IMO switch away from services as fast as you're comfortable with - it's not all or nothing. Switch the easy ones now, and build escape plans for the rest. Small steppy is better than no steppy.
Privacy Guides
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
- We prefer posting about open-source software whenever possible.
- This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
- No soliciting engagement: Don't ask for upvotes, follows, etc.
- Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
- Be civil, no violence, hate speech. Assume people here are posting in good faith.
- Don't repost topics which have already been covered here.
- News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
- Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
- No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
- No misinformation: Extraordinary claims must be matched with evidence.
- Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
- General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Additional Resources:
- EFF: Surveillance Self-Defense
- Consumer Reports Security Planner
- Jonah Aragon (YouTube)
- r/Privacy
- Big Ass Data Broker Opt-Out List
Totally agree with this. I started with Gmail and calendar and then gradually continued with Gdrive and Gphotos. My browser has always been Firefox, so no problem there. My next step is owning a Google-free phone (keeping an eye on https://tuxphones.com/). The only thing that I can not get rid of is Google Maps. It works so damn good!
replaced it years ago with Organic Maps. The few things googleMaps does better are not worth the huge hole it digs in your privacy
Awesome, thanks for the suggestion.
I originally had ambitions for a Linux phone but after all my waiting and reasearch it seemed to be too much of a hassle and no gain. After all, you can also have a degooglefied experience with a forked android like LineageOS or GrapheneOS. That's what I went with.
True. I so much would like to have a pure Linux phone, but they are still not much ready. I do not understand why though. I think there is market for it and tons of Linux apps are already available.
What do you use for a GDrive alternative?
And for a better GMaps alternative, try OpenStreetMap
I use a self-hosted Nextcloud server for Gdrive and Photos. Anyone who thinks going self-hosted is hard must watch 1 or 2 Docker videos and buy a minipc for a $150-$200. It is really not that hard. OpenStreetMap unfortunately is not even close what Maps can provide. I have not checked it for a long time though, maybe some drastic improvements have happened lately?
On the other hand OpenStreetMap seems to provide things that Google Maps doesn't like a lot of paths and trails, including inclination & difficulty info.
Yes, way more up to date for most thongs, and it doesn't clutter the map full of ads.
Google Maps has been good for street view, though. I only use it account free and in an isolated/VPN tab. 😂
Well it's not hard (I have Linux experience), but I'm worried about the time investment to maintain and secure it myself. I'd rather pay someone else to do that for me...
I'm surprised you don't like OSM, in terms of the actual map it's much better for me than GMaps. The only thing I still use GMaps for is to see reviews of restaurants etc.
Now you made me curious :) I will definitely take a look at it. Thanks.
No worries, if you also want to use it on your phone be sure to check out the OsmAnd or Organic Maps app.
Anyone who thinks going self-hosted is hard must watch 1 or 2 Docker videos and buy a minipc for a $150-$200. It is really not that hard.
I'm always amazed at how out of touch tech people are with how difficult this stuff is. People say shit like this all the time but when I try it, it most certainly is difficult, and continues to be difficult as time goes on and things stop working.
As mentioned self-hosted Nextcloud is an option but as my ability to keep things from breaking is really limited which is a big reason why I use the cloud, I am moving on Sync. Other cloud services people often recommend are NordLocker and Tresorit.
Nordlocker is neither open source nor has it been audited. Tresorit at least has audits.
NordLocker was part of Nord Security external ISO27001 audit in 2022. Of course, being closed-source software you can't really know security fully. The biggest concern seems however to be the encryption model they use in addition to being closed source. However, for example, hosting my own cloud service while most secure really isn't the option that would answer the reason I use cloud service.
I am not saying use it. I am saying it often gets recommended. I really do think people should do their own research on if things are best fit for them. I am having a huge issue finding actually secure solutions that are not self-hosted and FOSS or at least open source. Nextcloud which is fully hosted by service or on your own bought server space has some concerns as well.
I'd agree with Google EARTH being without alternative, but so far I haven't really found any gmaps feature that OrganicMaps/OSM doesn't provide. Maybe I've never gotten full use out of gmaps?
This 100%. It's also worth looking at https://www.privacyguides.org/en/basics/common-misconceptions/#complicated-is-better
Don't be obsessive about "degoogling" to the point where you pick worser alternatives that don't have the features you require. Always test something out before doing a mass migration of "all your email" for example.
