I switched from google search to duckduckgo. I still hit an occasional search on google but that's a percentile of the searches they got from me before that decision.
I host my own mail server. Yes I still have that gmail account for stuff that are not important enough to migrate and look it up from time to time but the majority of my personal email traffic now goes through my own server. They still get some of my mail if the recipient is a gmail account but guess what? It's not all of my mail.
I don't host files on Dropbox or the Google drive. I have my own owncloud server on the same box as the mail server.
I host my own jabber server for real time chat - mostly with my wife as a lot of people no longer use anything except google/facebook chats. I talk on IRC with tech friends/work, jabber for personal stuff and once in a blue moon I open up that g+ chat to check if someone wanted something from me.
I do my backups on tarsnap, feels great.
I run Linux for my work machine and OpenBSD for my private machine.
I do have an Android phone but I essentially stopped carrying it with me everywhere. I hate being a slave of the phone, no longer have a mobile data plan and I take the phone with me only when I really need to be reached.
Does Google know a lot about me? Yes. Are they still learning more from people I communicate with? Yes. The point is, they are getting less information. I already noticed a large quality drop in the accuracy of google searches/youtube recommendations for my account.
Side effect from all of this is that people in my close circle of friends tend to pick up some of the habits (duckduckgo & other small bits). You don't take down a giant with one stroke, you cut it up piece by piece.
> I switched from google search to duckduckgo. I still hit an occasional search on google but that's a percentile of the searches they got from me before that decision.
You can use !s in duckduckgo to use startpage instead of duckduckgo, so you end up with google's results but avoid the privacy leak (so long as you trust ddg and sp).
> I don't host files on Dropbox or the Google drive. I have my own owncloud server on the same box as the mail server.
I prefer syncthing, and it's easier to stay on the local network. ownCloud has lots of features, but it's overkill if you only need a dropbox clone.
> I do have an Android phone but I essentially stopped carrying it with me everywhere. I hate being a slave of the phone, no longer have a mobile data plan and I take the phone with me only when I really need to be reached.
No longer have a mobile data plan either, that just means I read my emails and hn a bit less. Cyanogenmod seems to be a big improvement over plain Android privacy-wise.
> I already noticed a large quality drop in the accuracy of google searches/youtube recommendations for my account.
What do you need a google account for?
Also I don't know if companies are legally entitled to gather personal information based on ip addresses, but I use Tor Browser as my default browser so I don't feel threatened by that. On the whole the situation could easily improve if gmail actually had a proper competitor.
> You can use !s in duckduckgo to use startpage instead of duckduckgo, so you end up with google's results but avoid the privacy leak (so long as you trust ddg and sp).
Actually, the reason Google search results are better is because they profile you and can relate the term to your usual searches. I doubt using sp would yield better results but no I didn't try.
> I prefer syncthing, and it's easier to stay on the local network. ownCloud has lots of features, but it's overkill if you only need a dropbox clone.
Thanks for mentioning syncthing. I don't remember why I crossed it off back then. Will give it a second look. Might be hard since ownnote got my wife off evernote so that's one big plus in favour of ownCloud.
> No longer have a mobile data plan either, that just means I read my emails and hn a bit less. Cyanogenmod seems to be a big improvement over plain Android privacy-wise.
The amount of work required to root the phone seems absurd to me. People say it's frictionless but all the materials I found on it so far didn't convince me yet to try. I might just be getting a dumb phone tbh as my next phone.
> What do you need a google account for?
Like I mentioned. Locked in by some people who refuse to use anything else. Partially work hangout chats included. Consider it a leftover that I log in from time to time to use a one off feature.
> Also I don't know if companies are legally entitled to gather personal information based on ip addresses, but I use Tor Browser as my default browser so I don't feel threatened by that. On the whole the situation could easily improve if gmail actually had a proper competitor.
There's a bigger problem. There are a few corporate players (apple, microsoft, google, facebook) which amount to almost all routed email. If they decide to drop email to your host you are essentially blocked from contacting them. They also don't play nice with spamd type daemons since they use an MX pool to deliver it. They could essentially kill all of us running home email servers in one go, that's why it's important for people to run their own. I hope someone won't look at a spreadsheet one day and say 'ok, it's now not a loss for us to ignore traffic from those guys/gals'. Think that won't happen? There was a time when you could use jabber to talk with people on google talk. Now there's no federation.
