I'm an engineer working on Firefox Platform (Gecko). In the linked blog post, the author recommends Firefox (thanks!) and links to a "privacy recommendations" for it, which include items such as "resistFingerprinting" settings.
I'd like to remind everyone that turning on this setting has far fetched consequences to how you experience the Web.
Your dates, timezones, preferred languages will all be masked which will result in weird experiences.
The option is behind a flag and without UI precisely because it is a pretty complex feature, that we didn't iron out yet, and which should be well understood before being used.
It concerns me to see it being references and recommended without any explanation whatsoever.
Of course I'm likely biased because I'm on the receiving end of bug reports from people who experience the Web in weird languages and with wrong timezones because they followed some tutorial that recommended it. :(
I don't want my fonts, plugins, user agent, or detailed HW/graphics features (e.g. canvas/WebGL hash) being known. Those can uniquely identify me according to https://panopticlick.eff.org.
So does your resolution. And that's hard to mask because JS usually needs to know it.
If you're not using the browser fullscreen, chances are that you're using a unique innerWidth+innerHeight.
As unsatisfying as it is, the current best solution seems to be not to care about privacy most of the time, and then take privacy seriously when you do. Whonix is excellent for this.
Weirdly, I tried to measure how unique my window.innerWidth/Height was, but panopticlick no longer seems to measure this. It only uses my full screen resolution, which of course is much less unique than canvas dimensions.
If you're not masking your IP, resolution and anything else is largely irrelevant for tracking you.
Say everybody uses one of four resolutions equally. That's two bits: 00, 01, 10 and 11. Now let's say that people's gender is also binary, distributed 50/50 and independent from what resolution someone uses. You can just tack that bit onto the two you already got and now you have three (the ability to distinguish between 2^3 = 8 individuals).
I won't go into the details, but if you have an estimate for the probability distribution of browser resolutions, it's fairly easy to extract the proper amount of bits of entropy. Being independent is a bit harder to make sure of, but as long as you pick things which aren't too obviously correlated, you can just take a safety margin and use, say, 40 bits to identify people, and it's probably fine (and for tracking purposes, a false positive isn't the end of the world, either).
That said, while I support the concept and idea behind panopticlick, I've always felt it overestimated the unicity of my browser. Or maybe I just really underestimate it myself. I don't know.
idk - it seems like that can't be enough?
No offense, but advice like this is useless. It reduces to, "someone I don't know thinks the average person with no special risk factors should think this way about their personal privacy based on who knows what priors."
Different people have different reactions to risk, have different actual exposures to risks, different competencies, and different tolerances for the hassles of opsec. And potential future risks of data slopping about are unknown.
There is no such thing as a "best solution" when talking about this.
What do you mean by this?
Indeed, it will surely make resize look less sexy (jumping by 32s instead of pixels), and you might waste a few pixels of screen real estate on some sites at some times -- but it's the kind of tradeoff that some people happily do for more privacy.
Related, does anyone know if privacy badger include "screen size determination" in its heuristics?
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
So the site should really only take into account your OS, maybe its major version, and browser version (which changes frequently so trackers can’t rely on that). Or at least not count any that are not used anymore.
I suspect it's partly because these plugins don't function fully in a private window?
I've yet to come across an extension that does something like this so I'm presuming it's not possible via extensions?
Are Mozilla working to make this more granular and let me whitelist individual features on a per site basis?
I'd far rather lose tracking than get the very minor benefit of a (slow loading) web font or en-GB over en-US. Especially if I can opt in the few I trust or need those features.
I remember reading an article about how Richard Stallman interacts with the internet a while back. I remember thinking that it seemed totally insane. But in light of the reality of 2018, I am coming around.
The way I see it, I can keep tweaking privacy settings in a browser, or opting out of collection, or doing any number of other things to attempt to protect my privacy, _or_ I could just stop using services that do not respect my privacy in the first place. Perhaps certain aspects of modern life have taken too much, and they need to be abandoned until they are reformed?
One of these you mean?
The difficulty of course is right now it's nearly everyone at it. Too early to say if GDPR will make an appreciable difference, though it seems like it should. So that leaves few choices outside of gnu everything or layers of hacks and browser extensions. I have hope that many services will start being much more careful in what tracking and data they actually need after recent events.
I think this one is no longer working with the newest FF versions, but check back in on it every once in a while.
For Chrome: https://chrome.google.com/webstore/detail/random-user-agent/...
Not as configurable as I'd like, but it gets 25% of the job done.
