

The Best Replacements for Privacy-Invading Services - nbradbury
http://lifehacker.com/5965462/the-best-replacements-for-privacy+invading-services

======
jmillikin
The site says you shouldn't host your private data on certain free services
because they show you ads, so they recommend instead using free services that
don't show you ads?

Come on HN, you know how this works. If a service doesn't show you ads, and
doesn't charge a monthly fee, how do you think they make money? Either they're
not, so they'll go out of business when their VC funding runs out, or they're
selling whatever they can glean about your habits to third parties.

\---

Additionally, the article conflates two very different concerns under the
banner of "privacy".

If you object to advertising, then many free services also have some sort of
paid tier. Send then $5 a month and they stop showing you ads. Problem solved.

If you're concerned about third parties having access to your data, then your
only practical options are to either host everything on a computer you own, or
encrypt your data before it leaves your desk. Both options are significantly
more complex than using free hosting, but can provide stronger guarantees
about the safety of your data.

The advantage to encryption is that you can decide on a file-by-file basis
whether it's important enough to protect. Maybe you're OK with
Dropbox/Google/Box.net/etc being able to see pictures of your cat, but don't
want them to see your tax documents or medical records.

Of course, the main problem with taking security seriously is that you are
placing yourself into a very small, difficult-to-please market segment. Most
companies will find it easier to simply ignore you, so they can make their
products work better for people who don't particularly think about data
security.

~~~
alexkus
> The site says you shouldn't host your private data on certain free services
> because they show you ads, so they recommend instead using free services
> that don't show you ads?

> Come on HN, you know how this works. If a service doesn't show you ads, and
> doesn't charge a monthly fee, how do you think they make money? Either
> they're not, so they'll go out of business when their VC funding runs out,
> or they're selling whatever they can glean about your habits to third
> parties.

I've said this before but I'd love to see some people doing not-for-profit
versions of major services. Some advertising, but just enough to pay salaries
and costs but not return 10x to investors (which you wouldn't get in the first
place). No founders cashing out with $1bn+ payoffs after IPO, no IPO, no
funding rounds, just a bunch of employees that would be treated fairly and
collecting a safe regular salary/benefits with no expectation of a huge
payoff.

If only I had made my millions in order to fund such an endeavour...

~~~
ApolloRising
That is pretty much Craigslist

------
cs702
The best replacements would be local applications under one's full control
that seamlessly sync all data on a peer-to-peer network encompassing all of
one's devices -- desktop PC, tablet, phone, etc. Alas, AFAIK, such
applications don't exist yet.

The next-best replacements would be paid services that work with all of one's
devices, but transmit and store one's data only after it has been encrypted,
with the private keys fully under one's control. Alas, AFAIK, such services
don't exist yet.

As a compromise, I would pay for a decent _integrated_ alternative to Google's
Gmail, Contacts, and Calendar that doesn't use my private data for anything
else and works across all of my devices (Linux desktop, tablet, phone). Alas,
AFAIK, such an alternative doesn't exist yet.

Only a tiny number of people today care enough about their privacy to worry
about it, so companies have no financial incentive to do much in this regard
(except as required by law).

~~~
jrabone
Yes, that is exactly what I want. I rooted and upgraded my S2 to a Cyanogen 10
nightly over the weekend (trying to fix the seemingly un-interoperable Android
VPN implementation for my setup) and I was appalled to realise that one of the
things I was losing was a local calendar and contacts provider - apparently
that was something Samsung added, and vanilla Jellybean is cloud-only. I don't
WANT my contacts phone numbers in Gmail. I don't even want Gmail, really; it's
a fall back and a throwaway don't-trust-you-with-my-real-email account.

I run my own mailserver (Exim + Courier IMAP/POP servers). Is there a good
server-only contacts & calendering system written in a sane language (I refuse
to use PHP, life is too short) I can add? TLS support a must. Anyone fancy
writing one plus the Android integration?

~~~
alextingle
I do fancy writing that actually. Sadly I'm busy for the next year or two but
after that, this is one of the problems I would love to help solve.