Aren't you worried about your data security? Yep, you've great skills but in the end, ports are open and software needs to be trusted (although it cannot really be trusted). Should I really expose an ownCloud installation to the Internet?
Yes I am worried, and not extremely happy about ownCloud. I was thinking about limiting access to it to my home IP but that limits the usability of sharing a link to some pictures etc with friends.
Don't get me wrong. The whole setup is both a burden & a liability as suddenly I am responsible for stuff that was done for me (security upgrades, proper configuration, monitoring, backups). That's the price I decided to pay for the ability to learn and control my own privacy. I may wake up to a hacked server - that's true. On the other hand I could wakeup to Google banning my account, then what?
I'm more worried about the centralization of the Internet. That's why I run my own servers (web, email, dns and FTP) and don't rely upon other companies to host my data.
Approaching the "to google or not to google" question is impossible without stating your casus belli.
If you care about opsec, there are many reasons why you would want to use google services: e.g. a hostile actor will have an extremely hard time stealing your emails from Gmail while there's a might higher chance you fucked up a config on your self-hosted setup. Usually, as always, it comes down to smart compartmentalization and using the right tool for the job.
Personally, the ethical perspective is a much stronger reason why to stray away from data behemoths like Google and Facebook. First of all I believe the "usefullness" of many of these services is over-exaggerated: Facebook noawadays is more of a brainwashing service to expose you to "content" that does nothing more than dull your mind and keep you mindlessly scrolling and endless stream of irrelevant advertisements. But even if this isn't the case for all online services, some come at a price I am personally not willing to pay.
We are entering an era of digital slavery where our entire lives are managed by data monopolies that are bound by no rules other than those they create for themselves. I don't care how convenient these commercial services are, if the price is giving up the sovereignty of my data, and the core liberties of my human existence. I make a conscious choice to not be part of this system, and we will all have to face this choice sooner or later.
For more on this topic, I highly suggest Aral Balkan's talk from re:publica this year [1].
Useful to you != useful to others. That kind of generalization does no good.
These companies don't have billions of users because they produce nothing of value.
If that value exchange doesn't work for you, just stop using it. But these strange posts about "slavery" and "liberties" just seem out of place. It's a corporation, like any other. What are you expecting?
You might not like to hear this perspective, but that doesn't make it any less true.
Many corporations produce lots of value that is based on corrupt moral values: from companies doing arms sales in third-world countries (i.e. profiting from destruction and death in impoverished areas of the globe) to corporations selling animals parts as products (i.e. profiting from the ownership and abuse of sentient beings).
I'm not directly comparing Google to other truly evil corporations, but I will damn right call out ethically and morally flawed business models when I see them.
Morals are a personal thing, not innate to a corporation but rather your subjective filter for the world. What you might consider moral, others can find opposite.
Regarding ethics: There is nothing ethically flawed about what Google is doing. They aren't selling arms or abusing animals so where does this line get crossed for you? They are in it for profit and can provide many of these services for free through advertising. Necessarily this requires an exchange of your general data profile for all the utility of their tools. If you pay them directly, then the privacy rules are different (as it works with many such corporations).
And you might not like to hear this perspective - but many really don't care. People share data about themselves at an exponential rate because the experience of sharing and the utility of the companies outweighs other concerns.
But you are perfectly free to go do your own thing. There's no secret Google police out to get you. You are not revealing some big conspiracy here, it's a well-understood exchange and many are just fine with it and many like you aren't. And it's all ok.
But it would be more amazing if this wasn't the case. Google have grown very fast into being part of vital infrastructure - and security services wouldn't be doing their job if they didn't have significant inside presence (I'm sure they can't be the only ones either). However, this leaves us with massive unresolved problems of oversight (how do we ensure we don't end up with a Stasi or McCarthy situation), and compartmentalisation (where enough data is aggregated across enough areas to represent a security threat to individuals e.g. politicians and judges becoming open to blackmail).
... except for when it's not all ok. It's not ok for a private corporation to play by its own rules and have total control over digital identities, about how you get presented online, about if you are or aren't allowed to be forgotten, about which speech is acceptable and which isn't (hint: when it doesn't line up with the corporations agenda).