Time to give the chrome one a look, thanks.
Apple can do it. There's no reason why Firefox can't. And if there is a reason, it should have been dealt with years ago.
¹ i just noticed that in Firefox 60, the setting is no longer as hidden as it used to be. Good!
That, and the user is likely used to having less-than-ideal browsing experiences if they run any adblockers. I do agree that the article should outline what the consequences would be for disabling browser fingerprinting; they simply have one sentence recommending it, and nothing else.
I’d be so keen for the solution to lie in the browser UX- in the same way as we currently request location information - rather than the current mish-mash of badly implemented, often disingenuous site overlays that have become the modern equivalent of the ‘enter site’ splash screen...
Have you actually seen examples of that? sad...
How is this not essential though? You can't effectively run a business without some understanding of your traffic and where it's coming from. Also, you can use Google Analytics in a way that doesn't store PII.
I'm not associated with EU so I haven't pondered on this as much as others. My first thought is that this should really be up to the browsers and their users on what info Analytics software is able to work out just from the user being on the page.
Users should just assume that every business will absorb all available information. At least then we wouldn't see those ridiculous cookie notices everywhere.
As a web developer, I'm kinda surprised 3rd party cookies ever became a thing in the first place.
Users don't know what "available information" is. And frankly, not even the browser developers do - we keep discovering new ways to track people (e.g. using ETags) with features that weren't intended for that. So it's quite hard to claim the user can simply decide what to share.
Because when ordinary users ask "what can I do to protect my privacy?" you have two possible answers:
a) "Nothing, you're not smart enough to do this, you're screwed"
b) "These things"
B has a high learning curve, but telling people about it scares them off. If you care about your friends privacy and want to get them past that learning curve, it's better to let them stumble into issues and be there to answer questions.
I have quite a few of these switches on. First party isolation for example breaks the paypal payment flow on some, but not all, shops. It also breaks quite a few pages that recognize it as an adblocker. I know what to do if that happens, but I would never just recommend enabling that switch.
Or just donate if you can’t do any of those things.
For example, the "best" calendar alternative is Etar which looks to a Github repo. Really? At the very least you could mention Apple Calendar. Is Maps.Me (which uses AdSense) really better than Apple Maps? I'm not a fan of hooktube either - it just further cements YouTube's monopoly.
I think what what bothers me is that "privacy focused" tends to be conflated with FOSS. I'm really thankful for organizations like Mozilla and Signal that are trying to deliver privacy focused applications to real people. However I also think we should recognize Apple-like companies who are also privacy focused without necessarily being FOSS. I think that will help move more non-technical people out of central databases.
This is why, when it comes to privacy, Apple isn't worth consideration. All we have is their word, and that simply isn't enough.
I find this to be an extremely un-compelling position. A relatively small proportion of the general population has the skills to meaningfully look at the code, never mind the time. Moreover, even for someone who is capable, such an exercise quickly becomes non-trivial on an unfamiliar codebase for an app of any complexity.
In many cases there's also no guarantee that the code you're reading is the code that's running.
It's more damaging than that. The bundling of privacy and FOSS advocacy weakens the former. Few without deep technical knowledge is sympathetic to FOSS. The potential audience for a privacy pitch is broader. By bundling the two, however, the technical advocacy community limits the appeal of the former to those supporting the latter. This is an issue because the opponents of privacy rights are not similarly limited. Hence, we find ourselves reliant on Google, Apple, Facebook and Amazon being benevolent dictators, in their services and Washington.
Few without deep technical knowledge do even know what FOSS is.
Unless we’re talking about hosted FOSS, in which case you get the worst of both worlds.
I run my own mail server so this comes from a place of love: FOSS for server side products for consumers is a joke.
Many eyes make all bugs shallow, but if there aren’t enough eyes with the skills or the time then problems will remain deep, even for important software like this.
Perhaps everyone thought everyone else had done the work?
Thinking out loud here, what's the best counterfactual on HB?
I can imagine a ClosedSSL that gets hammered in a blackhat presentation. I can imagine ClosedSSL getting fixed, eventually.
It's just hard for me to imagine that happening faster because people like Neel couldn't read the code.
Maybe the counterfactual is that ClosedSSL is also well funded and cares deeply about security, so it finds HB internally.
But openness doesn't preclude funding. And closed source doesn't grant you an automatic security focus.
So rich ClosedSSL vs poor OpenSSL isn't an apples to apples comparison.