For email, I recommend purchasing your own domain name and finding a provider that allows the use own your own domain (like Proton or Tutanota). A catch-all function is also good for making unique addresses per service, so you're mostly protected from data leaks and spam. Like lemmy@yourdomain.tld or clothingstore1@yourdomain.tld
Will make switching email providers much easier when you don't have to update your address to tens or hundreds of services you've registered on.
Solid advice! And I’d also like to throw Fastmail as an email provider into the mix! I’m very happy with it and many other peeps I’ve heard from are happy as well. (I use it for mail, calendar and contacts.)
Good advice! I would argue the only downside is having to maintain your own email server. But that comes with the territory I guess. Any low-cost server hosting to consider?
You would not have to do that if you just use an email provider that allows custom domains. Probably will have to pay up though.
I've heard that self-hosting your own email server is almost always a bad idea as it can/will get blacklisted by sites.
You'll still need email hosted by someone else, even if you are self hosting, in order to sign up to domain registrar etc.
It's very poor idea to use the same domain for contact from a registrar.
Proton mail is free, encrypted, and their tools make the transition super easy.
I highly recommend Proton Mail. Their email phone app and webapp are very good and they seem to be branching out into other services like calender integration and VPN. I've been working on reducing my reliance on Google services for awhile, but it has been very slow with how many accounts I've registered using my Gmail over the years.
The only problem I've had with Proton Mail is that the free tier on the phone doesn't let you have two emails logged in at once. Normally I would want my real identity email and my internet identity email to be logged in at the same time. Which is doable in the webapp at least. I may end up paying the $3 a month not just to unlock this feature, but to support a non-Google service in general.
I love Proton Mail, been using it for over a year now and it's been great. Phone app and web app work great, has all the features I need.
Their proton VPN has been really good too. A lot of people complain about it on Linux and Android, but I personally haven't had any issues at all on either platform.
The only problem I've had with Proton Mail is that the free tier on the phone doesn't let you have two emails logged in at once.
If you're on Android, you can download Shelter from F Droid. This creates a work profile on your device, then you can clone any app to get a second login. I have several apps that I have separate simultaneous logins.
I like this idea. I'll give it a try. Thanks.
Here is how I done it:
Email, drive - Proton (+vpn)
Youtube: (NewPipe/Libretube)
Phone OS: CalyxOS/GraphineOS
Maps:Organic Maps (powered by OSM).
All of these are open source.
I'd add to this "GMaps WV" (Google maps web view wrapper). It's available on FDroid and wraps the web version of google maps. I use it to find locations and GPS coordinates and then navigate to them in OSM bc OSM based applications are poor and doing so.
You might be interested in the /c/degoogle@lemmy.ml community! https://lemmy.ml/c/degoogle@lemmy.ml
!degoogle@lemmy.ml
What are you not sure about the Android telemetry? Or what problems in this field do you expect without a Google account?
And also courious, what type of signing does Gmail provide that others don't? You mean PGP or S/MIME?
I dont know what I can do about android without break and about gmail its signed in everywhere that I used like steam, and every other important app that you can think, and tutanota is good but mostly paid(I think so)
Skiff is another option to replace Gmail, it has 10 Gb free storage.
For Android check out this website: https://www.privacyguides.org/en/android/#operating-systems
Skiff is another option to replace Gmail
Make sure you don't depend on features like email clients. You also can't use encryption like PGP so, that will mean that you'll only have E2EE if you're sending to other Skiff users. (There is no external E2EE with Skiff).
I dont know what I can do about android without break
GrapheneOS, CalyxOS, /e/OS, etc
about gmail its signed in everywhere that I used like steam, and every other important app that you can think
This is a very effective way to ensure your activity is tracked by Google across the web.
Delete your accounts. Get a relay service (Firefox Relay, SimpleLogin, AnonAddy, etc.). Create new accounts with alias emails.
Get a password manager (1Password, BitWarden, Proton Pass). Save your alias, username and unique password in the manager.
That should be a good start.
GrapheneOS, CalyxOS, /e/OS, etc
I'm not sure that /e/ is as degoogled as you might think:
- https://web.archive.org/web/20210429032124/https://infosec-handbook.eu/blog/e-foundation-first-look/
- https://web.archive.org/web/20210501132539/https://infosec-handbook.eu/blog/e-foundation-second-look/
- https://web.archive.org/web/20210515115246/https://infosec-handbook.eu/blog/e-foundation-final-look/
We do think their phones are very pricey for what they are and not nearly as secure as something like GrapheneOS, ie lack of verified boot etc. Their cloud service is also not E2EE as far as I can tell, which you'd really expect from a "privacy service".