Monopolies are a market failure - capitalism says this very clearly. In the case of data behemoths, I fear we are losing more than just some extra $$$ each month, but some of the core liberties that make up how current modern societies functions. As you mentioned yourself, I am far from being the only one who notices this problem.
They aren't playing by their own rules - there are laws and regulations. Our government (which is meant to serve the people) is the proper channel to set boundaries for people and companies. If you want change, then start there and be the change you want to be.
Markets are imperfect and monopolies are naturally bound to happen as they give the corporation efficiencies of scale and allow them to provide more value that's demanded by consumers at lower cost. This is the good part, with the bad being the anticompetitive issues. It's something we'll deal with either with new companies who can do better or with government regulation to keep things in check.
And again, you seem to be missing the part of how you are not required to use Google. It seems like you are able to get all your needs met through other services so what exactly are you worried about? That other people choose to use Google vs. follow your path? Is it not up to them to decide this?
The original article deals with the issue of contamination and references that even running your own email servers, around 50% of your mail will still go through google servers.
The people opting out here are the digital equivalent of those attempting self-sufficiency, growing all their own food and making all their own clothes. It's inconvenient, clunky, and you still need to buy stuff.
The issue here is that due to network effects, Google (+ FB, Ebay, Twitter, Amazon) provide more utility as the monopolies they have inevitably grown into. That means they are a form of vital infrastructure, not competing businesses in a diverse marketplace. (If we don't like the idea that they are 'too big to fail' and actually should be protected, a glimmer of an alternative is provided by China which seems to have stood up functional alternatives to these in a fairly short period, albeit mandated by regulation.)
Then the government is how we handle this. I'm always surprised at how the companies get all the blame as "evil" when they're just doing what they're allowed and supposed to do.
Do these people also hate the massive companies that provide them the internet, oil, electricity, laptops, houses, and everything else they use to basically live their life?
The law is the final line and that's what should be worked on - if people want change they should focus their energy here.
If you're going to bring it down to that kind of strange technicality then yes - those people are using it because it provides them value in whatever form.
It's not up to you to judge what that value is and whether you think it's good for them.
This is just playing games with microeconomic terms. However you choose to define "value", using heroin is self-destructive and usually (always?) irrational. If you choose to include that kind of behavior in your definition of value then the word loses most of its useful connotations.
It absolutely does provide value. Many (ab)users of illegal substances use them to provide relief from the emotional pain of traumatic experiences or mental illnesses.
Yes, Facebook isn't very "useful", but I think you'd have a hard time making the same case about Google's services. Maps, Gmail and Android(assuming iOS/Windows Phone isn't an option) are all hard to beat.
Well, they are options. If one judges every alternative that might include the tiniest bit of inconvenience as "not an option", any try would be hopeless.
In fact, I would argue Android is the easiest Google product to replace, because it has a perfectly polished competitor like iOS.
I have a dream: I would like to have all the "cloud" services: Gmail, Dropbox, Google Docs, online photo gallery, video streaming, etc. And I would like to have them as downloadable software packages, so that I could buy my own domain, set up my MacMini as a server and have all of the above services hosted on the server I own and have full controll of. Do you think that's possible to do ?
I think I've seen some other projects but forgot to bookmark them (or maybe I did but forgot to tag the bookmark...). Sorry.
Added: sadly, all those projects are about software packaging with a single-click installers. I haven't ever seen a project that'd strive to have installation and configuration recipes written in some configuration management language using literate programming techniques, so the recipe would act not as a mere set of instructions to the machine, but - primarily - as an article to the user, explaining what's going on, why it's so and where to tweak the knobs. Like those "set up your own server" blog posts on steroids, and with a "not interested in details, just do this" button slapped at the top.
This would truly be a great thing. I've been trying for years, and it's really kind of painful, even with some good working knowledge of network infrastructure.
Here are some decent software I use. Not all OSS, unfortunately, but they still let me posses my data.
There's open source software to do all of that, and it is relatively simple to setup. However, you will soon find that the real nightmare is in maintaining all the services. With paid for, or google hosted, services you set it and forget it.
It's also much more expensive to roll your own. That said there is a nerd-cred factor that had me set up owncloud on my personal domain. It's definitely a nuisance though hosting your own stuff.
You'd basically need to start[1] an equivalent movement to the GNU/FOSS/Linux movement, for cloud software.