All things held equal, openness provides one extra possible avenue to find and catch bugs, and so such projects will tend to have more caught on average.
What does HB teach us then? Just that some bugs are hard.
Now, to be fair, if "openness" is just used as a substitute for internal security audits, a way to shrug and farm out that work and blame to passers-by, then that would be obviously terrible.
That probably happens more than we'd like to admit, but I still don't think it's the typical reason people open their code.
The only exception is iCloud keychain, but I believe only if you decline the default setting to create an iCloud security code (I'm not entirely sure about that)
This is more than a little hyperbolic. In the US you need a warrant.
I don't trust it, though, if we're talking domestic surveillance. The ECI-level leaks said FBI "compels" domestic companies to enable their stuff for eavesdropping. Whatever that means is secret. In the Lavabit case, the FBI argued to the judge Lavabit wouldn't be harmed if they lied to their customers about the compromised. The judge agreed. So, court orders, fines, retaliation, forced lies, and secrecy orders of all that are a possibility in the United States. Just don't put secrets on anything made in America or by Americans. You can use American tech for obfuscation or untrusted functions, though.
By comparaison, while there have been a few issues with Google, for a company that processes so much personal data, their track record is excellent. I can't think of any major personal data leak that could be attributed to Google.
Maybe Apple got better within these 4 years, TBH, they most likely did. However, I don't consider 4 years to be a "long time" for a tech giant. Their privacy focus is relatively recent.
The thing is: we often associate ad tracking and (lack of) privacy. It is certainly one aspect, but it is far from the whole picture. The most damaging form of privacy violations are usually not caused by advertisers but first by people who are close to you (ex: revenge porn), and second by hackers (ex: blackmail). I used the fappening as an example because nude pictures are the archetype of private data.
As for targeting phishing, I think companies who take privacy seriously have to do something about it. Phishing is the number one threat users face when it comes to cybersecurity and therefore privacy.
Now comes the debatable part: hackers targeted the iCloud platform, why? Why not Picasa, or Facebook, or whatever place images are stored? My hypothesis is that iCloud was the best target for such an attack, partly because compared to the others, it didn't offer as much anti-phishing security.
EDIT: I just noticed I didn't mention governments. First, for most people in western countries, government is unlikely to be their biggest problem. So I would rather focus on the immediate surroundings (ex: boss, partner, neighbors, etc...). And if the government really is after you, then an Apple solution might be good, but I don't think they are completely turstworthy. They are still bound by the US law after all, and they are not completely zero-knowledge. To make things clear, Google and Facebook are also out in that case.
Possibly because the celebrities targeted used iPhones, and didn’t publish their private pictures to Facebook or a Google service.
Apple isn't worth consideration if you are willing to put in the effort, or delegate trust, to other systems. If you'd prefer to delegate trust to them, how is that effectively different that FOSS that you haven't examined?
When devs announce how their software handles privacy concerns, they have an incentive to be honest because all it takes is one discovery of conflicting code and their trust is lost. But if the code is closed source, that incentive for honesty is removed. Of course the media can still seek circumstantial evidence and make accusations, but that’s a far cry from version control.
Separately, closed source code
invites new incentives to disrespect user privacy for profit.
So, there are these two major categories involved, both of which are mitigated by opening the source code.
Apple remains liable for both of them.
All that Apple has is an observation that they sell hardware too. I guess we are just assuming they already make enough money from advertising as it is and don’t really want more.
I think there is a significant difference.
I just don't see open source as better protecting privacy. See for example the telemetry in .NET Core or VS Code . Users discover this stuff by watching network traffic, not through code audits.
Fines are definitely incentive to do right but the fine must be felt. I’m not aware of any cases where the tech giants have been levied a fine that really hits them hard.
Watching network traffic is limited to circumstantial evidence, and not even that without a circumstantially isolated environment. Those are a couple of scenarios where these accusations can be made.
On the other hand, open source projects come in all shapes and sizes. Generally, they have a strong community of both developers and users around them. If you don't feel like looking at the code, you don't even have to trust the project itself. You can look to the community and its abundance of users, at least a few of which have audited the code and share your use case. And these users aren't just neutral third parties. Nay, they're better than that. They, too, value their own privacy, and are therefore motivated to protect it.
As for the theory of "open source community," see the MyBTGWallet scam. This open source project, recommended by the Bitcoin Gold team, stole $5 million via a single line of code. Being open source isn't much protection really.
Just because something is closed source doesn’t make it bad. And just because something is open doesn’t automatically make it good.
