By reading about the new inclementations on Google I decided to leave from Google services entirely, already stoping using Windows for 6 month and Chrome, but sttil dont sure about a gmail(Some important things are signed in gmail accont) and some services like Youtube and some android telemetry(already rooted)
IMO switch away from services as fast as you’re comfortable with - it’s not all or nothing. Switch the easy ones now, and build escape plans for the rest. Small steppy is better than no steppy.
This 100%. It’s also worth looking at https://www.privacyguides.org/en/basics/common-misconceptions/#complicated-is-better
Don’t be obsessive about “degoogling” to the point where you pick worser alternatives that don’t have the features you require. Always test something out before doing a mass migration of “all your email” for example.
Totally agree with this. I started with Gmail and calendar and then gradually continued with Gdrive and Gphotos. My browser has always been Firefox, so no problem there. My next step is owning a Google-free phone (keeping an eye on https://tuxphones.com/). The only thing that I can not get rid of is Google Maps. It works so damn good!
What do you use for a GDrive alternative?
And for a better GMaps alternative, try OpenStreetMap
As mentioned self-hosted Nextcloud is an option but as my ability to keep things from breaking is really limited which is a big reason why I use the cloud, I am moving on Sync. Other cloud services people often recommend are NordLocker and Tresorit.
Nordlocker is neither open source nor has it been audited. Tresorit at least has audits.
NordLocker was part of Nord Security external ISO27001 audit in 2022. Of course, being closed-source software you can’t really know security fully. The biggest concern seems however to be the encryption model they use in addition to being closed source. However, for example, hosting my own cloud service while most secure really isn’t the option that would answer the reason I use cloud service.
I am not saying use it. I am saying it often gets recommended. I really do think people should do their own research on if things are best fit for them. I am having a huge issue finding actually secure solutions that are not self-hosted and FOSS or at least open source. Nextcloud which is fully hosted by service or on your own bought server space has some concerns as well.
Here is how I done it:
Email, drive - Proton (+vpn)
Youtube: (NewPipe/Libretube)
Phone OS: CalyxOS/GraphineOS
Maps:Organic Maps (powered by OSM).
All of these are open source.
I’d add to this “GMaps WV” (Google maps web view wrapper). It’s available on FDroid and wraps the web version of google maps. I use it to find locations and GPS coordinates and then navigate to them in OSM bc OSM based applications are poor and doing so.
I highly recommend Proton Mail. Their email phone app and webapp are very good and they seem to be branching out into other services like calender integration and VPN. I’ve been working on reducing my reliance on Google services for awhile, but it has been very slow with how many accounts I’ve registered using my Gmail over the years.
The only problem I’ve had with Proton Mail is that the free tier on the phone doesn’t let you have two emails logged in at once. Normally I would want my real identity email and my internet identity email to be logged in at the same time. Which is doable in the webapp at least. I may end up paying the $3 a month not just to unlock this feature, but to support a non-Google service in general.
I recommend you using a VPS. You will be able to make your own email server, xmpp server, nextcloud (whic is better than google drive), and a lot of apps would make your data more secure(such as searx, libreddit). and you can host these under 10 minutes using yunohost.
What are you not sure about the Android telemetry? Or what problems in this field do you expect without a Google account?
And also courious, what type of signing does Gmail provide that others don’t? You mean PGP or S/MIME?
I dont know what I can do about android without break and about gmail its signed in everywhere that I used like steam, and every other important app that you can think, and tutanota is good but mostly paid(I think so)
I dont know what I can do about android without break
GrapheneOS, CalyxOS, /e/OS, etc
about gmail its signed in everywhere that I used like steam, and every other important app that you can think
This is a very effective way to ensure your activity is tracked by Google across the web.
Delete your accounts. Get a relay service (Firefox Relay, SimpleLogin, AnonAddy, etc.). Create new accounts with alias emails.
Get a password manager (1Password, BitWarden, Proton Pass). Save your alias, username and unique password in the manager.
That should be a good start.
Delete your accounts. Get a relay service (Firefox Relay, SimpleLogin, AnonAddy, etc.). Create new accounts with alias emails.
Also suggest reading this: https://www.privacyguides.org/en/basics/common-misconceptions/#complicated-is-better
For “known identity” do not use cloaking services, you’ll end up banned. Amazon does this for example.