Google's services, at least, are written assuming they are running on a million machines inside of a Google datacenter, with all sorts of dependencies on the infrastructure; worse (for the purposes of converting them to easy-to-install packages), they are written assuming the existence of Google SREs.
Everyone else is in the same boat, with software meant to be run on a datacenter and not a MacMini. You'd really need to start over from scratch, and first with a platform that can run on one to a million machines, then rewriting everything to run on top of it.
It's not impossible, but it's a lot of work.
[1] Such a movement probably already exists, in which case you should join it.
> You'd basically need to start[1] an equivalent movement to the GNU/FOSS/Linux movement, for cloud software.
Could you point out what in any of these services actually depends on the cloud?
Email runs perfectly fine on single servers (Gmail). Network file storage is a solved problem (Dropbox/Google Drive/YouTube/various photo buckets). What these things are missing are dynamic web 2.0 GUIs, not backends. And the GUI doesn't have anything to do with the cloud.
The cloud is a huge innovation, but it isn't an innovation that provides anything for us, it's an innovation for centralized businesses. The cloud has absolutely no value until you're trying to serve millions of users on one service. Federated systems like email are perfectly capable of handling everything that the cloud does for you and I.
But the cloud does provide value to me. I can spend a few bucks and a few minutes to set up Google Apps for email on my domain. It takes hours of futzing to configure a home email server. My time is valuable, so the cloud service is worth it.
I'd love to have a comparable platform that I could run from my closet, but that's still in the distance. For now, cloud services are usually the best way to minimize cost.
> I can spend a few bucks and a few minutes to set up Google Apps for email on my domain.
This is a perfect example of what I'm saying: this has nothing to do with the cloud, and everything to do with the tooling Google Apps provides. There's nothing preventing the open source community from implementing equivalent tooling which targets federated servers.
I have a FreeNAS server set up at home for most of those services. It's a FreeBSD based distribution focused on file services, but you can really run any service from the BSD jail system. FreeNAS comes with click'n run plugins for a lot of the services mentioned in this thread: ownCloud (files), firefly (music), btSync (files), Plex (video/music), Subsonic (music) and more.
Now a Mac Mini isn't the most fearsome server, so you won't get extraordinary performance, but it should perform good enough for for 1-2 concurrent users.
Currently the business model of many of these services relies on your personal data. By earning less money to solve the problem is not an option to them. I mean even some paid services will use your data for profit. So I think it won't be possible to find a full alternative of each of those services in the near future. There are plenty of opensource self-hosting software like others mentioned. They are not as good as those cloud services in many ways, but at least many of them were designed to respect your personal data and freedom. We have to weigh the balance until there's a better solution.
This actually makes a lot more sense that it did a decade ago. Mail servers were needed in a time when we were not always online. Now that we are, we can technically run everything that's done by a server on our own PCs. The bandwidth and processing power now exists. The resulting setup would be a peer to peer network with nodes connected via address/name servers.
For those times we're offline, it may be possible to spin up a temporary cloud instance which downloads everything back to us and dies once we reconnect.
At least as a start, set up an e-mail and XMPP/Jabber account with a provider with whom you can use your own domain. That way you can own your own identity while still intercommunicating with others. Should the need arise to change providers, you can do so without sacrificing your network.
Of course Google et al. are working tirelessly to make this not possible (see Hangouts, FB Messenger, etc... all once federated XMPP services, now closed-garden proprietary services).
> [...] set up my MacMini as a server and have all of the above services hosted on the server I own and have full controll of. Do you think that's possible to do?
Unfortunately, that is not (fully) possible. Consumer internet landlines traditionally have an upload speed that is 10x slower than the download speed. Hence you will never get the same performance as a data-center hosted solution.
But you don't really need that much bandwidth for all of these services. Dropbox's bandwidth would be the hardest to replicate - but even then, in general, once you get your first backup done, updates shouldn't require that much bandwidth. Music streaming works fine. Photos bottleneck is almost more processing power than bandwidth. Streaming video might be slow, but downloading, then watching usually is good enough for one's own videos shared with friends.
And bandwidth, like HD space, is always increasing.
There are also some "commercial" symetrical links, meant mainly for small companies. They cost 2-5 times more than a normal, consumer-grade link, but I wouldn't mind paying that extra for the possibility of keeping my data safe.
