I'm an engineer working on Firefox Platform (Gecko). In the linked blog post, the author recommends Firefox (thanks!) and links to a "privacy recommendations" for it, which include items such as "resistFingerprinting" settings.
I'd like to remind everyone that turning on this setting has far fetched consequences to how you experience the Web.
Your dates, timezones, preferred languages will all be masked which will result in weird experiences.
The option is behind a flag and without UI precisely because it is a pretty complex feature, that we didn't iron out yet, and which should be well understood before being used.
It concerns me to see it being references and recommended without any explanation whatsoever.
Of course I'm likely biased because I'm on the receiving end of bug reports from people who experience the Web in weird languages and with wrong timezones because they followed some tutorial that recommended it. :(
Is there a moderate resistFingerprinting setting? I don't mind my date/tz/language being known. There are 150m+ people living in my timezone who use en-US.
I don't want my fonts, plugins, user agent, or detailed HW/graphics features (e.g. canvas/WebGL hash) being known. Those can uniquely identify me according to https://panopticlick.eff.org.
So does your resolution. And that's hard to mask because JS usually needs to know it.
If you're not using the browser fullscreen, chances are that you're using a unique innerWidth+innerHeight.
As unsatisfying as it is, the current best solution seems to be not to care about privacy most of the time, and then take privacy seriously when you do. Whonix is excellent for this.
Your resolution alone will not likely uniquely identify you. The idea is to eliminate many of the data points that make it easy to track you across IPs. Resolution is very common if you're browsing with a maximized window so it's not in the same league as these others that quickly diverge amongst users.
No, not alone. But if you're not masking your IP address, it probably will.
Weirdly, I tried to measure how unique my window.innerWidth/Height was, but panopticlick no longer seems to measure this. It only uses my full screen resolution, which of course is much less unique than canvas dimensions.
The Tor Plugin sets the window sizes to predefined values that match various fullscreen resolutions. So there are options, but they all involve tradeoffs.
Don't huge swaths of people have the same resolution, though? Yes, I understand other things come into play here (OS, Browser, available plugins, etc) but I am skeptical that people are really building UUIDs based on someone's screen resolution. Or, if they are, that such IDs are meaningfully accurate.
It's all about the bits. You need 33 bits to identify 8 billion people. All that is required is for these bits to be independently uniformly distributed.
Say everybody uses one of four resolutions equally. That's two bits: 00, 01, 10 and 11. Now let's say that people's gender is also binary, distributed 50/50 and independent from what resolution someone uses. You can just tack that bit onto the two you already got and now you have three (the ability to distinguish between 2^3 = 8 individuals).
I won't go into the details, but if you have an estimate for the probability distribution of browser resolutions, it's fairly easy to extract the proper amount of bits of entropy. Being independent is a bit harder to make sure of, but as long as you pick things which aren't too obviously correlated, you can just take a safety margin and use, say, 40 bits to identify people, and it's probably fine (and for tracking purposes, a false positive isn't the end of the world, either).
That said, while I support the concept and idea behind panopticlick, I've always felt it overestimated the unicity of my browser. Or maybe I just really underestimate it myself. I don't know.
But I resize my browser all the time? Even with timezone + language surely it's a very short lived fingerprint? When it's not manually sized it's snapped to either side of a standard screen.
If fingerprinting uses a hash based on a number of input criteria, then you only need to perturb one of those inputs to make the entire hash unusable. Perhaps Firefox is perturbing the other inputs (?) such that screen resolution doesn't matter much. (Just guessing and looking for a positive angle here).
I had to work on fingerprinting (not my proudest moment) and disabling hashing to avoid this problem was literally the very first thing we did. Just a datapoint, of course.
> As unsatisfying as it is, the current best solution seems to be not to care about privacy most of the time, and then take privacy seriously when you do. Whonix is excellent for this.
No offense, but advice like this is useless. It reduces to, "someone I don't know thinks the average person with no special risk factors should think this way about their personal privacy based on who knows what priors."
Different people have different reactions to risk, have different actual exposures to risks, different competencies, and different tolerances for the hassles of opsec. And potential future risks of data slopping about are unknown.
There is no such thing as a "best solution" when talking about this.
Assuming there's 4k possibilities for width and 2k for height, that's 8 millions possibilities right here. Compared to ~2 billions of people accessing the internet, the odds of having a unique one seems really really low.
It's one of many different data points that can be used to identify you though, and if you aren't full screen at a standard resolution then it's a very good one.
True, but if you round it down to the closest multiple of (say) 32, you significantly reduce the information content while leaving JS/CSS layout essentially the same.
Indeed, it will surely make resize look less sexy (jumping by 32s instead of pixels), and you might waste a few pixels of screen real estate on some sites at some times -- but it's the kind of tradeoff that some people happily do for more privacy.
Related, does anyone know if privacy badger include "screen size determination" in its heuristics?
I can't imagine that's 'usual'; most sites will do absolute positioning in css, if at all. As you suggest, trying to layout pixel-by-pixel designs is notoriously awkward and best avoided.
One problem is that your user agent is matched against all tested user agents from all times. This includes very old ones. If the user agent was used to track you online, they would account for that it frequently updates and for a lot of users (considering that most browsers update automatically these days).
So the site should really only take into account your OS, maybe its major version, and browser version (which changes frequently so trackers can’t rely on that). Or at least not count any that are not used anymore.
Using Javascript the page can query more details about the environment including installed plugins, addons, configuration settings (language etc), certificates and fonts. That combination is often unique.
After the constant succession of revelations of the sorry state of privacy, along with myriad data breaches, all I want a browser to do is lie and obfuscate. So I'll gladly take the sledgehammer boolean of resistFingerprinting for now.
I've yet to come across an extension that does something like this so I'm presuming it's not possible via extensions?
Are Mozilla working to make this more granular and let me whitelist individual features on a per site basis?
I'd far rather lose tracking than get the very minor benefit of a (slow loading) web font or en-GB over en-US. Especially if I can opt in the few I trust or need those features.
> After the constant succession of revelations of the sorry state of privacy, along with myriad data breaches...
I remember reading an article about how Richard Stallman interacts with the internet a while back. I remember thinking that it seemed totally insane. But in light of the reality of 2018, I am coming around.
The way I see it, I can keep tweaking privacy settings in a browser, or opting out of collection, or doing any number of other things to attempt to protect my privacy, _or_ I could just stop using services that do not respect my privacy in the first place. Perhaps certain aspects of modern life have taken too much, and they need to be abandoned until they are reformed?
It was directly related to #2, but I only made it there as a result of reading some other article. It has been a while and I don't remember the source.
I agree. I'm coming around to some of his view, and no longer see him as quite so extreme. Still think he weakens his message with the alternative language, like "used" instead of user etc. Always have.
The difficulty of course is right now it's nearly everyone at it. Too early to say if GDPR will make an appreciable difference, though it seems like it should. So that leaves few choices outside of gnu everything or layers of hacks and browser extensions. I have hope that many services will start being much more careful in what tracking and data they actually need after recent events.
RMS’s efforts are not for not privacy as some absolutist doctrine: no one must know anything about me. Instead they are about freedom: people should know about me what I let them know about me; I am in control of my data and my online presence. We know lots about RMS’s internet habits specifically because he shares them with us using free and open services.
He's put his own special RMS twist on the classic 'vagrant in the library' model of internet use, taking it a step further by shunning browsers entirely and not using cellular devices. IIRC, he does explicitly mention privacy as being one of his motivations.
NoScript, uBlock or uMatrix offer this (largely). Fingerprinting relies heavily on Javascript. Many sites work just fine without it or with first-party JS only (fingerprinting is mostly done by third-party trackers).
If Firefox really cared more about privacy than about its money flow they would have disabled 3rd party cookies by default instead of explicitly hiding¹ that setting.
Apple can do it. There's no reason why Firefox can't. And if there is a reason, it should have been dealt with years ago.
--
¹ i just noticed that in Firefox 60, the setting is no longer as hidden as it used to be. Good!
I don't know, I think if a user is following all of the steps in this article, they likely know what fingerprinting is. Running an Android device without the Play Store, for example, is by far a much more difficult & complicated thing to do than just toggling a flag in a Firefox browser.
That, and the user is likely used to having less-than-ideal browsing experiences if they run any adblockers. I do agree that the article should outline what the consequences would be for disabling browser fingerprinting; they simply have one sentence recommending it, and nothing else.
By the way, what does GDPR say about fingerprinting? Is it legal? (Asking because the EU explicitly made cookies an opt-in technique, but not sure if they considered fingerprinting).
The EU did not make cookies an opt-in technique. The EU made irrelevant cookies opt-in. Cookies that are essential for the functioning of the service do not need a notice. If you require user accounts, you don't need to show a cookie notice. If you implement a shopping cart without user accounts, you also don't need to show a cookie notice.
Unfortunately most websites don't understand this simple idea and show the cookie notice indiscriminately (or, perhaps, they just all use cookies for tracking in which case the notice should be there).
That’s one of the most frustrating aspects of GDPR in relation to cookies - many businesses that could happily run a site with no cookie opt-in end up implementing one anyway because that irritating pop-up gives the end user a perception of ‘handling privacy well’.
I’d be so keen for the solution to lie in the browser UX- in the same way as we currently request location information - rather than the current mish-mash of badly implemented, often disingenuous site overlays that have become the modern equivalent of the ‘enter site’ splash screen...
> That’s one of the most frustrating aspects of GDPR in relation to cookies - many businesses that could happily run a site with no cookie opt-in end up implementing one anyway because that irritating pop-up gives the end user a perception of ‘handling privacy well’.
> Probably most websites use Google Analytics or an alternative.
How is this not essential though? You can't effectively run a business without some understanding of your traffic and where it's coming from. Also, you can use Google Analytics in a way that doesn't store PII.
I could run the business just fine without Google Analytics. Would just be in the dark a bit more.