GrapheneOS, CalyxOS, /e/OS, etc
I’m not sure that /e/ is as degoogled as you might think:
- https://web.archive.org/web/20210429032124/https://infosec-handbook.eu/blog/e-foundation-first-look/
- https://web.archive.org/web/20210501132539/https://infosec-handbook.eu/blog/e-foundation-second-look/
- https://web.archive.org/web/20210515115246/https://infosec-handbook.eu/blog/e-foundation-final-look/
We do think their phones are very pricey for what they are and not nearly as secure as something like GrapheneOS, ie lack of verified boot etc. Their cloud service is also not E2EE as far as I can tell, which you’d really expect from a “privacy service”.
Better to focus on using good products than be obsessive about Google.
Skiff is another option to replace Gmail, it has 10 Gb free storage.
For Android check out this website: https://www.privacyguides.org/en/android/#operating-systems
Skiff is another option to replace Gmail
Make sure you don’t depend on features like email clients. You also can’t use encryption like PGP so, that will mean that you’ll only have E2EE if you’re sending to other Skiff users. (There is no external E2EE with Skiff).
I’m still on gmail. It’s one of the few services I genuinely think google is still doing correctly.
But, a good way to switch, would be to get another email address, then link it to gmail, or gmail to it (via smpt and pop3/imap) and slowly start swithing all your stuff over while using both for while. The link will bring everything into one single inbox for you.
I still have two pre-gmail inboxes routes ilto my gmail this way, they never get mail anymore, but you don’t need to entirely cut those inboxes off.
If you’ve got your own server imapfilter is perfect for this.
It can periodically log into multiple accounts and move/delete do anything with emails.
“Still doing correctly”? They are very generous with their space allowance and you gotta wonder why. I haven’t read the privacy policy, but I wouldn’t be surprised if every email you receive, everything you buy, every account you own is feeding into advertising profiles about you as a user.
No, they do not read your email, they’re very clear about this, that is mostly FUD pushed by privacy providers who lack ethical marketing standards.
We do not scan or read your Gmail messages to show you ads
If you have a work or school account, you will never be shown ads in Gmail.
When you use your personal Google account and open the promotions or social tabs in Gmail, you’ll see ads that were selected to be the most useful and relevant for you. The process of selecting and showing personalized ads in Gmail is fully automated. These ads are shown to you based on your online activity while you’re signed into Google, however we do not process email content to serve ads.
To remember which ads you’ve dismissed, avoid showing you the same ads, and show you ads you may like better, we save your past ad interactions, like which ads you’ve clicked or dismissed.
The place where Google makes the money is on the sites you visit with Google Adsense and your search terms being associated with a logged in Google account. Most people want to stay logged into their email (and thus their Google account), so that’s where the behavioral/adsense analytics comes in. Much fewer people use email clients these days.
“we do not process email content to serve ads” looks very specific. We don’t process emails to serve you ads. It doesn’t say they don’t process ads to understand better what is relevent to you. It is also a very specific word, serve. Serving means displaying, but it doesn’t necessarily mean profiling or targetting.
Ads are shown based on: “ads that were selected to be the most useful and relevant for you”. So, they’re saying they don’t directly do that, but it doesn’t cover indirect processing that would feed into this.
These people are very clever, and hire very clever lawyers that could easily demonstrate this in a court, so they could use that information and still meet the requirements of the policy.
Considering the astounding level of information gained from Android that feeds into their tech, it would be quite naive to believe they’ve ring fenced email as something they don’t touch. Google still serve very relevant content to people that don’t use search and don’t stay logged into email. I cannot imagine it’s a fluke. Email is a very expensive game to be in when you’re insinuating that all they want is to be an identity provider to assist in tracking web interactions.
I always understood it as they don’t parse the actual details of emails (the body) to generate an add profile. It doesn’t mean they don’t track what websites you’re visiting whilst logged in though.
My guess to this is that it’s not accurate, for example email chains, or someone mentioning something that you have no intention of buying. As the email body is very unstructured it would be quite difficult to interpret whether those keywords should be added as an interest, having said that, with advanced AI that can parse context of a sentence they may just start doing that again if they can with accuracy.
For email, I recommend purchasing your own domain name and finding a provider that allows the use own your own domain (like Proton or Tutanota). A catch-all function is also good for making unique addresses per service, so you’re mostly protected from data leaks and spam. Like [email protected] or [email protected]
Will make switching email providers much easier when you don’t have to update your address to tens or hundreds of services you’ve registered on.
Good advice! I would argue the only downside is having to maintain your own email server. But that comes with the territory I guess. Any low-cost server hosting to consider?
You’ll still need email hosted by someone else, even if you are self hosting, in order to sign up to domain registrar etc.
It’s very poor idea to use the same domain for contact from a registrar.
You would not have to do that if you just use an email provider that allows custom domains. Probably will have to pay up though.
I’ve heard that self-hosting your own email server is almost always a bad idea as it can/will get blacklisted by sites.