But seeing sibling explanation being downvoted into oblivion makes me think no one is interested in discussing this anyway so why waste breath.
The future looks good if we just continue to implement it the way it should be.
>This is why, when it comes to privacy, Apple isn't worth consideration. All we have is their word, and that simply isn't enough.
Quite a few of the things listed in the article are not open source (some of the map stuff, as an example). Last I checked (several years ago), we only have DuckDuckGo's word for it.
I think the idea is not that these are all trustworthy services, but that no single company has all the data on you.
In fact, the first systems that resisted strong pentesting by NSA were proprietary, shared- or closed-source systems. They shredded everything else. Two are below with another designed like that. The first, safe, kind-of-secure machine that I know of was Burroughs B5000 whose CPU did things like stop overflows, protect pointers, and check function arguments. It was immune to common, root causes of many failures or attacks. OS in a type-safe, high-level language (ALGOL variant). It was a proprietary system whose source was shared with customers. Linux systems still don't have as much code-level security in average case as that proprietary software from 1961. The virtualization solutions in FLOSS still aren't produced as securely as VAX VMM or the separation kernels that followed in 2000's with VMM's layered on top.
(See Layering and Assurance sections especially. Compare to QA practices of favorite FLOSS VM.)
(Nizza uses FLOSS components. This document is just great at describing the architecture they and the proprietary vendors were using with separation kernels. The proprietary offerings contained a lot of problems FLOSS didn't with their 4-12kloc kernels having less code to screw up. User-mode drivers can boost reliability a bit, too.)
You can also use all sorts of runtime tools to see what a binary is doing at runtime, so I imagine it would be pretty easy to see if an application is phoning home, and where home is located, although the data is probably encrypted.
In fact, it might actually be easier for an end user to audit a binary using such automated tools instead of looking at the source code itself. At least with the automated tools, the tools can flag suspicious constructs in the binary that may indicate that it's up to no good, and do so in a way that is more understandable to the end user.
Nowadays, very little of our data solely relies on our own devices, and most of the value of consumer software occurs when data is being transmitted between systems. When your data lives in the cloud, there is almost always a side-channel way to get at your private data that won't be visible in any Git repository: Just go look at it directly.
Meaning that, nowadays, if we're to live any sort of non-Luddite, Internet connected lifestyle, all we have to go on with anybody is their word. If I limited myself to services where inspecting the source code would give me what I need to know about how well my privacy will be protected, without trusting the word of any third parties, then I'd have to let go of email, telephone, and credit and debit cards (and banking in general). Plenty of other things, too, but I think those three paint the picture well enough.
DuckDuckGo uses Bing data and respects your privacy more, and probably the best choice for the privacy-conscious.
Consider the almost exclusive dataset they have moated "everyone" else out of, and the long line of disingenuous/unethical business practices. The privacy considerations are the proverbial top of the iceberg.
Altered Carbon also uses goverment as the primary seat of power. United Nations Envoy Corps are primarily a reskinning of Dune's Sardaukar, the powerful super soldiers that enforce the rule of law out of fear. There are very powerful corporations, especially those discussed in the first book, but their power is again through the influence of government, and goverment has the authority to act independently.
This is in comparison to a true mega-corp like Final Fantasy 7's Shinra Corporation, where all power exists within the company. Shinra can destroy 1/8th of the capitol city with no repercussions, and there is no significant economic activity outside of the company.
Yours is a terrifying endgame, but it feels (to me) quite far removed from what we should look out for before it's too late.
I'm specifically concerned about their approaches and attitudes on AI and Life Sciences.
I doubt Mozilla would recommend Bing over Google again because it's more "pro-privacy."
I'm wondering if you could elaborate on what sorts of things you are trying to find and having trouble with. Perhaps HN could make a few suggestions for how to get more out of your Bing experience.
I actually use Bing, and I see the oddity that is their homepage once a month, if that.
(And I think bing is fine for about 80% of searches. The rest I use google, which manages for another 10%, and for the remaining tithe I have to do something archaic like think about how to properly format a search query. Party like it’s 1999.)
I had not considered Bing a serious competitor to Google's search engine until now.
> I had not considered Bing a serious competitor to Google's search engine until now.
I can’t tell how much humor was intended here, but that’s a serious competitive point that had not occurred to me. Ever. It’s not something that MS could use in a marketing campaign, but could easily sway lots of people to give it a try when they otherwise wouldn’t.
(The exceptions here are iMessage and phone backups which are E2E encrypted.)