I'm not associated with EU so I haven't pondered on this as much as others. My first thought is that this should really be up to the browsers and their users on what info Analytics software is able to work out just from the user being on the page.
Users should just assume that every business will absorb all available information. At least then we wouldn't see those ridiculous cookie notices everywhere.
As a web developer, I'm kinda surprised 3rd party cookies ever became a thing in the first place.
Users should just assume that every business will absorb all available information.
Users don't know what "available information" is. And frankly, not even the browser developers do - we keep discovering new ways to track people (e.g. using ETags) with features that weren't intended for that. So it's quite hard to claim the user can simply decide what to share.
This feature is not even part of the UI yet. It's in progress. I really don't understand why technical people would start recommending its use to others on blogs in its current state. All you create is lots of bug reports coming in to Mozilla, forcing them to put resources into responding to users who blindly followed the blog and now their Firefox is "not working" anymore.
>I really don't understand why technical people would start recommending its use to others on blogs in its current state.
Because when ordinary users ask "what can I do to protect my privacy?" you have two possible answers:
a) "Nothing, you're not smart enough to do this, you're screwed"
b) "These things"
B has a high learning curve, but telling people about it scares them off. If you care about your friends privacy and want to get them past that learning curve, it's better to let them stumble into issues and be there to answer questions.
But then the answer is not "These things" and let the FF devs deal with the fallout. The answer would be "This is what you can do and you'll see quite a few odd results. Ask _me_ when you have questions and I'll explain as good as I can.".
I have quite a few of these switches on. First party isolation for example breaks the paypal payment flow on some, but not all, shops. It also breaks quite a few pages that recognize it as an adblocker. I know what to do if that happens, but I would never just recommend enabling that switch.
Do you know why there are so many separate things bundled under a single flag? Would it take much effort to add sub-flags for entirely separate anti-fingerprinting features?
I’m certain they’ll accept help. So maybe go test, report bugs and issues and get involved if that’s a priority for you. Triage some of those weird bug reports. Write a guide on how to properly enable the feature, what it does and what to expect if it’s enabled. Explain what’s a bug and what’s just part of the expected - and sometimes annoying - behavior.
Or just donate if you can’t do any of those things.
Prioritize it over the probably 1,000s of other things they have to do, which we might not have any idea about? Just because one person was kind enough to try to help people with a short cautionary message, therefore bringing this specific issue to our attention?
I'm a little discouraged when I see articles like this that seem to be completely tuned for developers or look over completely decent pro-privacy alternatives like Apple.
For example, the "best" calendar alternative is Etar which looks to a Github repo. Really? At the very least you could mention Apple Calendar. Is Maps.Me (which uses AdSense) really better than Apple Maps? I'm not a fan of hooktube either - it just further cements YouTube's monopoly.
I think what what bothers me is that "privacy focused" tends to be conflated with FOSS. I'm really thankful for organizations like Mozilla and Signal that are trying to deliver privacy focused applications to real people. However I also think we should recognize Apple-like companies who are also privacy focused without necessarily being FOSS. I think that will help move more non-technical people out of central databases.
It's not that "privacy-focused" tends to be conflated with FLOSS. Rather, it's nearly impossible to guarantee privacy in proprietary software. The transparency of FLOSS makes it trustless. Want to know what data of yours, if any, is being collected? Look at the code.
This is why, when it comes to privacy, Apple isn't worth consideration. All we have is their word, and that simply isn't enough.
> Want to know what data of yours, if any, is being collected? Look at the code.
I find this to be an extremely un-compelling position. A relatively small proportion of the general population has the skills to meaningfully look at the code, never mind the time. Moreover, even for someone who is capable, such an exercise quickly becomes non-trivial on an unfamiliar codebase for an app of any complexity.
In many cases there's also no guarantee that the code you're reading is the code that's running.
> I find this to be an extremely un-compelling position
It's more damaging than that. The bundling of privacy and FOSS advocacy weakens the former. Few without deep technical knowledge is sympathetic to FOSS. The potential audience for a privacy pitch is broader. By bundling the two, however, the technical advocacy community limits the appeal of the former to those supporting the latter. This is an issue because the opponents of privacy rights are not similarly limited. Hence, we find ourselves reliant on Google, Apple, Facebook and Amazon being benevolent dictators, in their services and Washington.
Yes, all they know is “this is impossible to install” and “what is a GitHub” and “where do I log in to the cloud?” and “this is the ugliest software I have ever seen in my life”.
Unless we’re talking about hosted FOSS, in which case you get the worst of both worlds.
I run my own mail server so this comes from a place of love: FOSS for server side products for consumers is a joke.
While I generally agree with you about the soundness of the FOSS==privacy argument, I think you're misstating it subtly. The claim isn't necessarily that the privacy sensitive user specifically will be able to audit the source but rather that someone somewhere will have done, and will have written about problems they uncovered. See also many eyes making all bugs shallow.
Not always. Heartbleed was present in OpenSSL for two years before anyone noticed.
Many eyes make all bugs shallow, but if there aren’t enough eyes with the skills or the time then problems will remain deep, even for important software like this.
Perhaps everyone thought everyone else had done the work?
Heartbleed was a very subtle security bug, the discussion here is about privacy violations. You think that detecting if, I dunno, mutt is secretly uploading your contact list is going to escape detection for years?
It will. IIRC HomeBrew’s integration of Goigle Analytics went unnoticed for almost a year, and only then they included an opt-out option (it’s still opt-in by default)
Thinking out loud here, what's the best counterfactual on HB?
I can imagine a ClosedSSL that gets hammered in a blackhat presentation. I can imagine ClosedSSL getting fixed, eventually.
It's just hard for me to imagine that happening faster because people like Neel couldn't read the code.
Maybe the counterfactual is that ClosedSSL is also well funded and cares deeply about security, so it finds HB internally.
But openness doesn't preclude funding. And closed source doesn't grant you an automatic security focus.
So rich ClosedSSL vs poor OpenSSL isn't an apples to apples comparison.
All things held equal, openness provides one extra possible avenue to find and catch bugs, and so such projects will tend to have more caught on average.
What does HB teach us then? Just that some bugs are hard.
Now, to be fair, if "openness" is just used as a substitute for internal security audits, a way to shrug and farm out that work and blame to passers-by, then that would be obviously terrible.
That probably happens more than we'd like to admit, but I still don't think it's the typical reason people open their code.
OpenSSL can just as easily act as a point towards FOSS for privacy given that it was a vuln that was discovered externally (multiple times by distinct parties).
Even then, it might work well for you, and if I had the patience or the time it could work well for me, but it'll never be of any use to my mum or my brother, neither of whom are technical.
I suppose it depends on how it ends up being implemented. I was envisioning something fairly automated, which could presumably spit out PACKAGE VERIFIED information that could be used in systems not requiring users to be technical.
Apple makes its money from expensive hardware. And respecting your privacy and security helps selling it a lot. And they earned trust by being serious about it for a long time.
I have no more trust in the American government to not spy on its citizens than the Chinese government. If iCloud data is encrypted and only the user has the private key. It's just as secure as being on American servers.
Note that only some of your iCloud data is end-to-end encrypted: https://support.apple.com/en-us/ht202303. The rest is also encrypted, but Apple does have the key and can likely be legally compelled to share it with authorities.
This is about the architecture of iCloud not iOS. Apple has the keys to all encrypted iCloud data (iCloud email is not encrypted at rest).
The only exception is iCloud keychain, but I believe only if you decline the default setting to create an iCloud security code (I'm not entirely sure about that)
I'm not saying that this is what happened and I don't know the background of this story, but it would have been easy (technically speaking) to just push an update to Chinese users that will extract their private key and send it back to Apple without any significant changes.
AFAIK the Secure Enclave chip is specifically designed to make this impossible. There is no planned method to extract the private key from it. ("Planned method" meaning anything that's not an exploit or an electron microscope.)
Maybe generate the key in the normal processor, send it to apple for escrow, and then push the key to the secure enclave? I have no idea whether the secure enclave supports loading existing keys, but generally this is how it's done.
Also, in the U.S., police don’t shoot unarmed suspects, get caught planting evidence on camera and the judicial system prosecuted and convicts fairly regardless of race and class and always follow the rules.....
Apple actually had some of the worst security for a long time. They even lied about Mac OS being immune to viruses rather than market share so low hackers didn't care about it. They still made piles of money due to great product development and marketing. Their brand was the main, selling point for a long time. The iOS situation is quite a turn around for them on privacy/security. They still sell them on mainly image, features, apps, and so on. Just like before [plus Windows-style app dominance] with privacy/security reporting in media likely about boosting sales.
I don't trust it, though, if we're talking domestic surveillance. The ECI-level leaks said FBI "compels" domestic companies to enable their stuff for eavesdropping. Whatever that means is secret. In the Lavabit case, the FBI argued to the judge Lavabit wouldn't be harmed if they lied to their customers about the compromised. The judge agreed. So, court orders, fines, retaliation, forced lies, and secrecy orders of all that are a possibility in the United States. Just don't put secrets on anything made in America or by Americans. You can use American tech for obfuscation or untrusted functions, though.
By comparaison, while there have been a few issues with Google, for a company that processes so much personal data, their track record is excellent. I can't think of any major personal data leak that could be attributed to Google.
Maybe Apple got better within these 4 years, TBH, they most likely did. However, I don't consider 4 years to be a "long time" for a tech giant. Their privacy focus is relatively recent.
Did you even read the Wiki article you linked to? Even if we ignore your conflation of information security and privacy, the Fappening was not caused by a security breach at Apple, but rather through the use of targeted phishing attacks.
Definitely, and note that GP explicitly mentioned security, which is a good thing because they are tightly linked. You can't have privacy if you don't have security.
The thing is: we often associate ad tracking and (lack of) privacy. It is certainly one aspect, but it is far from the whole picture. The most damaging form of privacy violations are usually not caused by advertisers but first by people who are close to you (ex: revenge porn), and second by hackers (ex: blackmail). I used the fappening as an example because nude pictures are the archetype of private data.