Better to focus on using good products than be obsessive about Google.
Delete your accounts. Get a relay service (Firefox Relay, SimpleLogin, AnonAddy, etc.). Create new accounts with alias emails.
Also suggest reading this: https://www.privacyguides.org/en/basics/common-misconceptions/#complicated-is-better
For "known identity" do not use cloaking services, you'll end up banned. Amazon does this for example.
phase out Google account sign-in slowly by signing in to those accounts with an email address instead. It takes weeks maybe, but then you're free. A password manager like keepass helps
I'm still on gmail. It's one of the few services I genuinely think google is still doing correctly.
But, a good way to switch, would be to get another email address, then link it to gmail, or gmail to it (via smpt and pop3/imap) and slowly start swithing all your stuff over while using both for while. The link will bring everything into one single inbox for you.
I still have two pre-gmail inboxes routes ilto my gmail this way, they never get mail anymore, but you don't need to entirely cut those inboxes off.
"Still doing correctly"? They are very generous with their space allowance and you gotta wonder why. I haven't read the privacy policy, but I wouldn't be surprised if every email you receive, everything you buy, every account you own is feeding into advertising profiles about you as a user.
It definitely is. That was the deal you made to use gmail, that's been the case since the start. The user agreement is very up front about that.
What I mean is, is that where gmail is concerned, that trade is still one I'm willing to make. It provides enough for me to agree to hand over the snapshot of me that is my email traffic.
With chrome, not so much. Chrome does very little to provide me with some kind of value other browsers dont, and yet it asks for everything I do online. Not just the account confirmation messages I use my email to receive. Gmail can see if I have pornhub account. Chrome can log every webpage I've ever opened. There's a difference.
Email is central for all online activity, and google is really good at it, and provides it for "free", at a rate that's "competitive".
A lot of googles other services, very much aren't.
No, they do not read your email, they're very clear about this, that is mostly FUD pushed by privacy providers who lack ethical marketing standards.
We do not scan or read your Gmail messages to show you ads
If you have a work or school account, you will never be shown ads in Gmail.
When you use your personal Google account and open the promotions or social tabs in Gmail, you'll see ads that were selected to be the most useful and relevant for you. The process of selecting and showing personalized ads in Gmail is fully automated. These ads are shown to you based on your online activity while you're signed into Google, however we do not process email content to serve ads.
To remember which ads you've dismissed, avoid showing you the same ads, and show you ads you may like better, we save your past ad interactions, like which ads you've clicked or dismissed.
The place where Google makes the money is on the sites you visit with Google Adsense and your search terms being associated with a logged in Google account. Most people want to stay logged into their email (and thus their Google account), so that's where the behavioral/adsense analytics comes in. Much fewer people use email clients these days.
"we do not process email content to serve ads" looks very specific. We don't process emails to serve you ads. It doesn't say they don't process ads to understand better what is relevent to you. It is also a very specific word, serve. Serving means displaying, but it doesn't necessarily mean profiling or targetting.
Ads are shown based on: "ads that were selected to be the most useful and relevant for you". So, they're saying they don't directly do that, but it doesn't cover indirect processing that would feed into this.
These people are very clever, and hire very clever lawyers that could easily demonstrate this in a court, so they could use that information and still meet the requirements of the policy.
Considering the astounding level of information gained from Android that feeds into their tech, it would be quite naive to believe they've ring fenced email as something they don't touch. Google still serve very relevant content to people that don't use search and don't stay logged into email. I cannot imagine it's a fluke. Email is a very expensive game to be in when you're insinuating that all they want is to be an identity provider to assist in tracking web interactions.
I always understood it as they don't parse the actual details of emails (the body) to generate an add profile. It doesn't mean they don't track what websites you're visiting whilst logged in though.
My guess to this is that it's not accurate, for example email chains, or someone mentioning something that you have no intention of buying. As the email body is very unstructured it would be quite difficult to interpret whether those keywords should be added as an interest, having said that, with advanced AI that can parse context of a sentence they may just start doing that again if they can with accuracy.
It's one of the few services I genuinely think google is still doing correctly.
One thing Proton does really well is filters. Google is, comparatively, an absolute nightmare, and they should be embarrassed.
If you've got your own server imapfilter is perfect for this.
It can periodically log into multiple accounts and move/delete do anything with emails.