This seems so deliberately wrong that I shouldn’t respond, but I will. Quick and easy synchronization of contacts, calendars, and photos are all features that I appreciate. What’s more, my fearful-of-technology brother tells me how useful they are to him. He mentioned photo sync as a benefit only a few days ago.
Side note: I don't think Apple will ever encrypt iCloud iPhone backups because that would make it difficult to use them (how would you restore an iPhone backup to a new device if your old one was incinerated? Your private key would be gone)
I would never trust Apple because they have consistently lied and cheated me - For instance, they throttled the speed on my iPhone, they hid the fact that my iPhone has more probability to bend and finally, as a cherry on top, they refused to honor warranty for a design flaw of theirs.
When they realized they fault, instead of making a free replacement, they charged me $30 for it.
Given all these experienced with Apple, to my eyes, Apple is no different than Google and I wouldn't trust any word of theirs as they've consistently been exposed time and again lying to consumers. So, I don't know where you got the idea of Apple being "entitled" to be in that list, but I'd say it's the right thing that they aren't.
>pro-privacy alternatives like Apple
I don't believe this. There is no evidence to support this as Apple runs on proprietary code. And you and I don't have access to the source code, so we have no idea what's going on on their servers. Ever wondered how Apple gets its data for its Apple maps? For all you know, they could be collecting your location information to build their database. Isn't that a privacy violation? I work in the Analytics industry, inside an iPhone, using Charles proxy, you'll be able to see random requests hit Apple's servers from time to time. For all you know, this could be info about you. You can't prove it nor disprove it.
I would never dare put all my trust into a single for-profit corporation whose sole goal is to maximize revenues and has been consistently exposed for unethical practices to its customers.
So, hope that answers why Apple isn't exactly a consideration.
Consider this: for 90% of the population, that is also true of any FOSS solution. I'm tired of the "you don't have access to the source code" argument. I don't inspect the microcode that runs on my CPU - why should I trust Intel and not Apple? And for a greater portion of the population, that source code may as well be mud.
This article is about alternatives to Google on the basis of privacy. Isn't a company that doesn't base its core business model on mining your data an improvement for a vast majority of users?
You shouldn't trust Intel either (see ME and all of the other negative-ring stuff that runs on their CPUs). But at the moment there isn't a strong alternative. AMD is somewhat better but still has similar issues. ARM is a mixed bag. RISC-V might save us but still isn't at the tape-out stage. OpenPOWER is possibly the only really usable option but software support is awful (if you've never had to deal with ppc64le bugs, you're lucky).
At least you have a reasonable alternative to Apple.
Regarding the Intel comparison, you have no choice but to trust them, but by using Apple products, you are trusting Intel and Apple, which is worse than just trusting Intel.
This is called faith
In this case I decided trust the open-source community more than Apple, since the incentives of people inspecting open-source code probably align better with my own interests than the incentives of Apple.
The incentives of any people are: earn enough money for a peaceful existence.
When Heartbleed happened, it turned out that only a handful of people in the entire world have the expertise to do a full audit of the OpenSSL code. And their work is ridiculously expensive. And the audit didn't happen until someone paid for it  (I'm not entirely sure it ever completed ).
People may actually have less incentives to inspect open-source code because there's always the question of life, money, time, work-life balance etc. etc.
there is also the fact that I cannot take the code and compile it myself, proprietary solutions like the nvidia linux driver for example have given me headaches so many times, it would be nice if there was some form of entry to the code to at least get a vague idea of what the code is supposed to be doing. I basically have to pray for software to do what I want, when it doesn't the whole solution due to it's closedness/unadaptivity becomes useless to me.
This is my point. You simply don't know that. You have no idea what's happening on their servers. It's all proprietary. You have absolutely no evidence to claim that.
Given that alternatives to Google products are largely services rather than software run locally on one's own machine, you're probably right about the partial orthogonality of FOSS here since it can be hard to verify that the remote server is in fact running the software it claims it is, and from a privacy-standpoint it may be somewhat irrelevant (I recall even the FSF said something of the sort).
I am fairly sure that no apple product is mentioned because replacing all the hardware one has just for more privacy is likely too extreme for many. Not to mention that one of the biggest things you can do for your privacy is ad-blocking / cookie cleaning, and apple does not make it easier at all.
Very true. But there is no problem with apple, in fact Safari is first browser that is clearing cookies - ITP(2). I use uBlock Origin on Safari and Private browsing - no cookies at all.