As for targeting phishing, I think companies who take privacy seriously have to do something about it. Phishing is the number one threat users face when it comes to cybersecurity and therefore privacy.
Now comes the debatable part: hackers targeted the iCloud platform, why? Why not Picasa, or Facebook, or whatever place images are stored? My hypothesis is that iCloud was the best target for such an attack, partly because compared to the others, it didn't offer as much anti-phishing security.
EDIT: I just noticed I didn't mention governments. First, for most people in western countries, government is unlikely to be their biggest problem. So I would rather focus on the immediate surroundings (ex: boss, partner, neighbors, etc...). And if the government really is after you, then an Apple solution might be good, but I don't think they are completely turstworthy. They are still bound by the US law after all, and they are not completely zero-knowledge. To make things clear, Google and Facebook are also out in that case.
This is true iff you look through the code yourself, or are willing to trust that others have done so in as thorough a manner as your use case (attack vectors) necessitate.
Apple isn't worth consideration if you are willing to put in the effort, or delegate trust, to other systems. If you'd prefer to delegate trust to them, how is that effectively different that FOSS that you haven't examined?
When devs announce how their software handles privacy concerns, they have an incentive to be honest because all it takes is one discovery of conflicting code and their trust is lost. But if the code is closed source, that incentive for honesty is removed. Of course the media can still seek circumstantial evidence and make accusations, but that’s a far cry from version control.
Separately, closed source code
invites new incentives to disrespect user privacy for profit.
So, there are these two major categories involved, both of which are mitigated by opening the source code.
Apple remains liable for both of them.
All that Apple has is an observation that they sell hardware too. I guess we are just assuming they already make enough money from advertising as it is and don’t really want more.
Companies get hit with multi-million dollar fines for violating their privacy policies. So there's your incentive.
I just don't see open source as better protecting privacy. See for example the telemetry in .NET Core or VS Code [1]. Users discover this stuff by watching network traffic, not through code audits.
Let’s assume Apple violated their privacy policy and was fined $999 million, the highest “multi-million dollar” fine they could be assessed. That’s just barely more than 1% of their market cap.
Fines are definitely incentive to do right but the fine must be felt. I’m not aware of any cases where the tech giants have been levied a fine that really hits them hard.
The fine you're proposing would cause a much larger hit to market cap than you're suggesting. Consider, Apple made ~20 billion in profit last quarter, your hypothetical fine would be a precipitous hit to profit margin which, when reported on the quarterly earnings call, would cause an abrupt downturn in share price. Consider the 13% hair cut earlier this year when the market thought Apple was going to miss. Then there's the existential panic of "does this mean Apple is in for more such fines?".
Watching network traffic is limited to circumstantial evidence, and not even that without a circumstantially isolated environment. Those are a couple of scenarios where these accusations can be made.
Let's consider the incentives in each case and how they enable you to distribute your trust. Apple is a for-profit, publicly traded corporation. Their purpose is to make money, and they will likely do whatever they can to achieve that. More importantly, only they can see their code, not you and not other users. All you can possibly have is their word, and they will say whatever it takes to sell you their product. If they lie or exaggerate, there's no way you or anyone else could know.
On the other hand, open source projects come in all shapes and sizes. Generally, they have a strong community of both developers and users around them. If you don't feel like looking at the code, you don't even have to trust the project itself. You can look to the community and its abundance of users, at least a few of which have audited the code and share your use case. And these users aren't just neutral third parties. Nay, they're better than that. They, too, value their own privacy, and are therefore motivated to protect it.
This is silly. Apple publishes their privacy policy. If they were found to be violating it, they would lose business and be liable for expensive lawsuits. And security researchers are extremely good at finding these things. So yes, Apple has a very powerful incentive to tell the truth.
As for the theory of "open source community," see the MyBTGWallet scam. This open source project, recommended by the Bitcoin Gold team, stole $5 million via a single line of code. Being open source isn't much protection really.
He's telling you about the fact that there's conflict of interest between you and crapple and you tell him an anecdote where some scum of this earth stole money and open source software was involved. Does this really sound like a compelling argument?
It does however increase the chance that it will be bad, because the average snake that produces closed source software is likely to be motivated by greed, so it has the incentive to milk you as hard as it can without turning you away from products (using lies of course, you can't check anything after all, it's closed shit).
But seeing sibling explanation being downvoted into oblivion makes me think no one is interested in discussing this anyway so why waste breath.
With tools like Guix (and then hopefully, eventually distributed networks like IPFS / Dat doing the distribution) we will be able to have people audit free software and every user being guaranteed to have the exact version that was audited.
The future looks good if we just continue to implement it the way it should be.
>Rather, it's nearly impossible to guarantee privacy in proprietary software. The transparency of FLOSS makes it trustless. Want to know what data of yours, if any, is being collected? Look at the code.
>This is why, when it comes to privacy, Apple isn't worth consideration. All we have is their word, and that simply isn't enough.
Quite a few of the things listed in the article are not open source (some of the map stuff, as an example). Last I checked (several years ago), we only have DuckDuckGo's word for it.
I think the idea is not that these are all trustworthy services, but that no single company has all the data on you.
That's provably false when you get to the bottom of what makes proprietary software trustworthy: it has to be verified by qualified people who you trust after being designed and built with enough rigor to not have accidental flaws. That's regardless of whether it's proprietary or FLOSS. I went into detail here:
In fact, the first systems that resisted strong pentesting by NSA were proprietary, shared- or closed-source systems. They shredded everything else. Two are below with another designed like that. The first, safe, kind-of-secure machine that I know of was Burroughs B5000 whose CPU did things like stop overflows, protect pointers, and check function arguments. It was immune to common, root causes of many failures or attacks. OS in a type-safe, high-level language (ALGOL variant). It was a proprietary system whose source was shared with customers. Linux systems still don't have as much code-level security in average case as that proprietary software from 1961. The virtualization solutions in FLOSS still aren't produced as securely as VAX VMM or the separation kernels that followed in 2000's with VMM's layered on top.
https://www.usenix.org/legacy/events/sec04/tech/wips/wips/04...
(Nizza uses FLOSS components. This document is just great at describing the architecture they and the proprietary vendors were using with separation kernels. The proprietary offerings contained a lot of problems FLOSS didn't with their 4-12kloc kernels having less code to screw up. User-mode drivers can boost reliability a bit, too.)
This isn't true. You can use disassembly tools to trace through code, and you can see what imports/exports there are, as well as what API calls are being made using static analysis tools.
You can also use all sorts of runtime tools to see what a binary is doing at runtime, so I imagine it would be pretty easy to see if an application is phoning home, and where home is located, although the data is probably encrypted.
In fact, it might actually be easier for an end user to audit a binary using such automated tools instead of looking at the source code itself. At least with the automated tools, the tools can flag suspicious constructs in the binary that may indicate that it's up to no good, and do so in a way that is more understandable to the end user.
Nowadays, very little of our data solely relies on our own devices, and most of the value of consumer software occurs when data is being transmitted between systems. When your data lives in the cloud, there is almost always a side-channel way to get at your private data that won't be visible in any Git repository: Just go look at it directly.
Meaning that, nowadays, if we're to live any sort of non-Luddite, Internet connected lifestyle, all we have to go on with anybody is their word. If I limited myself to services where inspecting the source code would give me what I need to know about how well my privacy will be protected, without trusting the word of any third parties, then I'd have to let go of email, telephone, and credit and debit cards (and banking in general). Plenty of other things, too, but I think those three paint the picture well enough.
I thought it was strange bing was not mentioned, even though it has Mozilla's endorsement of having a better privacy policy than Google[0] and is probably the most popular alternative to search in the United States. This far from a complete list of Google alternatives.
I like/sometimes use Bing, and it's decent, but it's not significantly different than Google in terms of data collection. The biggest difference, arguably, is that they pay you for it via Bing Rewards.
DuckDuckGo uses Bing data and respects your privacy more, and probably the best choice for the privacy-conscious.
Read a cyberpunk book. The mega-corp as focal point for resources, innovation and political clout is a scary thought.
Consider the almost exclusive dataset they have moated "everyone" else out of, and the long line of disingenuous/unethical business practices. The privacy considerations are the proverbial top of the iceberg.
Most of the fictional dystopia center around a single mega-corp not mega-corps... Thus if you have 3 or 4 Mega Corps that would be preferred to a single monopolistic Mega-Corp.
Dune's CHOAM corporation is a great example. Ownership in choam is synonyms with power and wealth. All political maneuvering is based on gaining or keeping control in choam corporation.
For "receiving end" perspectives, watch Blade Runner (the old one) or Altered Carbon. The Expanse probbly qualifies too.
For books, Peter Hamilton incorporates different mega-corps in his universe but it's not the main object. Special mention to the Void Trilogy's Commonwealth.
The Expanse's high-political scene is best described by the balance of powerful sovereigns, and how that changes over time. Companies have a lot of power, but that power is primarily expressed by influence in governments. A company gets mining rights from a U.N. charter by influence. Then the company expects the U.N. military to defend those mining rights. Sometimes the company influences the goverment and sometimes the goverment influences the company. The big exception to this is the O.P.A. which always tends centralize power around Tycho.
Altered Carbon also uses goverment as the primary seat of power. United Nations Envoy Corps are primarily a reskinning of Dune's Sardaukar, the powerful super soldiers that enforce the rule of law out of fear. There are very powerful corporations, especially those discussed in the first book, but their power is again through the influence of government, and goverment has the authority to act independently.
This is in comparison to a true mega-corp like Final Fantasy 7's Shinra Corporation, where all power exists within the company. Shinra can destroy 1/8th of the capitol city with no repercussions, and there is no significant economic activity outside of the company.
I wouldn't throw someone into the deep end of corporatism based on where this thread started ;) I figured the implicitness of my examples' corps' power fits better as an illustration of the potential short term future.
Yours is a terrifying endgame, but it feels (to me) quite far removed from what we should look out for before it's too late.
