.
e.g. how do i search those messages or list them in threads and sent?

~~~
eps
You can't. But then why did you assume that I'd be OK with you letting Google
to index my replies?

~~~
codingdave
Once you send an email to someone, that content is no longer yours. I
understand why you might want it to be. But at its core, email is about
sending content to another person, and giving them control of what they can do
with that content. Ignoring etiquette, there is nothing stopping them from
copying it, forwarding it, printing it, publishing it, etc. Indexing it for
their own searches is hardly a bigger step beyond what they can already do
with any email provider.

~~~
eps
That was a rhetorical question. Sorry if it wasn't clear.

It was just to show that once you start talking about your own comfort and
convenience, it wouldn't hurt to consider if you'd be getting these at the
expense of other people. This has nothing to do with etiquette, and pretty
much everything with basic egoism. "But how would I search" remark above is a
good example of this. One's entitlement for comfortably searching their mail
history ends where my entitlement for keeping my replies off Google's radar
begins. It always works both ways.

------
thinkingoutloud
Here is a thought...

Email is supposedly a digital metaphor for snail mail. With snail mail, you
receive a letter in your mailbox (which you check every other day), and you
take the letter out, process it, and either store it somewhere safe or discard
it (POP).

That is how email used to work. At some point things changed so you no longer
regularly clear your mailbox, but you just open the letter, read it, and put
it back in (IMAP).

Actually, you no longer get the mail in the mailbox. You call the post office
and ask them to read the letter to you (webmail).

~~~
privong
Interesting way to think about it, but before POP, I think the snail mail
analogy would be something like: you'd drive to the post office (telnet/log in
to the compute terminal), open your letter and read it. Then possibly put it
back in your P.O. Box, or put it into a folder that's kept at the post office.

------
gnuarch
It's not futile to un-Google. Every little bit helps. It's not too difficult
to use another search engine, to choose a smaller email provider, to set-up
Thunderbird with Enigmail, to set-up Owncloud on a server and/or your own NAS.

------
psynapse
I run my own mail server, use GPG with Enigmail and I'm logged in to Wickr all
day.

I also use Orbot, Text Secure and Red Phone on my Mobile.

The problem that I have is that despite talking up these to my peers, no one
uses the secure channels. Even friends that created Wickr accounts message me
on Facebook.

------
hippich
i am probably repeating myself (but these topics repeat themselves too :))

If you are interested in switching away from Google, take a look at
[https://github.com/sovereign/sovereign](https://github.com/sovereign/sovereign)

It is ansible playbook to setup most of the stuff you need daily (and extras
on top) on own barebone dedicated/vp server. Super easy to get going. (not
"Install" button like easy, but nowhere close to pains of setting up mail
server, making sure antispam and dkim signing work, etc,etc,etc)

------
brudgers
Serious pursuit for a technical person probably winds up looking a lit like
Stallman's lifestyle...though perhaps with less fame and public purpose.

------
phantarch
For those who don't google and use many of the 'big' services: Do you also not
shop at large retail chains like Target or Walmart? Do you avoid Starbucks?
They all collect the information you give them, sell it, analyze it, and
figure out how to better get you to buy from them. I'm honestly curious if
it's simply an issue about the collection of your data or if it's an issue of
what data is collected.

~~~
dingaling
The difference is that Tesco only knows about one aspect of my life: grocery
shopping. I can handle that and contain the risk.

I don't use coffee shops but if I did they'd only know about my coffee
preferences and work patterns.

Google, however, with search, Gmail and Now alone knows _everything_ about the
lives of its users. And quite a lot about the lives of non-users with whom
they communicate.

------
out_of_protocol
Question to anyone: how hard it would be to integrate pgp (or pgp-like) thing
on browser level? would immediately solve all the headache. let's say:

Special UI for storing private/public pairs in a browser (private key never
leaves the PC) special javascript commands (assume some standard here) to
invoke native windows which can not be controlled via js. sign, type message,
encrypt. confirm this specific message is actually signed by specific person
(pretty trivial in terms of coding and bulletproof UI, except for "public
identity storage" part which exceptionally hard).

Looks like very simple htmlsomething standard could overturn all the state of
modern web privacy.