It does not have a feature analogous to safari 11+'s tracking prevention.
I never said that it did... I wrote that firefox has had the ability to block cookies automatically for years, which it has had. My response was not a comparison between the browsers but a statement of one particular feature that was mentioned. I simply said that what had been stated by the gp was also available in Firefox.
> I simply said that what had been stated by the gp was also available in Firefox.
Given that the gp referred to ITP... no, it's not.
You were ignoring that nine hours later.
Disqus is over that way, if you want to keep arguing without a reason and without reading what others write.
Safari’s tracking prevention applies to things that do wind up getting loaded, and limits access to their own cookies/context. [kind of like loading all those embeds in seperate private sessions, even though they're on the same page]
You can change a setting to block third party cookies. This gets you similar treatment of cookies as was the default in safari 1-10.
Safari 11 still blocks third party cookies by default, but has 'Intelligent Tracking Protection' as an additional filter on top of it. ITP blocks/limits certain uses of first-party cookies.
Firefox has no analogous option. Either cookies are off, or all uses of first party cookies are allowed.
Also, they may work with the US government, even if they say otherwise, and people from both the US and other countries may not like that idea.
How can you trust a single point of failure to "do no evil"?
Huh? Apple potentially has everything on the device, just as Microsoft does. Maybe they don't touch it, at least intentionally, out of respect (or just prudence). But if I recall correctly, they accidentally logged all Safari URLs for a while.
Safari shares the same url/search bar, but I have not read their license. Would be pretty surprised if they are not logging all URLs.
Which is true. They don't sell the data because they directly monetize it. Same with Google. Google didn't just start doing that one day, that's been their business model since they started doing ads. Apple's business model is selling users devices, which they would jeopardize if they tried to also sell their users' data.
The "Maps (F Droid)" alternative suggested before the Maps.me app is a fork of Maps.Me that doesn't include any tracker/ad. It works pretty well although I've had a few issues logging into my OSM account and it takes a little too long to navigate "up" from a place search. It also features a GPS track recording function that Maps.Me lacks (AFAIK). It's really great and deserves more contributions!
Has several useful functions like being able to pre-download specific countries or parts of specific countries.
Many mapping apps work offline but the way Maps.me lets you specifically pick & choose areas = more user friendly.
It uses Openstreetmaps which I've found to work amazingly well in areas where you wouldn't expect (it has off-road trails in remote areas of Vietnam for example)
via iTunes I can also import gpx tracks (or gpx converted to kml, I forget) for things like mountainbike routes, which works super well.
Google has what I think are the most transparent and user friendly controls for visualizing what personal data is collected, and disabling it (most often per product, for ex. disable location history and YouTube viewing history, but enable personalized ads).
- For most of the products mentioned in the blogpost (YouTube, Search, ...), people can just go to MyActivity  and delete any data they want to. They can also disable data collection here. 
- Emails received in Gmail are no longer used for advertisement in other Google products, only used for Gmail ads, and features like searching your emails, spam prevention, parsing orders/flights/etc. to display them in the app. Also note that emails received in GSuite ("enterprise Gmail") were never parsed for these purposes. 
Important disclaimer: I work at Google [but only voicing my own opinions, as it goes], and only working there because I realize they are doing all they can to respect user privacy.
2. You can't expect every user to know they are logged, or how it's affecting the user, or know how to disable/delete it, can you?
3. How can I verify that you did delete the data about me instead of just hiding from me for viewing it? Alphabet is not belong to public sector. So the simple answer is I can't. If you want me to trust you, don't use opt-out as default.
4. I'm sure you can tell the differences between those alternatives and Google products.
5. It's not that hard to respect some one's data. First, do not collect it! Second, if you have to collect it, tell the owner why! Third, delete it completely while requested.
6. Aggregated data collection and use without permissions adds potential risks to the society. (Cambridge Analytica)
Edit: And you guys are doing deep learning, that's gonna consume lot's of data. Duplex for example, you use anonymous phone call data to train it. The question is, where does that data even come from? I'd blacklist whoever collected the data, even it's collected anonymously.
Everything adds "potential risks". When you talk about risk, you have to give estimates of both the frequency and the criticity, and then compare to the potential benefits. Only then you have all the pieces to take an informed decision, according to your preferences.
They can reduce the risks to a certain level if users were told how they are going to use the data and why before using it. Are they going to do that? No, because that increases the cost, which means less profit, which means shareholders won't agree.
So there comes law.