I switched from gmail to Fastmail (http://www.fastmail.com) two years ago mostly because I don't want to feed the monster. Surprisingly, in many ways, the move was a step up in usability, I was prepared to scarify some comfort, but it turned out that I didn't had to.
Fastmail offers everything I need, great mail client, calander, contacts, notes, great app for both Android and iOS
I also got my family accounts on Fastmail, we ended up creating a family account so we can share folders, calenders, contacts etc.
yes, it costs money, but I think its worth it.
*) I'm not affiliated with Fastmail in anyway, just think the service provided is great.
I switched twice, from my own mail server -> gmail -> back to my own server. Setting up the mail server the second time around was much more difficult for me. There seemed to be a lot more to get right this time around. (anti-spam, in particular. Ensuring that your mails aren't dropped by other servers can be a pain to get right).
Well, one is a small Australian company that make money from providing e-mail as a service, the other being a global company that use behavioral profiling to skew your view of the world.
Are you happy with deliverability? I have had some Fastmail issues where mails did not get delivered as reliable as with Gmail … filters are also much less convenient to set up.
On the other hand, Fastmail is great as an IMAP provider.
The web GUI etc. are OK but there are still issues, for example with non-English characters in the search. 2FA is kind of strange too with its mix between your password and the 2FA token. And spam filtering is of course not comparable with Gmail in my experience (with Fastmail erring on the spam side and Gmail erring on the false positive side, I don't know which one is 'preferable'!).
It costs money. Even if it cost 5$/year it would be a major hurdle. But it costs 40$/year for the same level of functionality as gmail. Sadly, most people will consider this a no-brainer in gmail's favour.
I've grumped about this before, but fastmail is not great email or calendar; I have a long list of bugs.
For example: just last month I discovered they can't reliably handle calendar events sent from outlook (you know, that tiny calendar server that no business uses). This made a phone screen a huge hassle to schedule. Somehow a meeting request sent as 3pm PDT / 2200 greenwich got loaded into my fastmail calendar as 2pm pdt/10pm bst. It's just flaky.
If you have iOS everything integrates so no need for the app if you do not like it. Android is a bit harder to setup, but you can get mail, calendar and contacts working there too
I kind of found a sweet spot where I'm using a European-based email service. I created my Google account with it, but I'm not really using it constantly (just to comment on YouTube videos now and then and use Google+ like once a week). I'm also using Google's Docs occasionally, but just to share the .pdf docs with people I interviewed to show them a preview of the article that is going to be public in a couple of days anyway. I'm using Facebook like once per week (I don't have it installed on my phone), I don't own any Apple products, I'm using OpenStreetMap instead of Google's Maps, I'm using DuckDuckGo instead of Google's search (and I love it). On my laptop, I'm using a Linux-based operating system. I'm perfectly happy. It's a perfect privacy/usability combination for me.
I changed a lot of my habits since Snowden came out and I am perfectly happy with it.
After spending some time with ownCloud and pouring through it, I'll take the relatively superior safety, security, and privacy of Google. I encourage any doubters to examine the ownCloud source[1] and come to their own conclusions.
Migrate away from Google where you can, but do it in small steps with rational, informed decisions.
1. To head off the obvious response of "Then submit patches, make it better!": That's akin to walking into a home fraught by fire and mentioning the pictures could use a little dusting.
I don't understand how you could possibly claim the Google Drive is in any way more secure than OwnCloud. Proprietary software hosted in the cloud is inherently unsafe, insecure, and not private. OwnCloud may not be the best piece of software, but it can be audited by anyone and hosted on computers that you trust. You have no idea if Google Drive is secure because it is impossible for you audit it.
You didn't even read my comment before commenting, did you?
> I don't understand how you could possibly claim the Google Drive is in any way more secure than OwnCloud.
It depends on your threat model. Against the US? It's wise to assume it's game over, no matter what you do, here.
Foreign state actors? ownCloud is seriously pwnable. not quite so with Google services (unless that foreign gov't has an intelligence sharing agreement with Google)
Criminals? Again, ownCloud is seriously pwnable.
I'm a US citizen, so I'm primarily concerned with foreign and criminal actors (knowing that it's game over versus US intelligence), therefore ownCloud does not fit my threat model.
I use OwnCloud but I'm hopeful a better version in something like Python emerges soon.