~~~
out_of_protocol
Someone (like gmail) can even do rich text editor for emails and stuff -
without compromising security. let's say separate sandbox w/o internet and
write access to cookies etc.

load scripts, css, images. show native window (clearly different than anything
js can do) with that rich text editor inside. user types message in, system
encrypts (and/or signs) the message. regular html page sees the result.

~~~
robryk
There is a Chrome extension that does something like that:
[https://github.com/google/end-to-end](https://github.com/google/end-to-end)

Obligatory warning: it's in an alpha state according to the readme, so you
shouldn't use it yet for real.

------
superuser2
Of course it's futile. The only thing that protects confidentiality is end-to-
end zero-knowledge encryption performed in open source code audited by
professional cryptographers, with a trusted system for distributing public
keys. Using indie or European providers is just window dressing. Your emails
will be in plaintext SMTP when they reach NSA fiber taps just like everyone
else's.

Running your own server just shifts your trust from Google to
DigitalOcean/Linode/AWS or your residential ISP (even less deserving).

I wish we would stop this navel-gazing about which providers to trust and
FUCKING ADOPT GPG ALREADY. It's been, what, 15 years?

~~~
dpc_pw
GPG sucks. I use it, I have a smartcard, I did subkeys, etc. I encrypt
backups, I log with it to ssh. And it sucks. It sucks so bad, that I don't
even know why I am doing it. There are just so many technical glitches, not to
mention all the googling, FAQs, manuals that I had to bookmark and constantly
refer to, to use it.

------
gtirloni
When the wiretapping scandals started to get more attention, I got really
paranoid. I decided to go full gear into privacy mode and the end result was
total frustration with poor tools and way more friction than necessary. Then I
realized I'd like just _some_ of my stuff to be positively private and I
didn't care much about the other 95%. So that's where I focus my attention,
much like the author. If I had endless time and money, sure, I would love to
have everything super private and secure, but I don't so.. a more pragmatic
approach is needed.

------
dennisgorelik
This fight for privacy reminds me Don Quixote's attack on windmills.

------
ionised
No it's not futile.

I've done it (completely Google free). It's actually very easy to do and the
comment about inferior UX is indicative of someone who hasn't seriously spent
any time researching alternatives.

This article is just the author attemtping to justify to himself his
unwillingness to do without Google services.

That's fine, if you want to use Google services you should be able to. Just
don't pretend like everyone else is having the same difficulty moving away
from them to make yourself feel better.

------
johnchristopher
Would a well designed campaign about GPG and how to use it help ? Has anyone
ever tried that ?

The more the likes of lavaboom, whiteout or proton mail sprout up from the
ground, the more I feel it'd be simpler to teach K9 and GPG to `people' than
having them switch over a new service that might or might not survive the next
6 months. At least for E-mail.

~~~
gnuarch
Enigmail and p≡p are partnering together for developing Enigmail/p≡p
[http://pep-project.org/2015-09/s1441611880](http://pep-
project.org/2015-09/s1441611880)

------
ck2
If you are in the USA, everything you emailed six months ago is open for
reading by any government agency without a warrant, without letting you know
in any way.

(and if you are not in the usa, just assume it is realtime)

This is why everyone should probably have their own private email server
locked down in their home. Postfix can be made pretty secure.

~~~
rsync
One of the nice things about running your own mail server is that _mail you
send to other local users does not traverse the Internet_. It's just a local
copy operation.

This, of course, requires that everyone use the hosted email client on that
server, but it's worth remembering.

Personally, I (and everyone at rsync.net) just use (al)pine, so the hosted
email client is very simple (and fast and efficient).

~~~
ck2
What's interesting is if you look at gmail headers, they do indeed route via
public IPv6 back to themselves for gmail-to-gmail transactions.

Or at least they log the ipv6 route within their own datacenter, or between
datacenters.

So that is up for argument if it is traveling via their own intranet or "the
internet".

(at least google uses AES TLS, yahoo still uses RC4)

------
jakeogh
Eventually one can:

    
    
      echo "address=/.google.com/127.0.0.1" >> /etc/dnsmasq.conf
    

(along with google's other domains)

Note this cant be done with standard /etc/hosts blocking since the hosts file
does not support blocking subdomains unless they are explicit.

------
cronjobber
Don't forget the supply side---consider blocking googlebot from crawling your
non-commercial content.

A critical mass of google bot boycotters could help tip google search into
becoming _so_ blatantly commercial that opinion leaders might finally consider
alternatives.

------
coldtea
> _On the bright side, Snowden notes that the big software companies are doing
> steps in the right direction._

I call BS on that.

What are the steps FB, Google, Apple etc have taken "in the right direction".

If anything it's only gonna get worse, what with expanding to the "Internet of
Things" and such (not to mention future possible Google and Apple self-driving
cars).