I think the point is not so much pro vs anti privacy. On the web you have to assume every site is anti privacy, and you may have some rare pleasant surprises. To me the point is rather to spread that trail of data among multiple providers that are not known to sync their data.
I'm wondering if you could elaborate on what sorts of things you are trying to find and having trouble with. Perhaps HN could make a few suggestions for how to get more out of your Bing experience.
I've tried switching to it but for looking up code and projects it kinda sucks. Even when I throw hints at it sometimes it just doesn't seem to care. I'm using DuckDuckGo instead for now.
It’s a matter of taste but I prefer the Apple/google clean and white UI with little else distraction than what you are trying to achieve over Microsoft’s “portal from the 90’s/let’s fill every bit of space”. Whether it’s bing or Windows, something as stupid as showing you a different background picture every time means you always have to deal with a new visual, which means more effort to find your way. It’s the same for IE and edge, the default new tab is to show you a busy page with news, weather forecast, most visited stuff. That’s like advertising banners to me.
I’m surprised to learn an it professional regularly finds their way to a search engine home page. I would assume you’d just type your query directly into the address bar? This seems to work for every major browser at least, unless I’m mistaking?
I actually use Bing, and I see the oddity that is their homepage once a month, if that.
(And I think bing is fine for about 80% of searches. The rest I use google, which manages for another 10%, and for the remaining tithe I have to do something archaic like think about how to properly format a search query. Party like it’s 1999.)
> I had not considered Bing a serious competitor to Google's search engine until now.
I can’t tell how much humor was intended here, but that’s a serious competitive point that had not occurred to me. Ever. It’s not something that MS could use in a marketing campaign, but could easily sway lots of people to give it a try when they otherwise wouldn’t.
Its image search is also pretty good. If I'm not successful on a google image search, bing usually comes up with quality images. Their maps also tend to better render local businesses and it's easier to navigate the results than google, surprisingly. On the other hand technical searches are way better on google.
That’s likely on purpose now, even if it was accidental in the beginning. Microsoft marketing people are not stupid, and they know the right amount of piracy and the right amount of porn is excellent marketing.
Apple iCloud privacy policy mirrors Google's. You gain absolutely nothing if you upload your contacts, photos and other data to iCloud. Apple also regularly gives iCloud data dumps to US government (they approved and delivered data in about 80% of US Government requests in 2017: https://www.macrumors.com/2018/05/25/apple-second-2017-trans... )
(The exceptions here are iMessage and phone backups which are E2E encrypted.)
> You gain absolutely nothing if you upload your contacts, photos and other data to iCloud.
This seems so deliberately wrong that I shouldn’t respond, but I will. Quick and easy synchronization of contacts, calendars, and photos are all features that I appreciate. What’s more, my fearful-of-technology brother tells me how useful they are to him. He mentioned photo sync as a benefit only a few days ago.
You mentioned the exceptions - both of which didn't happen 5 years ago. Is it crazy to believe that we may have Tarnsap-like storage from Apple in a few years.
Side note: I don't think Apple will ever encrypt iCloud iPhone backups because that would make it difficult to use them (how would you restore an iPhone backup to a new device if your old one was incinerated? Your private key would be gone)
Best I can tell, they already encrypt a whole load more and are ready to encrypt everything. When setting up a new iPhone, I’m asked to enter my Apple ID, password, approve via an existing device, provide 2FA and then provide the PIN or password of that existing device. After all that, access is granted. To me, this suggests they’re already encrypting in such a way that while it may be brute force-able, it’s unlikely to be data they can read by default.
I would never trust Apple because they have consistently lied and cheated me - For instance, they throttled the speed on my iPhone, they hid the fact that my iPhone has more probability to bend and finally, as a cherry on top, they refused to honor warranty for a design flaw of theirs.
When they realized they fault, instead of making a free replacement, they charged me $30 for it.
Given all these experienced with Apple, to my eyes, Apple is no different than Google and I wouldn't trust any word of theirs as they've consistently been exposed time and again lying to consumers. So, I don't know where you got the idea of Apple being "entitled" to be in that list, but I'd say it's the right thing that they aren't.
>pro-privacy alternatives like Apple
I don't believe this. There is no evidence to support this as Apple runs on proprietary code. And you and I don't have access to the source code, so we have no idea what's going on on their servers. Ever wondered how Apple gets its data for its Apple maps? For all you know, they could be collecting your location information to build their database. Isn't that a privacy violation? I work in the Analytics industry, inside an iPhone, using Charles proxy, you'll be able to see random requests hit Apple's servers from time to time. For all you know, this could be info about you. You can't prove it nor disprove it.
I would never dare put all my trust into a single for-profit corporation whose sole goal is to maximize revenues and has been consistently exposed for unethical practices to its customers.
So, hope that answers why Apple isn't exactly a consideration.
>And you and I don't have access to the source code, so we have no idea what's going on on their servers
Consider this: for 90% of the population, that is also true of any FOSS solution. I'm tired of the "you don't have access to the source code" argument. I don't inspect the microcode that runs on my CPU - why should I trust Intel and not Apple? And for a greater portion of the population, that source code may as well be mud.
This article is about alternatives to Google on the basis of privacy. Isn't a company that doesn't base its core business model on mining your data an improvement for a vast majority of users?
> I don't inspect the microcode that runs on my CPU - why should I trust Intel and not Apple?
You shouldn't trust Intel either (see ME and all of the other negative-ring stuff that runs on their CPUs). But at the moment there isn't a strong alternative. AMD is somewhat better but still has similar issues. ARM is a mixed bag. RISC-V might save us but still isn't at the tape-out stage. OpenPOWER is possibly the only really usable option but software support is awful (if you've never had to deal with ppc64le bugs, you're lucky).
At least you have a reasonable alternative to Apple.
Even if you don't inspect it personally, there's a greater community of people who don't get their paycheck from Apple who may be looking at the code.
Regarding the Intel comparison, you have no choice but to trust them, but by using Apple products, you are trusting Intel and Apple, which is worse than just trusting Intel.
I agree, though I prefer the word trust; I think in the end most security arguments basically move trust around between entities, so I would either trust the open-source community or Apple.
In this case I decided trust the open-source community more than Apple, since the incentives of people inspecting open-source code probably align better with my own interests than the incentives of Apple.
> the incentives of people inspecting open-source code probably align better with my own interests than the incentives of Apple.
The incentives of any people are: earn enough money for a peaceful existence.
When Heartbleed happened, it turned out that only a handful of people in the entire world have the expertise to do a full audit of the OpenSSL code. And their work is ridiculously expensive. And the audit didn't happen until someone paid for it [1] (I'm not entirely sure it ever completed [2]).
People may actually have less incentives to inspect open-source code because there's always the question of life, money, time, work-life balance etc. etc.
having the source code be open doesn't necessarily make it trustable, but it definitely has an added benefit. like op says, proprietary code is untrustable by design.
there is also the fact that I cannot take the code and compile it myself, proprietary solutions like the nvidia linux driver for example have given me headaches so many times, it would be nice if there was some form of entry to the code to at least get a vague idea of what the code is supposed to be doing. I basically have to pray for software to do what I want, when it doesn't the whole solution due to it's closedness/unadaptivity becomes useless to me.
This is my point. You simply don't know that. You have no idea what's happening on their servers. It's all proprietary. You have absolutely no evidence to claim that.
Given that alternatives to Google products are largely services rather than software run locally on one's own machine, you're probably right about the partial orthogonality of FOSS here since it can be hard to verify that the remote server is in fact running the software it claims it is, and from a privacy-standpoint it may be somewhat irrelevant (I recall even the FSF said something of the sort).
I don't see that in the article. Search, email, drive, youtube, maps all have many non-FOSS entries.
I am fairly sure that no apple product is mentioned because replacing all the hardware one has just for more privacy is likely too extreme for many. Not to mention that one of the biggest things you can do for your privacy is ad-blocking / cookie cleaning, and apple does not make it easier at all.
> biggest things you can do for your privacy is ad-blocking / cookie cleaning
Very true. But there is no problem with apple, in fact Safari is first browser that is clearing cookies - ITP(2). I use uBlock Origin on Safari and Private browsing - no cookies at all.
Firefox has an option to block all third party cookies in the manner similar to Safari 1-10's default behaviour. And like everything else, it lets you clear all cookies at once, or manually look through the cookies to clear them.
It does not have a feature analogous to safari 11+'s tracking prevention.
> It does not have a feature analogous to safari 11+'s tracking prevention.
I never said that it did... I wrote that firefox has had the ability to block cookies automatically for years, which it has had. My response was not a comparison between the browsers but a statement of one particular feature that was mentioned. I simply said that what had been stated by the gp was also available in Firefox.
Firefox’s tracking protection is the same feature as Safari’s content blockers. [the defaults differ, though], and prevents specific listed domains from loading anything. Except when it turns out blocking them breaks too much. Like Youtube embeds.
Safari’s tracking prevention applies to things that do wind up getting loaded, and limits access to their own cookies/context. [kind of like loading all those embeds in seperate private sessions, even though they're on the same page]
Is that option enabled in default installation of firefox? Sorry, I must have specified that in Safari ITP is enabled by default, and this is important for non-tech people.
You can change a setting to block third party cookies. This gets you similar treatment of cookies as was the default in safari 1-10.
Safari 11 still blocks third party cookies by default, but has 'Intelligent Tracking Protection' as an additional filter on top of it. ITP blocks/limits certain uses of first-party cookies.
Firefox has no analogous option. Either cookies are off, or all uses of first party cookies are allowed.
No. It hasn't been enabled by default in my experience. It isn't the exact same as the Safari technology. Firefox lets you block "3rd party cookies" or "all cookies" from the privacy pane of preferences. I've always "set it and forget it". The assumption is that many tracking cookies will come from 3rd party websites.