Have to agree with OP (who did audit the code as you suggest). PHP OwnCloud feels a bit like a janky duck taped mess. I'm always a bit surprised it works and it doesn't make me feel a whole lot more secure than using a provider like MS, Dropbox or Google. I just like running my own stuff which is why I use it.
I've been trying to stop using Google products, but I have to admit most of their web services are probably about as secure as you're going to get. Google has some of the smartest tech people in the world working for them, and everything I've seen tells me they take security seriously. If they're doing it wrong, I'm scared to think about other companies.
As far as I know, most people who quit Google do it because they dislike Google mining their data, not because they don't think Google is secure.
Implication is that OP has audited source and found it wanting.
Threat models and risks vary. SAAS offers aggregated data and appealing targets, though they may be well hardened. Much as I criticise Google, I find their claims of protecting data reasonably credible (not enough to be comfortable with it).
A distributed system with many known and unknown vulnerabilities and a readily determined network signature (nmap or similar) remains a bulk source. A determined adversary could scan all possible network space quite quickly and access data. With known targets -- monitoring your network traffic, knowing URLs or MXs -- they could target you directly.
NB: I haven't audited OwnClowd, nor am I particularly qualified to do so.
Fair point, though not strictly true. It's possible to conduct both audits and black-box testing of proprietary systems, and some of these provide source fairly liberally.
Microsoft provides examples of both. Samba's Andrew Tridgell has commented that the team knows many ways to crash or compromise Windows systems. Microsoft's academic code licensing provided pretty liberal access to OS source code. Similarly corporate partner licensing for contractors.
Though security didn't exactly thrive under that regime...
PGP is another company that provided core crypto code for public review, though it wasn't Free Software.
I was playing with an idea of an "off-Google email delivery" for Gmail recipients. Basically they would get a short note saying that a reply to your email is available, please pick it up [here], with a link leading to a TLS'd page on a non-Google server. The same page would offer them an option of replying to the conversation right there if there's a need to do that.
I'm pretty sure this would piss the hell off some Gmail users, but that'd be exactly the point - to make them at least stop and consider that not everyone's a fan of passing all their communications through Google.
If you send an encrypted email from protonmail.ch to someone who uses another email provider, he get's a notification email with a link that does just that.
However the recipient should know the password to see and reply to the email.
Once you send an email to someone, that content is no longer yours. I understand why you might want it to be. But at its core, email is about sending content to another person, and giving them control of what they can do with that content. Ignoring etiquette, there is nothing stopping them from copying it, forwarding it, printing it, publishing it, etc. Indexing it for their own searches is hardly a bigger step beyond what they can already do with any email provider.
That was a rhetorical question. Sorry if it wasn't clear.
It was just to show that once you start talking about your own comfort and convenience, it wouldn't hurt to consider if you'd be getting these at the expense of other people. This has nothing to do with etiquette, and pretty much everything with basic egoism. "But how would I search" remark above is a good example of this. One's entitlement for comfortably searching their mail history ends where my entitlement for keeping my replies off Google's radar begins. It always works both ways.
Hmm... I suppose explicitly claiming copyright on your email might keep many people from publishing it, particularly if you put a scary warning next to said claim.
Note: I can't think of any reason you can't do this, but whether or not this practice has real legal bite, it could be effective by creating an air of legal uncertainty.
That can be blocked easily enough. It can also be used to explicitly tell recepients that someone/something else read their emails on this date from this address.
Email is supposedly a digital metaphor for snail mail. With snail mail, you receive a letter in your mailbox (which you check every other day), and you take the letter out, process it, and either store it somewhere safe or discard it (POP).
That is how email used to work. At some point things changed so you no longer regularly clear your mailbox, but you just open the letter, read it, and put it back in (IMAP).
Actually, you no longer get the mail in the mailbox. You call the post office and ask them to read the letter to you (webmail).
Interesting way to think about it, but before POP, I think the snail mail analogy would be something like: you'd drive to the post office (telnet/log in to the compute terminal), open your letter and read it. Then possibly put it back in your P.O. Box, or put it into a folder that's kept at the post office.
It's not futile to un-Google. Every little bit helps. It's not too difficult to use another search engine, to choose a smaller email provider, to set-up Thunderbird with Enigmail, to set-up Owncloud on a server and/or your own NAS.