~~~
reviseddamage
So, you would believe Snowden's statements on the bad, but not on the
optimistic?

~~~
coldtea
Yeah, I can be critical on what I believe and don't have to take anybody's
word wholesale.

That sais, what I believe are the leaked documents, that haven't really been
disputed and if anything were corroborated by tons of subsequent stories.

For the 'optimistic' stuff: Snowden doesn't have access to Google/Apple/FB
etc, so what steps he says that they've taken since are the same stuff
reported in the media that we too know.

And those steps are nothing to write home about. I see the same shit going on
as usual -- only even more so.

~~~
reviseddamage
Good points man. Sorry you feel that way. I'm an ever optimist.

------
cbpy
to fully un-Google is not easy, but sites like
[http://www.keyamp.com/](http://www.keyamp.com/) can help you watch Youtube
videos... these iptables rules can help you block Google (there is probably
more efficient ways to write those rules too)...

#!/bin/sh

# /etc/init.d/firewall

IPT="/sbin/iptables"

IPT6="/sbin/ip6tables"

# Block Google

$IPT -A INPUT -s 64.18.0.0/20 -j DROP

$IPT -A INPUT -s 64.233.160.0/19 -j DROP

$IPT -A INPUT -s 64.102.0.0/20 -j DROP

$IPT -A INPUT -s 66.249.80.0/20 -j DROP

$IPT -A INPUT -s 72.14.192.0/18 -j DROP

$IPT -A INPUT -s 74.125.0.0/16 -j DROP

$IPT -A INPUT -s 108.177.8.0/21 -j DROP

$IPT -A INPUT -s 173.194.0.0/16 -j DROP

$IPT -A INPUT -s 207.126.144.0/20 -j DROP

$IPT -A INPUT -s 209.85.128.0/17 -j DROP

$IPT -A INPUT -s 216.58.192.0/19 -j DROP

$IPT -A INPUT -s 216.239.32.0/19 -j DROP

$IPT -A OUTPUT -d 64.18.0.0/20 -j DROP

$IPT -A OUTPUT -d 64.233.160.0/19 -j DROP

$IPT -A OUTPUT -d 64.102.0.0/20 -j DROP

$IPT -A OUTPUT -d 66.249.80.0/20 -j DROP

$IPT -A OUTPUT -d 72.14.192.0/18 -j DROP

$IPT -A OUTPUT -d 74.125.0.0/16 -j DROP

$IPT -A OUTPUT -d 108.177.8.0/21 -j DROP

$IPT -A OUTPUT -d 173.194.0.0/16 -j DROP

$IPT -A OUTPUT -d 207.126.144.0/20 -j DROP

$IPT -A OUTPUT -d 209.85.128.0/17 -j DROP

$IPT -A OUTPUT -d 216.58.192.0/19 -j DROP

$IPT -A OUTPUT -d 216.239.32.0/19 -j DROP

$IPT6 -A INPUT -s 2001:4860:4000::/36 -j DROP

$IPT6 -A INPUT -s 2404:6800:4000::/36 -j DROP

$IPT6 -A INPUT -s 2607:f8b0:4000::/36 -j DROP

$IPT6 -A INPUT -s 2800:3f0:4000::/36 -j DROP

$IPT6 -A INPUT -s 2a00:1450:4000::/36 -j DROP

$IPT6 -A INPUT -s 2c0f:fb50:4000::/36 -j DROP

$IPT6 -A OUTPUT -s 2001:4860:4000::/36 -j DROP

$IPT6 -A OUTPUT -s 2404:6800:4000::/36 -j DROP

$IPT6 -A OUTPUT -s 2607:f8b0:4000::/36 -j DROP

$IPT6 -A OUTPUT -s 2800:3f0:4000::/36 -j DROP

$IPT6 -A OUTPUT -s 2a00:1450:4000::/36 -j DROP

$IPT6 -A OUTPUT -s 2c0f:fb50:4000::/36 -j DROP

~~~
cbpy
since I posted this, the proxy started to have issues with youtube... I really
wish Google would get split up

------
reeta
good