I've been using startpage.com to search Google anonymously for the past year. Startpage proxies your query to google and back while leaving off the identifying metadata, making the query anonymous. At first you notice the slight increase in roundtrip time, but quickly get used to it. I find Google Search to have a better search engine than any alternative I've tried, so Startpage is right up my alley.
I don't disagree that Apple looks really good nowadays from a privacy perspective. They treat their customers with respect and don't sell their data.... until they do.
How can you trust a single point of failure to "do no evil"?
Apple doesn't have the data that Google et al has. All of the ML that apple does for example is done on-device or is privatized [0]. This goes for all of their services that Google has built their business off of: Messages, Siri, Maps, etc. People don't respect Apple's security because they trust Apple, they respect it because Apple has intentionally shot themselves in the foot if they wished to sell their data in the future.
> Apple doesn't have the data that Google et al has.
Huh? Apple potentially has everything on the device, just as Microsoft does. Maybe they don't touch it, at least intentionally, out of respect (or just prudence). But if I recall correctly, they accidentally logged all Safari URLs for a while.
Chrome has search and url in the same bar, and therefore needs to log all urls you enter (and their metadata) for the sake of logging all searches. Absolutely benign, right?
Safari shares the same url/search bar, but I have not read their license. Would be pretty surprised if they are not logging all URLs.
iPhone also sent geolocation coordinate files to Apple, until that was discovered. As you point out, there is a lot more than just the superficial concept of privacy, such as the Prism program that had/has a pipeline into Apple data. Like any large company, there are competing forces of strategically enforcing privacy and treating data in a way that doesn't respect privacy.
Dude, google has been doing diff. privacy earlier than apple. Even now, their researchers( one of them the great Ian Goodfellow-inventor of GANs) is working on federated learning. Heck google had even open sourced their diff. privacy system. Apple just made a big deal put of it when they started diff privacy.
Well as Mark Zuckerberg put it during the congressional hearing—and this is a paraphrase—"we do not and have never sold data."
Which is true. They don't sell the data because they directly monetize it. Same with Google. Google didn't just start doing that one day, that's been their business model since they started doing ads. Apple's business model is selling users devices, which they would jeopardize if they tried to also sell their users' data.
>Is Maps.Me (which uses AdSense) really better than Apple Maps?
The "Maps (F Droid)" alternative suggested before the Maps.me app is a fork of Maps.Me that doesn't include any tracker/ad. It works pretty well although I've had a few issues logging into my OSM account and it takes a little too long to navigate "up" from a place search. It also features a GPS track recording function that Maps.Me lacks (AFAIK). It's really great and deserves more contributions!
But Apple services are still not privacy focused services and for most of them, you have to use an Apple device, which is still less than 10% of PC market and less than 30% of mobile one.
Has several useful functions like being able to pre-download specific countries or parts of specific countries.
Many mapping apps work offline but the way Maps.me lets you specifically pick & choose areas = more user friendly.
It uses Openstreetmaps which I've found to work amazingly well in areas where you wouldn't expect (it has off-road trails in remote areas of Vietnam for example)
via iTunes I can also import gpx tracks (or gpx converted to kml, I forget) for things like mountainbike routes, which works super well.
You are seeing a problem where there is none. Etar is just a fork of Google Calendar, and you can find it in Play Store / F-Droid (which is linked from the mentioned GitHub page).
Apple is a US based company. The point of this post is to try and hurt American hegemony in tech and promote European alternatives. Europe desperately needs it given a dangerously old population and increasing irrelevance of its tech industry, with GDPR being yet another populist nail in the coffin. Method of choice is thru soft power - swaying opinions on HN, Reddit, Facebook, and other social media.
I am on linux ... just tried Apple Maps - horrid ... it fails to permit location search by zip code ... just show the globe and let me zoom around - fail ... forced me to login - fail ... unable to enter arbitrary address - talk about slurping personal data ... unbelievably evil
> All they do is repackage mass corporate surveillance into convenient, free, trendy applications that suck up all your data. Your private data helps Google dominate the online advertising market.
Google has what I think are the most transparent and user friendly controls for visualizing what personal data is collected, and disabling it (most often per product, for ex. disable location history and YouTube viewing history, but enable personalized ads).
- For most of the products mentioned in the blogpost (YouTube, Search, ...), people can just go to MyActivity [0] and delete any data they want to. They can also disable data collection here. [1]
- Emails received in Gmail are no longer used for advertisement in other Google products, only used for Gmail ads, and features like searching your emails, spam prevention, parsing orders/flights/etc. to display them in the app. Also note that emails received in GSuite ("enterprise Gmail") were never parsed for these purposes. [2]
Important disclaimer: I work at Google [but only voicing my own opinions, as it goes], and only working there because I realize they are doing all they can to respect user privacy.
2. You can't expect every user to know they are logged, or how it's affecting the user, or know how to disable/delete it, can you?
3. How can I verify that you did delete the data about me instead of just hiding from me for viewing it? Alphabet is not belong to public sector. So the simple answer is I can't. If you want me to trust you, don't use opt-out as default.
4. I'm sure you can tell the differences between those alternatives and Google products.
5. It's not that hard to respect some one's data. First, do not collect it! Second, if you have to collect it, tell the owner why! Third, delete it completely while requested.
6. Aggregated data collection and use without permissions adds potential risks to the society. (Cambridge Analytica)
Edit: And you guys are doing deep learning, that's gonna consume lot's of data. Duplex for example, you use anonymous phone call data to train it. The question is, where does that data even come from? I'd blacklist whoever collected the data, even it's collected anonymously.
> 6. Aggregated data collection and use without permissions adds potential risks to the society. (Cambridge Analytica)
Everything adds "potential risks". When you talk about risk, you have to give estimates of both the frequency and the criticity, and then compare to the potential benefits. Only then you have all the pieces to take an informed decision, according to your preferences.
How do you define benefits? Sacrifice one's privacy without his permission to make ten of others' life easier, would you call it beneficial? If so, let's rob the wealthy to aid the poor.
They can reduce the risks to a certain level if users were told how they are going to use the data and why before using it. Are they going to do that? No, because that increases the cost, which means less profit, which means shareholders won't agree.
My point was : it is easy to throw a general sentence to make things look obvious and simple, but it doesn't really help the conversation. At some point, claims must be backed by data and methods.
Google has what I think is the most transparent and user friendly controls for visualizing what personal data is collected, and disabling it (most often per product, for ex. disable location history and YouTube viewing history, but enable personalized ads).
I don't think this stops Google from collecting your viewing history. If it did, Youtube recommendations wouldn't work at all, because they would know nothing about what I like or don't like. But I'm pretty sure recommendations work regardless of your settings -- meaning you're being tracked.
I happen to like the recommendations, so I don't mind this. But it's a hard problem.
The second link I posted allows you to explicitly disable search and viewing history on YouTube, which also disables recommendations (at least those based on your profile; you will still get recommendations after watching a specific video).
Fair enough, though that would require me to sign in.
Does that actually prevent the data from being stored on Google's servers? I'd like to believe that the data isn't being vacuumed up regardless of what the user says, so if you're willing to vouch for it then that would mean a lot.
How can you ever trust anyone like that ? Unless, you see the line of code that is deleting the data ?. It's kind of unfair when people on HN take Apple by their word and for Google "oh is it really deleted though" ?
Do you have a better solution ?. No one will use the products if it costs some non-trivial amount. And no this thread doesn't represent the billions of non-US non-rich people that use Google.
When logged in I have history disabled, and YouTube being kind of usable, with a lot of stupid content promoted, but at least not too much weird fixation on things I watched 5 years ago. When logged out I get the full fixation experience where I half the suggestions are aggravatingly repetitive personalized suggestions.
That's an understandable point of view because if you perceived Google the way many of us do, it would be impossible or at least very difficult for you to work for them without strong emotional struggle.
You see, the point is that we, the users, helped to create a mammoth that has an enormous pile of sometimes very intimate data on almost anyone. This in itself is dangerous, regardless of what they do with this data - whether they share it with advertisers and other third parties, the government, NSA etc. or not. Also, the world changes fast. Owners change, governments change. Who is to blame when things end up badly? We are, because we got lured by free unlimited spam-free mailbox, free browser, cheap phone, free analytics, accurate search engine. We like these so much that we gave up critical thinking for a while. But the society as a whole is slowly waking up, hence articles like these (which is quite lacking on several points BTW.)
I don't work at Google, I live in Europe and I agree with you. So far, we didn't heard of any breach in any Google product, and the history of the different products can effectively be turned off. I remember years ago, when I started to care about data collected about me, Google was one of the first company allowing you to download a part of your data. We can see the emphasize about security on the evolution of Android APIs too (encrypted enclaves, key storages, for example). Google also contributes to open AI and ML researches. My only consumer concern is about monopoly, not about data collected on me.
I don’t think those definitions are at all canonical, but are you actually suggesting that Google may have a “privacy issue” per your definition? Even if you assume they’re a bad actor, it’s hard to imagine a rationale for them to let a third party have a go at the data.
> are you actually suggesting that Google may have a “privacy issue” per your definition?
Until the GDPR started being enforced, I think it was common practice to collect and sell data without the user's full knowledge and consent. It's a huge change in mindset having to know and explain what they're doing.
Even when not signed in, YouTube remembers the sort of video you've watched and suggests similar ones; I didn't explicitly consent to this, and they didn't tell me clearly what data they were collecting. I'm a former Gmail user; I didn't explicitly consent to Google analysing the contents of my email messages; I think a typical person would not expect that.
If something “feels creepy”, it's probably a privacy breach.
Maybe Google think they have the user's permission. It may be an honest misunderstanding. I'm not saying they're malicious; but I think they have very little incentive to really care about privacy, because their users don't demand it. Third parties will pay for user data.
Also, I think you should be able to choose who you trust. You shouldn't be obliged to trust Google (or Microsoft or whoever); I would see that as a monopoly.
Thank you for stating better definitions. From my point of view, Google solves both issues so far. Allowing you to turn off history solves the privacy issues and there isn't any known technical breach so far, which leads me to think they correctly handle the security issue.