I run my own mail server, use GPG with Enigmail and I'm logged in to Wickr all day.
I also use Orbot, Text Secure and Red Phone on my Mobile.
The problem that I have is that despite talking up these to my peers, no one uses the secure channels. Even friends that created Wickr accounts message me on Facebook.
It is ansible playbook to setup most of the stuff you need daily (and extras on top) on own barebone dedicated/vp server. Super easy to get going. (not "Install" button like easy, but nowhere close to pains of setting up mail server, making sure antispam and dkim signing work, etc,etc,etc)
For those who don't google and use many of the 'big' services: Do you also not shop at large retail chains like Target or Walmart? Do you avoid Starbucks? They all collect the information you give them, sell it, analyze it, and figure out how to better get you to buy from them. I'm honestly curious if it's simply an issue about the collection of your data or if it's an issue of what data is collected.
The difference is that Tesco only knows about one aspect of my life: grocery shopping. I can handle that and contain the risk.
I don't use coffee shops but if I did they'd only know about my coffee preferences and work patterns.
Google, however, with search, Gmail and Now alone knows everything about the lives of its users. And quite a lot about the lives of non-users with whom they communicate.
Just use that old fashioned thing called cash, funny enough all the stores you named take it. Of course you do not want to use any loyalty cards either.
Question to anyone:
how hard it would be to integrate pgp (or pgp-like) thing on browser level?
would immediately solve all the headache.
let's say:
Special UI for storing private/public pairs in a browser (private key never leaves the PC)
special javascript commands (assume some standard here) to invoke native windows which can not be controlled via js. sign, type message, encrypt. confirm this specific message is actually signed by specific person (pretty trivial in terms of coding and bulletproof UI, except for "public identity storage" part which exceptionally hard).
Looks like very simple htmlsomething standard could overturn all the state of modern web privacy.
Have a look at mailvelope[1]. It enables you to use gpg in your browser. Two larger german e-mail providers (gmx and web.de) even integrated it into their web interface[2].
Someone (like gmail) can even do rich text editor for emails and stuff - without compromising security. let's say separate sandbox w/o internet and write access to cookies etc.
load scripts, css, images. show native window (clearly different than anything js can do) with that rich text editor inside. user types message in, system encrypts (and/or signs) the message. regular html page sees the result.
How rare is that? Basically everyone has a phone today with an email client.
You shouldn't do that anyway because you're giving your password (and your keys if you encrypt!) away with that.
The problems are that some people hate the certification scheme of S/MIME and use GPG which isn't better at all. Then it's user unfriendly to generate the certificates (if you want to be a good email provider, do the job to provide your users with signing of certs) cert and to get them onto all of your devices (I'm looking at you Apple!).
Not terribly rare for me - I probably do it about once a week.
Currently my threat-and-countermeasure model doesn't include obfuscation from the eyes of state actors. I do want to change that, though, so I'll have to break this habit.
Of course it's futile. The only thing that protects confidentiality is end-to-end zero-knowledge encryption performed in open source code audited by professional cryptographers, with a trusted system for distributing public keys. Using indie or European providers is just window dressing. Your emails will be in plaintext SMTP when they reach NSA fiber taps just like everyone else's.
Running your own server just shifts your trust from Google to DigitalOcean/Linode/AWS or your residential ISP (even less deserving).
I wish we would stop this navel-gazing about which providers to trust and FUCKING ADOPT GPG ALREADY. It's been, what, 15 years?
GPG sucks. I use it, I have a smartcard, I did subkeys, etc. I encrypt backups, I log with it to ssh. And it sucks. It sucks so bad, that I don't even know why I am doing it. There are just so many technical glitches, not to mention all the googling, FAQs, manuals that I had to bookmark and constantly refer to, to use it.
When the wiretapping scandals started to get more attention, I got really paranoid. I decided to go full gear into privacy mode and the end result was total frustration with poor tools and way more friction than necessary. Then I realized I'd like just _some_ of my stuff to be positively private and I didn't care much about the other 95%. So that's where I focus my attention, much like the author. If I had endless time and money, sure, I would love to have everything super private and secure, but I don't so.. a more pragmatic approach is needed.
I've done it (completely Google free). It's actually very easy to do and the comment about inferior UX is indicative of someone who hasn't seriously spent any time researching alternatives.