I don't think this stops Google from collecting your viewing history. If it did, Youtube recommendations wouldn't work at all, because they would know nothing about what I like or don't like. But I'm pretty sure recommendations work regardless of your settings -- meaning you're being tracked.
I happen to like the recommendations, so I don't mind this. But it's a hard problem.
Does that actually prevent the data from being stored on Google's servers? I'd like to believe that the data isn't being vacuumed up regardless of what the user says, so if you're willing to vouch for it then that would mean a lot.
You see, the point is that we, the users, helped to create a mammoth that has an enormous pile of sometimes very intimate data on almost anyone. This in itself is dangerous, regardless of what they do with this data - whether they share it with advertisers and other third parties, the government, NSA etc. or not. Also, the world changes fast. Owners change, governments change. Who is to blame when things end up badly? We are, because we got lured by free unlimited spam-free mailbox, free browser, cheap phone, free analytics, accurate search engine. We like these so much that we gave up critical thinking for a while. But the society as a whole is slowly waking up, hence articles like these (which is quite lacking on several points BTW.)
A breach would be a security issue, not a privacy issue.
A security issue is where a third party accesses your data stored at Google without Google's permission.
A privacy issue is where a third party accesses your data stored at Google with Google's permission but without your permission.
Until the GDPR started being enforced, I think it was common practice to collect and sell data without the user's full knowledge and consent. It's a huge change in mindset having to know and explain what they're doing.
Even when not signed in, YouTube remembers the sort of video you've watched and suggests similar ones; I didn't explicitly consent to this, and they didn't tell me clearly what data they were collecting. I'm a former Gmail user; I didn't explicitly consent to Google analysing the contents of my email messages; I think a typical person would not expect that.
If something “feels creepy”, it's probably a privacy breach.
Maybe Google think they have the user's permission. It may be an honest misunderstanding. I'm not saying they're malicious; but I think they have very little incentive to really care about privacy, because their users don't demand it. Third parties will pay for user data.
Also, I think you should be able to choose who you trust. You shouldn't be obliged to trust Google (or Microsoft or whoever); I would see that as a monopoly.
I guess it's a good reminder that i need to change services
Again, "reading" emails seems to be an arbitrary distinction. Your emails are stored and served to you, so they are read by HTTP servers, by your browser, by many things. The real issue is the use that is made of those readers: an index that allows you to search your emails more efficiently does not seem to be nefarious, but I definitely agree that other nefarious uses are possible (say some company that would use emails to target people in debt or something like that), just not the case with Gmail.
> You can use a program on your computer locally to keep your emails and index&search them.
Right, but then it's not Gmail anymore, that's just an IMAP mail server with Thunderbird.
Gmail started as a smart webmail; being able to quickly search your emails from anywhere, without a desktop client, without fetching thousands of emails before you could perform a search.
Sometimes the ads it gives me are so relevant I actually click on them and I'm glad I did!
I just have a better experience where I'm constantly delighted by Google anticipating what I want because it knows so much about me.
I should be paranoid, I know, but I just like the convenience so much.
Things can get tricky if they pop up (thorough bad luck or as a consequence of their actions) on the radar of someone that wants to make their life miserable or if they bother someone with power.
Otherwise I assume you're well off financially by now, so getting screwed on insurance should be a non-issue. Discrimination is likewise a non-issue.
In general money helps and being a US citizen, straight, not muslim, healthy, male etc also helps.
Disclaimer - would be happy to be proved wrong if you want to provide contrary evidence...
* were you denied entry in a country because the agent had a bad day or because of something you wrote on twitter?
* did your insurance rates increase because of a market adjustment, or because of something your car mechanic or car manufacturer shared with the insurer?
* were you denied that job because they found a better candidate or because they found some thought crimes on your social media?
* were you stopped by the police for a random check or because the cameras matched your face to suspicios online purchases?
* did you lose your global entry access because you're a threat to national security or because you accidentally ordered a fake bag on Amazon that you never even received?
* were you passed for promotion because you're not good enough or because your employer found out through LinkedIn that you were looking for another job last year?
In a world increasingly controlled by algorithms and data, you won't even know when you are being harmed.
Specifically to the things you list - again, I don't have statistics here, but based on my gut feeling - most of them barely affect anyone. Do you really think a large amount of people are barred entry into a country because they wrote something on Twitter? I'd imagine this almost never happens, at least today.