The unavoidable suggested answers in gmail make my skin crawl. I dont want it and i dont want to be reminded that you can read my emails despite my consent for it
I guess it's a good reminder that i need to change services
It does not need to read the body of email in order to work. It can index just the header(to, date, subject) or you can use a program on your computer locally to keep your emails and index&search them.
> It does not need to read the body of email in order to work. It can index just the header(to, date, subject)
The header is still personal data. Using the header but avoiding the body does not make much sense.
Again, "reading" emails seems to be an arbitrary distinction. Your emails are stored and served to you, so they are read by HTTP servers, by your browser, by many things. The real issue is the use that is made of those readers: an index that allows you to search your emails more efficiently does not seem to be nefarious, but I definitely agree that other nefarious uses are possible (say some company that would use emails to target people in debt or something like that), just not the case with Gmail.
> You can use a program on your computer locally to keep your emails and index&search them.
Right, but then it's not Gmail anymore, that's just an IMAP mail server with Thunderbird.
Gmail started as a smart webmail; being able to quickly search your emails from anywhere, without a desktop client, without fetching thousands of emails before you could perform a search.
This is all fine and well, but to be honest, I like how Google integrates all the different products. I get a better experience when search is customized to what is in my email, especially when I search for flight info and it tells me about flights I already have booked, or better yet, flights my in-laws are on that they forwarded to me and I'm now tracking to go pick them up.
Sometimes the ads it gives me are so relevant I actually click on them and I'm glad I did!
I just have a better experience where I'm constantly delighted by Google anticipating what I want because it knows so much about me.
I should be paranoid, I know, but I just like the convenience so much.
Well, most people are boring and don't rock the boat.
Things can get tricky if they pop up (thorough bad luck or as a consequence of their actions) on the radar of someone that wants to make their life miserable or if they bother someone with power.
Otherwise I assume you're well off financially by now, so getting screwed on insurance should be a non-issue. Discrimination is likewise a non-issue.
In general money helps and being a US citizen, straight, not muslim, healthy, male etc also helps.
While all these things help, I still think it's true that for 99.9% of people, nothing really bad will happen because of info that Google collects. I mean, as terrible as "getting on the radar of someone that wants to make [your] life miserable" is, it's a relatively rare occurrence, and I doubt that Google is really making it that much worse (if at all).
Disclaimer - would be happy to be proved wrong if you want to provide contrary evidence...
Disadvantages as a consequence of being spied on by the "googles" of the world are difficult to prove, because of information asymmetry:
* were you denied entry in a country because the agent had a bad day or because of something you wrote on twitter?
* did your insurance rates increase because of a market adjustment, or because of something your car mechanic or car manufacturer shared with the insurer?
* were you denied that job because they found a better candidate or because they found some thought crimes on your social media?
* were you stopped by the police for a random check or because the cameras matched your face to suspicios online purchases?
* did you lose your global entry access because you're a threat to national security or because you accidentally ordered a fake bag on Amazon that you never even received?
* were you passed for promotion because you're not good enough or because your employer found out through LinkedIn that you were looking for another job last year?
In a world increasingly controlled by algorithms and data, you won't even know when you are being harmed.
Look, I semi-agree in the abstract. It is difficult to prove in the individual case. In the aggregate, it's not impossible to prove, if still a bit hard - this is what economics/sociology research does, and a lot of governments have statistics/open access/FOIA/etc. So we can know how often these things happen.
Specifically to the things you list - again, I don't have statistics here, but based on my gut feeling - most of them barely affect anyone. Do you really think a large amount of people are barred entry into a country because they wrote something on Twitter? I'd imagine this almost never happens, at least today.
And btw, I kind of disagree with at least some of your items, like "were you passed for promotion because you're not good enough or because your employer found out through LinkedIn that you were looking for another job last year?". This is not what we were talking about, a case in which "Google" spies on you. This is your employer "spying" on you through your (supposedly public-enough) actions on social media. Changing the place you are looking for a job for from LinkedIn to "NewLinkedIn" won't make any difference for something like this, and is not the fault or responsibility of the company.
The negative consequences will never affect most people, just those that have bad luck or have upset someone in power. Kinda like how only some journalists commit suicide by shooting themselves 5 times in the head in Russia.
It's impossible for us to know what's happening, baring various leaks. Given the last decade my gut feeling is that if it's not happening, someone's at least thinking about how to implement it.
Re LinkedIn: I didn't mean good old social network stalking. There's nothing stopping LinkedIn from offering this as a sevice to companies. They already allow recruiters and paying members more privileges.
Am I really the only person who creates and uses new accounts for every online site/service every few months? Different email addresses (on my own domain) too or mailinator for the sign ups, using tor on occasion in case they want to note the country/IP I'm signing up from.
The worst thing, the absolute worst thing is, you know all that but you have gotten so used to the way Google services work, that you simply have a hard time to switch.
E.g. thank to Gmail I rarely use an email application on my computer and use webmail. When I tried out Posteo it was extremely annoying that it logged me out every few minutes and I couldn't get my email. They said this couldn't be changed.
Google really did an excellent job of supply me with services which I want to use. Not just tools which are working well.
BTW, Google doesn't use all its services to sell or personalise ads. Which doesn't mean they don't use them to learn more about you which in turn is used to improve the services so that you them even more.
So as much as I wish I could restore my privacy by leaving Google, I think Google knows me too well that I won't for now.
> From a search engine perspective I’ve switched to DuckDuckGo and I’m impressed with how good it has gotten.
I switched to DDG over a year ago and it works great for things that are simple lookups to Wikipedia, IMDB etc. When I have an arcane Windows bug, I end up using "G!". Also DDG isn't that great for latest News but the Image search is pretty good.
I set DDG as the default search on my non-techie wife's new PC earlier this year and she has not once complained about the search qualify.
I second those asking what limitations you ran into (specifically with FastMail, since I have more chance of being able to fix those than the limitations with Protonmail - though I'd love to know both!)
If it's "costs money", we're not planning to change that! We (FastMail) are proudly a paid-only service.
When I signed up in 2016 (I’m still a customer btw) it was a big pain to get my custom domain added after paying for an account. I had to contact support for assistance. I somehow have to have two accounts for my plan but only one has a mailbox. Crazy bad experience here.
The amount of space we get for mail is low for the fee. I pay around $12/year in additional fees with Google for another 70GB of space outside of the 30GB they give for the base plan. Fastmail was pricier last I checked.
There is zero quality collaboration option for me. Even if you added one the fact that anyone who wants to collaborate would have to have a paid account with me creates a barrier for me to even try and use it for anything but just email.
The spam filter is about 30% as accurate as Gmail. I try and train it but don’t have time to always be doing that.
The mobile app on ios doesn’t remember me. It doesn’t even have an option to remember me. What a pain, I hardly even bother to use it because of that.
That all said. I like some things about fastmail:
The web interface is fast.
The admin features are robust and easy for adding aliases and new custom domains.
The fact you are pushing to make the world a better place for email is why I keep paying for the service.
What you are doing is hard. Your competitors are massive and well established. I hope you continue to make progress.
The biggest thing I've been missing since I started using FastMail is labels. My workflow in GMail used labels pretty heavily, and I've been able to get pretty close using saved searches and folders, but it's not quite the same.
Right, hopefully when JMAP arrives (soon!) you'll be able to use that nicely. It will give label-style handling by allowing the same message to exist in multiple folders.
Kinda hijacking this. When using FastMail with a custom domain can I setup a catch all address and then have each different address somehow tagged? It would be nice to be able to have proper unique email addresses for each service so I know where spam ends up coming from.
You can create an * alias in FastMail which will act as catch-all address. The received email will retain the original To: field so you can use rules to match them.
I have used Fastmail for years with a custom domain without a single problem. Amazingly great communications from the company too. Highly recommended but not free. (Less than $2/month though - so almost free.)
I’m doing this in the coming days — setting my custom domain with Fastmail. I’m planning on making that my main email and trying my best to unsubscribe from things on my Gmail account and move accounts over from Gmail to Fastmail until I think for certain I could delete my Google account entirely with no harm.
Then again, I rarely have and like having subscriptions these days because of minimalism but I suppose this is a good trade off for my entire lifetime.
On a different note, does anyone know how GoDaddy is in terms of privacy? Is there a better domain registrar out there?
Edit: Just realized I’m using Google’s Project Fi on my iPhone SE, with Hangouts.
I generally don't trust GoDaddy, but I don't see how they could violate your privacy. From what I can tell, the worst they could do would be to log DNS queries. If you have a server with a static IP, you can always serve DNS yourself.
Out of curiosity, what domain registar do you use? With GoDaddy, I pay $14.99/yearly for .COM Domain Renewal and $9.99/yearly for Private Domain Registration Renewal. It seems a bit price-y but I'm completely unaware of other competitor's prices.
I use Namecheap, but it's not the cheapest. A couple months ago on a thread here in HN a bunch of people were recommending Porkbun, which seems quite cheap (~$9/year with free private domain), but I've never used them.
Does Fastmail have decent search that works on mobile? Gmail’s search is just too good. I’m currently using mailbox.org but it’s impossible to search for old emails that are not already downloaded to your phone. The only way is the use web interface and it’s annoying as hell.
I paid $117 for the 3-year plan with custom domain (and that price is discounted slightly from the normal 3-year price), which comes out to $3.25 per month. So, definitely not under 2 dollars, but easily under 4.
I'm definitely on the hunt for a Gmail replacement, considering I have been hearing things such as a snapchat-esque disappearing emails, unprintable emails, and other similar stupid ideas. I decide what to do with emails and other data sent to me thank you.
>When I tried out Posteo it was extremely annoying that it logged me out every few minutes
I haven't encountered this with my personal email server nor heard of it from anyone else. I think this might just be an issue with Posteo.
It's easier if you don't try to move all at once. Spend some time looking at different email options and move that. Do calendar later. Get rid of Google Apps on your Android later still. Gradual change is much easier.