------
JoshTriplett
For email, I personally prefer Gandi; if you have a domain with them, they
provide email servers, and they have webmail if you want to use that instead
of (or in addition to) an email client. Plus, that way I get email at my own
domain rather than at someone else's, so I know that email address will keep
working forever even if I change providers.

~~~
sp332
I already have email on my own domain, even though I currently have it
pointing to Gmail (for spam filtering and webmail access), I can point it to
any server I want in the future since I own the domain.

~~~
JoshTriplett
Anyone with the ability to run their own mail server can do this, as can
anyone willing to use Google Apps; Gandi has the nice advantage of not having
to run your own mail server.

In my case, I use their server for SMTP, and run my own IMAP server, moving
mail from theirs to mine as it arrives.

------
rsync
I'll just leave this here...

<http://www.rsync.net/philosophy.html>

------
selectout
Some of these are genuinely good alternatives but the headline is a bit too
attention grabbing. A lot of these "privacy-invading" services are free (and
offer more for free) than the non "privacy-invading" alternatives. If you
aren't paying for it, you are probably the product holds very true.

For most people I have found that getting something a bit better for free is
worth giving up on a bit of their privacy. I do believe however that privacy
education and providing the details outside of a long ass privacy policy is
very key moving forward.

------
rwbt
I was recently considering switching to Fastmail from Gmail (Privacy, Lack of
Support etc.,) but not entirely sure about Fastmail. I've never heard of
Lavabit before. I wonder how they stack up against Fastmail in-terms of
Privacy, Support, Security and Reliability.

I think Two-factor authentication in Gmail provides a great additional layer
of security. Unfortunately, I don't think many other email providers support
it.

~~~
Flimm
Fastmail does offer two-factor authentication with SMS:
[https://www.fastmail.fm/help/features_alternative_logins.htm...](https://www.fastmail.fm/help/features_alternative_logins.html)

You can also set up passwords that are only authorised for read-only access,
one hour passwords, one-time passwords and Yubikey logins.

------
tome
An alternative to Google Calendar would be nice.

~~~
rdl
What's wrong with running your own WebDAV/iCal calendar, using something like
Kerio?

------
derrida
Does anybody know if SpiderOak is open source? This matters because it is
claiming to be cryptographically secure.

~~~
lh7777
No. From their Engineering page:

> ...our plan all along has been to make our entire code base open source;
> however, as anyone who has worked with such issues knows, it is often not
> quite that simple. We are committed and will continue to work toward an open
> source environment.

They have some open source bits (see <https://spideroak.com/code>) and
presumably it's built on top of FOSS libraries, but still definitely
proprietary.

------
danso
The idea that you can find a privacy-protecting social service as a substitute
for Facebook is just absurd. FB very well, at some point or already, may
maliciously intrude on you. But the vast majority of horror stories arise from
the kind of behavior of users and their friends that cannot be prevented by
any (non draconian) social platform.

In other words, the privacy problems arise from people being _social_...if you
want maximal privacy, then the only solution is minimal sociability. This is
the case with online networks as it is at e water cooler. So finding a
privacy-protecting platform -- that is, the kind of privacy that most people
want -- is like finding a way of gossiping that prevents words from being
repeated and secret pacts in breakable.

* an example comes to mind: recently on another FB thread, someone said how FB nearly destroyed his marriage because his fiancé had, as her profile pic, a photo of both of them before the relationship was known to the family. fB is obviously wrong to revert privacy settings, but thhe relationship should never have been broadcasted in any pictorial form, because any "friend" could CC or refer to the photo regardless of FB privacy settings

------
mylittlepony
How come DuckDuckGo is so famous, and nobody knows about StartPage?
<https://startpage.com>

Check out all the features it has, it's way superior if you ask me.

~~~
lh7777
I've found DuckDuckGo to be slow and very poor at long-tail searches. +1 for
StartPage as a credible Google alternative.

------
mylittlepony
Labavit sounded great, until I read this part:

 _"To ensure maximum security, passwords are hashed using the Secure Hash
Algorithm (SHA). SHA takes the plaintext password as its input and produces a
random 512 bit string as the output. With only the SHA output, it is
cryptographically impossible to determine the original input. Effectively,
hashing is a repeatable one-way process."_