And btw, I kind of disagree with at least some of your items, like "were you passed for promotion because you're not good enough or because your employer found out through LinkedIn that you were looking for another job last year?". This is not what we were talking about, a case in which "Google" spies on you. This is your employer "spying" on you through your (supposedly public-enough) actions on social media. Changing the place you are looking for a job for from LinkedIn to "NewLinkedIn" won't make any difference for something like this, and is not the fault or responsibility of the company.
It's impossible for us to know what's happening, baring various leaks. Given the last decade my gut feeling is that if it's not happening, someone's at least thinking about how to implement it.
Re LinkedIn: I didn't mean good old social network stalking. There's nothing stopping LinkedIn from offering this as a sevice to companies. They already allow recruiters and paying members more privileges.
E.g. thank to Gmail I rarely use an email application on my computer and use webmail. When I tried out Posteo it was extremely annoying that it logged me out every few minutes and I couldn't get my email. They said this couldn't be changed.
Google really did an excellent job of supply me with services which I want to use. Not just tools which are working well.
BTW, Google doesn't use all its services to sell or personalise ads. Which doesn't mean they don't use them to learn more about you which in turn is used to improve the services so that you them even more.
So as much as I wish I could restore my privacy by leaving Google, I think Google knows me too well that I won't for now.
From a search engine perspective I’ve switched to DuckDuckGo and I’m impressed with how good it has gotten.
With maps I’ve tried various solutions including mapquest, Microsoft, and Apple but nothing comes close to Google Maps.
I switched to DDG over a year ago and it works great for things that are simple lookups to Wikipedia, IMDB etc. When I have an arcane Windows bug, I end up using "G!". Also DDG isn't that great for latest News but the Image search is pretty good.
I set DDG as the default search on my non-techie wife's new PC earlier this year and she has not once complained about the search qualify.
If it's "costs money", we're not planning to change that! We (FastMail) are proudly a paid-only service.
When I signed up in 2016 (I’m still a customer btw) it was a big pain to get my custom domain added after paying for an account. I had to contact support for assistance. I somehow have to have two accounts for my plan but only one has a mailbox. Crazy bad experience here.
The amount of space we get for mail is low for the fee. I pay around $12/year in additional fees with Google for another 70GB of space outside of the 30GB they give for the base plan. Fastmail was pricier last I checked.
There is zero quality collaboration option for me. Even if you added one the fact that anyone who wants to collaborate would have to have a paid account with me creates a barrier for me to even try and use it for anything but just email.
The spam filter is about 30% as accurate as Gmail. I try and train it but don’t have time to always be doing that.
The mobile app on ios doesn’t remember me. It doesn’t even have an option to remember me. What a pain, I hardly even bother to use it because of that.
That all said. I like some things about fastmail:
The web interface is fast.
The admin features are robust and easy for adding aliases and new custom domains.
The fact you are pushing to make the world a better place for email is why I keep paying for the service.
What you are doing is hard. Your competitors are massive and well established. I hope you continue to make progress.
I need to use my account more, though. So helplessly locked into my Google account for sign ups everywhere.
Perhaps I ought to read that "The Psychology of Dread Tasks" article that is also trending now.
Then again, I rarely have and like having subscriptions these days because of minimalism but I suppose this is a good trade off for my entire lifetime.
On a different note, does anyone know how GoDaddy is in terms of privacy? Is there a better domain registrar out there?
Edit: Just realized I’m using Google’s Project Fi on my iPhone SE, with Hangouts.
It looks much the same either in brower or app. Here's what it looks like on my phone:
I don’t yet have an account, so was going off the pricing listed on their website. Good to know there are more options.
I signed up and I only see the same plans as on the pricing page
I haven't encountered this with my personal email server nor heard of it from anyone else. I think this might just be an issue with Posteo.
It's easier if you don't try to move all at once. Spend some time looking at different email options and move that. Do calendar later. Get rid of Google Apps on your Android later still. Gradual change is much easier.
Of course it's possible.
The reason is clear: lock-in.
People are reluctant to change providers if they lose their mail address.
I think for .de domains, you are required to have your personal address in WHOIS if you are not a company.
First, I may be okay with it. And why would Posteo store WHOIS data? Unless they want to be a domain reseller, which is not what I asked them about.
Second, there are other TLDs.
I still insist that they do it because of lock-in and that they lie about it.
I think mailbox.org supports custom domains and is similar in other respects.
They should stop storing the mails themselves, they are full of private information. /s
Lets me assume, that you're always logged in. Google thanks you for that, much easier to link this browser's history and searches to your account.