This article is just the author attemtping to justify to himself his unwillingness to do without Google services.
That's fine, if you want to use Google services you should be able to. Just don't pretend like everyone else is having the same difficulty moving away from them to make yourself feel better.
Would a well designed campaign about GPG and how to use it help ? Has anyone ever tried that ?
The more the likes of lavaboom, whiteout or proton mail sprout up from the ground, the more I feel it'd be simpler to teach K9 and GPG to `people' than having them switch over a new service that might or might not survive the next 6 months. At least for E-mail.
If you are in the USA, everything you emailed six months ago is open for reading by any government agency without a warrant, without letting you know in any way.
(and if you are not in the usa, just assume it is realtime)
This is why everyone should probably have their own private email server locked down in their home. Postfix can be made pretty secure.
The problem is... it sucks. I'm doing this and - honestly - it's not very pleasant experience.
The dilemma is - either sell your soul to Google (Apple, Microsoft, whoever else) and surrender to their will for a glimpse of their proprietary innovations, or have to deal with basic (and somewhat ancient) technologies without much of support. Unless you hire a sysadmin to maintain that for you.
The thing is, popular services add some value, like smart email processing, reasonably-well maintained spam filtering, tagging emails (IMAP doesn't have this!) etc etc. It's all theoretically doable in DIY setups, of course, but entry barriers (time, knowledge) are huge, and in practice one'll likely to end up with only basic functionality that'd they'll end up eventually abandoning due to maintenance being a PITA.
One of the nice things about running your own mail server is that mail you send to other local users does not traverse the Internet. It's just a local copy operation.
This, of course, requires that everyone use the hosted email client on that server, but it's worth remembering.
Personally, I (and everyone at rsync.net) just use (al)pine, so the hosted email client is very simple (and fast and efficient).
Don't forget the supply side---consider blocking googlebot from crawling your non-commercial content.
A critical mass of google bot boycotters could help tip google search into becoming so blatantly commercial that opinion leaders might finally consider alternatives.
>On the bright side, Snowden notes that the big software companies are doing steps in the right direction.
I call BS on that.
What are the steps FB, Google, Apple etc have taken "in the right direction".
If anything it's only gonna get worse, what with expanding to the "Internet of Things" and such (not to mention future possible Google and Apple self-driving cars).
Yeah, I can be critical on what I believe and don't have to take anybody's word wholesale.
That sais, what I believe are the leaked documents, that haven't really been disputed and if anything were corroborated by tons of subsequent stories.
For the 'optimistic' stuff: Snowden doesn't have access to Google/Apple/FB etc, so what steps he says that they've taken since are the same stuff reported in the media that we too know.
And those steps are nothing to write home about. I see the same shit going on as usual -- only even more so.
to fully un-Google is not easy, but sites like http://www.keyamp.com/ can help you watch Youtube videos... these iptables rules can help you block Google (there is probably more efficient ways to write those rules too)...
I switched from google search to duckduckgo. I still hit an occasional search on google but that's a percentile of the searches they got from me before that decision.
I host my own mail server. Yes I still have that gmail account for stuff that are not important enough to migrate and look it up from time to time but the majority of my personal email traffic now goes through my own server. They still get some of my mail if the recipient is a gmail account but guess what? It's not all of my mail.
I don't host files on Dropbox or the Google drive. I have my own owncloud server on the same box as the mail server.
I host my own jabber server for real time chat - mostly with my wife as a lot of people no longer use anything except google/facebook chats. I talk on IRC with tech friends/work, jabber for personal stuff and once in a blue moon I open up that g+ chat to check if someone wanted something from me.
I do my backups on tarsnap, feels great.
I run Linux for my work machine and OpenBSD for my private machine.
I do have an Android phone but I essentially stopped carrying it with me everywhere. I hate being a slave of the phone, no longer have a mobile data plan and I take the phone with me only when I really need to be reached.
Does Google know a lot about me? Yes. Are they still learning more from people I communicate with? Yes. The point is, they are getting less information. I already noticed a large quality drop in the accuracy of google searches/youtube recommendations for my account.
Side effect from all of this is that people in my close circle of friends tend to pick up some of the habits (duckduckgo & other small bits). You don't take down a giant with one stroke, you cut it up piece by piece.