Posteo is very aggressive on privacy, reducing exposure, and keeping information safer. So a shorter webmail session timeout may be related to this. Depending on the use case, if this were the only issue with Posteo, the GP could’ve used Firefox with one of the many tab reload or tab refresh extensions to keep the logged in session alive.
So I'm one of those who doesn't care if Google tracks me or sells me as a product. [ * ]
Is there actually some real, tangible harm that can come to me from using Google products? Not theoretical stuff, not stuff that is less likely than dying in a plane crash. Something that is actually likely to happen, that will affect me in measurable, negative ways?
I'm really trying to come up with something, and I'm really trying to care.
* actually I don't agree with that last one: ads are a product of Google, and various things like Gmail are products of Google. The latter is paid for with ad viewings rather than currency.
Really, there is no need to redefine "product" to include humans being advertised to and tracked. There was (and I guess is) a thing called "slavery," where humans were bought and sold....my voluntary use of Gmail is not comparable.
Has it become some sort of fashion statement to be ignorant about privacy?
Whenever I discuss this topic people seem to almost take pride in giving their information to Google, Facebook and the thousands of other companies they have no clue about.
I think it's cognitive dissonance rearing its ugly head again: those people have tied their identity at some level with the use of the products and an attack on e.g. Google becomes an attack on them.
The concept of fairness also plays a role. Most people feel that Google should get something for providing their services and they also feel that it's ok if they are shown some ads. Fair deal. What they have no idea about is how much data is extracted from them, who it's shared with and for what purposes it's used. But we can be almost certain the answers to those questions is more and more data, more and more parties and more and more purposes, because data is forever.
And yes, real harm can come to you if you are promiscuous with your information. Additional information should be accessible through your favourite search engine. Hint: home invasion.
I find I'm having trouble arguing in a meaningful way with people who don't share the same concerns regarding the privacy of their data. I'm running out of arguments - no matter what I say, they'll respond with a shrug.
"So what? I don't have anything to hide."
"So what? They are a big company, surely they won't abuse my data."
"So what? How has Cambridge Analytica affected me?"
And for the ultimate capitulation: "So what? They already have so much data on everyone, you can't avoid it anyway."
Brave new world.
This is not only coming from folks with little understanding of tech, but also from "technologically literate" people who should know better. Sticking your head in the sand is just so damn convenient.
Even a comparatively widely reported privacy scandal like FB's can't seem to sway these folks... apparently because they feel like it hasn't affected them personally.
There are some points to counter with in the article. Bruce Schneier quotes Cardinal Richelieu: give me 6 lines written by the most honest man and I'll find something in there to hang him by. Has the benefit of historical perspective!
In general I frame the discussion so that I can emphasize the effects of surveilance on society and key members of society (judges, government employees, journalists, law enforcement, doctors etc). They could be blackmailed or reveal the data of many others through their carelessnes.
The average Joe is not clever enough to figure out what's happening and is probably not worth the effort to educate them. Try it on family and friends, but don't get your hopes up :)
IT workers are a special case: they think they're super smart but are just as clueless about the topic like the general population. And they help develop these systems, so it might be worthwile to try to use social pressure to get them to quit helping the abusers.
Ultimately this can only be solved through new laws and regulations, like the GDPR.
You deal with that by giving an actual example of something bad that has happened to someone who has not worried about what Google tracking them. I haven't seen one.
I mean, people who advise me not to text and drive can give real examples of people who died because they did that. That's tangible. All I hear is a lot of people telling me what I should care about but refuse to supply anything but intangibles and theoreticals.
Do you actually play an important role in society which gives you access to the information of many people or which would make others interested in blackmailing you? If yes, you'd hopefully already be aware of those risks and also educate your contacts on how to act in a provacy-conscious way.
Otherwise use Google, use whatever you want, nobody cares.
I'm ignorant, I suppose, because you are unwilling or unable to list a single tangible potential harm. Home invasion? Please explain how Google tracking me is going to help a home invader.
Or are you talking about me posting stuff on Facebook? Because that's a very, very different thing.
My goal when commenting is to counterbalance overly pro-surveilance comments, not become somebody's privacy coach and patiently explain to them all the bad things that could happen.
That takes a lot of effort and offers me zero benefit - even in real life, people that I've known for years can be stubborn and they dig in when confronted with arguments.
I'm more concerned about the effects of mass corporate surveilance on society itself and key members of society than any particular individual.
My question was regarding the individual, not society in general. I'm not so convinced the use of Google services and the way they get revenue is such a problem for society either, but that wasn't my question. I am interested in knowing whether using these alternatives instead of Google is in my self interest, when all things are taken into account and rationally balanced. I have yet to hear a convincing argument that they are.
You don't have to explain all the bad things that happen if you don't want to, but it sure seems like you are avoiding the question.
> My goal when commenting is to counterbalance overly pro-surveilance comments
And yet answering his question directly instead of avoiding it with a strange remark (home invasion, wtf?) would done a much better job at that.
I've heard the Brave New World speech many times and I buy into the concept... but I'd also like to be educated on reality. Spouting the former when someone asks for the latter is just annoying.
Okay, let’s think about some side effects of having lots of potentially sensitive data nicely stored at one location:
* Propaganda: Because you understand what people need to hear, it’s a perfect tool to influence opinion. Of course, this doesn’t happen in your country (it never does). A recent popular example is the Cambridge Analytica scandal. Thankfully this evil cooperation does not exist any more (by changing its name).
* Reinforcement of monopolies: You need to hit a critical mass to use data effectively. Therefore, big players will have an advantage over competitors and can provide better products. Therefore big players …
* Reinforcement of dictatorships: If things turn bad they turn really bad. User data is gold in the hand of dictators. One reason is that is helps with propaganda, but it also helps to identify resistance. If for some reason your country ends up in a regime, it is going to be hard to get out of it.
* Self-censorship / freedom of speech: There is plenty of evidence, that we constrain ourselves because we know nothing online is anonymous. This also depends on which country you live in.
There must be a plethora of side effects I didn’t think of right now.
You have to decide how “theoretical” these issues are for you. Maybe it is more a thing of “believing” – such as vegetarianism (although we all know eating meat is bad for the environment).
You don't see how "Reinforcement of monopolies" applies?
You don't see how "Self-censorship" applies?
The Cambridge Analytica scandal was involving facebook -- do you think they are really far apart from each other?
The point "Reinforcement of dictatorships" would apply as soon as the government of the US would be in a less healthy state.
The overall point is the following: Google might provide nice services for you as and individual, but there are larger-scale societal implications, which we should consider and weigh in as well.
Reinforcement of dictatorships? Uhhh.... I actually think Google is a force for good against dictatorships and would-be-autocrats such as the current US administration. That's just the impression I get.
Monopolies is a different issue, it really has nothing to do with privacy. I do care about that one, but it's completely separate and it is not a self-interest issue, but a society at large one. In that sense, I suppose I'm being asked to participate in a boycott.
But the payoff from breaking into Google is much larger than stealing your computer. One of those provides mass access to data and the other only involves data about a few persons. So comparing that is not really valid.
I think the average worst thing that could happen is that you end up going to court against someone (since we are thinking about averages, I'm thinking divorce), they obtain your data, and use that to build a case against you. If you were cheating, for instance, your location info could be used to show all your meetings in quite some detail. And even if you weren't, you can always bend your stats a little bit to make it look as if you did. Enjoy discussing p-hacking and statistical significance with a judge.
If you live in the US this may not be a problem now, but you also have to think ahead: courts may not be allowed to obtain your information right now (although that's probably not true if you are in a murder trial), but they might in the future.
And even then, someone close to you could provide that information to the other part: a (soon to be ex) friend of yours downloads all your information* thanks to the new GDPR tools and provides them to the other part.
*: I think this evidence would be admissible in court, since it's not the police the one who obtained evidence with illegal means. But even if it were not directly admissible, parallel construction is also a thing.
So how would this happen? Google gives them my data? I'm sorry but I don't get it. Google can't do that. Even if they work at Google they can't get it.
I just represented myself in a week long custody trial (I won primary custody, and yes I went up against an attorney), and there were lots of risks involved, but this sort of thing seems to be about the smallest one I could imagine.
I'd like to hear if this has actually happened to anyone anywhere.
"in at least four cases, Barksdale spied on minors' Google accounts without their consent, according to a source close to the incidents. In an incident this spring involving a 15-year-old boy who he'd befriended, Barksdale tapped into call logs from Google Voice, Google's Internet phone service, after the boy refused to tell him the name of his new girlfriend, according to our source."
> Google can't do that. Even if they work at Google they can't get it.
I'm not sure I understand this point, so let me make my point clearer. It's clear that Google(TM) can access your data. You probably mean "most google employees can't", which I agree with. But someone can access your data for sure, and in fact you can access your data: if you are a European citizen, you can request all of your data right now, thanks to the GDPR and Google has to comply. There are also other general tools to access the data[1].
So I'm not saying "a Google employee will go behind your back". I'm saying that either "Google(TM) could be compelled by a court order to give your data if laws change", or "someone could use your unlocked PC, click on 'Download my data', and give it to the other part" (again, more likely if the other part is tech savvy and planning on divorcing you).
> I'd like to hear if this has actually happened to anyone anywhere.
Someone getting in trouble because someone took their private information? It happens quite often in the Legal Advice subreddit. Here's one example[2]:
> "My wife uploaded screenshots from my Ashley Madison account, hotel receipts and non-nude but sexual photos of me online before she moved out and filed for divorce. Do I have any legal recourse under Delaware law? (...) They were not public. The photos were from my phone and were not anywhere online and the credit card was in my name only. She had no right to access either one (nor my Ashley Madison account)."
My specific case? No idea. But supposedly private information biting someone back is a regular event. Here's a page some lawyers in Orange County wrote on that [3] with some examples.
* Edit: rethinking my point, I think you meant "how is this a Google problem, rather than an infosec problem". To that, my point would be: the fact that the information exists forever in one central place.
Yeah I don't see the connection to Google or how using these non-Google services helps with that kind of thing. It's completely unrelated.
You say "Google can access your data." What exactly does that mean? No single employee of Google can. They put immense protections in place because of just how costly it would be if this happened....it would destroy trust in the company that they have spent billions of dollars building up.
This is a fundamentally different thing than someone's wife logging into their device and seeing their Ashley Madison stuff.
* No one can get access to Google's data
* Those who can get access cannot harm you
In addition to trusting google not to be evil. What are your assumptions that lead you to that conclusion?
Or are you assuming that no matter who has access to your data, there is no one could ever do any harm to you with that data? (That's the 'I have nothing to hide' argument)
I think Google has a very strong incentive to protect my data from that sort of thing, and a lot of layers to ensure this. One rogue employee can't get access to my email. Why? Because if it happened and the press got wind of it, Google would see their market cap drop tens of millions of dollars overnight.
Meanwhile, why should I trust that that guy living on the sidewalk won't jump up and bash my head with a hammer? Or that the person driving the car in the opposite lane won't swerve into my lane and kill me? I just try to keep risks in perspective.
I like this comment.
It's not beeing ignorant about privacy but I also value my free time a lot more than searching and dealing with all sorts of Google alternatives.
I think that security and uptime at Google are outstanding and better than all sorts of alternatives which can shut down any time. And in comparison to Facebook Google is not selling your single soul or your direct private information to outside advertisement companies. It's not like Google never thought about privacy... they have deep thoughts about it and how they still can make money with you.
In the 1930's (and before) people in Germany were asked (as they are today) to specify their religion in certian dealings with their government. Nobody thought anything of it. And then the Nazis came to power, and there was no ability to undelete anything.
While the advice here is quite solid, when I went to figure out what their favicon was doing(it had partial transparency, apparently due to downscaling blending opaque and transparent parts), the first thing I saw was a big block of code that appeared to enable tracking by Facebook, Twitter, Pinterest, and Linkedin. (It was a sharrre function with enableTracking set to true on each).
Not entirely relevant, yet considering the topic of the site it's a tad ironic, and a reminder of the prevalence of sites complicit in the tracking they advocate against.
Yep, they're using a jquery plugin called Sharrre to add social media buttons and have overridden its default off setting for "enableTracking - allows tracking social interaction with Google Analytics".
I've enjoyed fastmail for many years as an alternative to gmail. I've never once had any issues with them and their UI has been very responsive. They also give you a MASSIVE list of domain names to choose from! ^_^
Unfortunately it costs money to hire people and run servers, and we have to pay for it somehow! Over 1/3 of our staff are first line customer support, and you get through to the engineers actually building and running the product quite quickly if you find an issue that the support team can't help you with directly.
The alternative is trying to monitise the userbase some other way, and we're not interested in that game. We have no advertising, no data sales, and no ethical conundrums or regrets about that choice!
I am personally using an often not mentioned solution.
I use Gandi.net as registrar for my domain name and they provide email hosting[1], CalDav and CardDav with it. They even have a web interface (using SoGo[2]).
So all my emails, contacts and calendars are properly managed[3] by a French company.
Recently I started shelling out $25 a month for a G-Suite account. I wish I could have kept my @gmail email address, as I think your own vanity URL looks a little tacky, but oh well.
Anyway, for privacy but also security it’s been amazing.
DKIM, DMARC, SPF, and S/MIME for mail. All attachments are executed in a special sandbox before moving to your inbox (delays mail a little bit). None of my personal data / content is scanned or looked at (I think?). Plenty of security rules, alerts, and audits I can set up. Also an actual support phone number I can call for help whenever.
Why can’t Google move to a paid model? It’s worked for both Oracle and Microsoft for the last 40 years.
> as I think your own vanity URL looks a little tacky, but oh well.
I think it depends on how professional the personal URL is. If it is my_name@wazoo-how-is-it-going-lol.com, then I agree that it looks rather tacky. It it is first_name@last_name.com, then it looks more professional than a @gmail address.
> None of my personal data / content is scanned or looked at (I think?)
How can you say "for privacy [...] it's been amazing" if you haven't even checked?
They do say "Google does not collect, scan, or use your data in G Suite services for advertising purposes" and "Google does not sell [your] data to third parties" which mostly covers it, though (although ideally they'd strengthen the wording in the first part to say they don't use your data for any purposes other than to provide it to you... but now I'm just being picky.)
> as I think your own vanity URL looks a little tacky
Free domains like gmail.com, hotmail.com, live.com, yahoo.com, etc emails are tacky, lazy, and unprofessional. A domain is less than $10/year. You don't even have to be technical to buy one and use it with G-Suite. There's no excuse to use a free email domain.
Only if nobody got lastname.com first. My last name is squatted, and the leech will sell it for "only $2995". I later discovered I could get the "lastna.me", but that's prone to be mistyped as well.
My "firstname.com" and "first.in" (shorter version of my first-name and that is name I am actually known by pretty much everywhere) are both squatted by a lawyer and it is being renewed every year since last 10+ years. It's not being used. Not at all.
I tried to contact them but the contact email (Hotmail) probably doesn't exist or expired as my emails bounced off. I tried to contact the registrar but didn't receive any email from them either.
I am thinking of going for firstname.net. I am not sure whether it's better than my already registered "first.im".
Note: first as in if "firstname " is Michelangelo then " first" is Michel.
If your use of G Suite is only for email (and calendar), and if you don’t need phone support, there are better paid options out there that are a lot cheaper. Mailbox.org, Fastmail, Protonmail, Posteo (this one doesn’t allow custom domains) and more.
The last price I recall was $60/user/year (at the default level of storage space). Has the price increased that much, or does this reflect extra storage or other add-ons?
It’s $25 per month with no contract and that’s for the Enterprise Edition, the one with the most features. I believe it starts at $10/month for lesser editions.
1) That's a lot of precursors. Many people want Sync functionality, which Google uses to track your browsing history. And most people don't go through the privacy settings.
2) We don't really know, Chrome is not open-source and it's hard to tell from network traffic, since nowadays pretty much every webpage loads something from a Google server in encrypted form anyways (and with those request, Google could send all kinds of data).
3) For Chromium (which's source code is basis for Google Chrome), this project tries to collect and fix all the privacy-infringing stuff: https://github.com/Eloston/ungoogled-chromium
4) There's many ways in which Chrome doesn't actively track you, but infringes on your privacy by just being terrible at protecting it from webpages' tracking. As in millions of lines of code, tens of thousands of design decisions, all made by the biggest tracking company on the planet. No journalist can report about all of these, but it'd be foolish to assume innocence until proven guilty.
A French non-profit named Framasoft [1] started a few years ago an effort named "degooglify internet" [2] and provides several open source solutions that you can self-host or use on their (arguably slowish) servers.
I’ve used the freely hosted online spreadsheet from Framasoft. It’s somewhat primitive for today, but gets the job done! It will remain one of my goto solutions to use where I need more privacy.
We've been working on something that has yet to be added to this list, but I feel it's worth mentioning.
It's a self-hosted OS alternative to Google Analytics, much like Matomo (formerly Piwik) but less focused on developers and way more opinionated in terms of what data is visualized.
It's called Fathom Analytics[1]. Eventually we want to provide a paid hosted option much like what Ghost is offering to make sure we can keep on supporting it. For now, our development efforts are paid out of our own pockets.
Hey wanted to know that I'm super excited to see/use fathom -- I've been using Piwik (now Matomo) for a while, but found that it kinda did too much, envisioned myself writing something like Fathom to scratch the itch, glad I don't have to! :)
It looks like fathom has just the stuff I want to see in a nice stripped down view
One thing that I think would be helpful would be some editorial contextualizing how good these products are. A lot of people would like to incorporate privacy into their decision-making calculus, but not to the exclusion of the quality of the experience. In some of these categories, there are great alternatives. In some of these categories, the alternatives are not serious.
This comment intersects with nemothekid's great comment below which highlights how there are some major player alternatives which, while they aren't OSS and may have some privacy considerations, probably are still worth mentioning as an alternative to Google.
1. Privacy against advertisers
2. Privacy against security agencies.
From my perspective, first issue, is more important than second one. I think Apple does pretty decent job regarding first issue. MS holds second position. Google/FB hold the worst position.
So even though Apple/MS are closed source, I think our privacy will improve considerably just by installing an ad-blocker and sticking to Apple/MS products.
Second issue is more involved and you'd probably need to give up on all sort of mobile devices. On desktop you have to move to Linux/BSDs. No online storage (or at least move to self hosted solution). No hosted email(Or maybe just protonmail, ...). Life becomes tougher, if you decide to improve privacy against security agencies.
People tend to treat privacy as a binary issue. (either no privacy or full privacy). However, as said, majority of people experience much higher privacy just by dumping Google/FB and using an ad-blocker.
If advertisers can't reach me then why should I be concerned what they collect about me?
I do not see any ads, I use gmail and gcal. Genuine question - I understand I'm still 'the product' as far as they're concerned but it's a broken loop if they don't get my eyeballs. Help me understand anything I'm missing.
I'm currently not motivated enough to move out of google products.
It might sound a bit radical, but I think, even using rival's products to decrease Google's monopoly is an achievement on its own. To be honest, Firefox is somewhat an inferior product compared to Chrome, but I use it just to increase diversity in browser marketplace.
Regarding their cloud business, I think it's fine to use AWS. However, I'm kind of against their online shop, since there are many reports that they abuse their employees in warehouses.
A rule of thumb is that the more you pay for online services, the more pleasant, more privacy-respecting, and better support you have in the services you use. I use email hosts, file hosts, git hosts, and video hosts that are quite expensive, but the cost is totally worth it when you get used to the quality of service and product you get. There is very little reason for a company to sell your data when they make $200/yr from you. Even a slight rumor based on a misinterpretation of their privacy policy could lose them thousands of customers and thus 6 figures, and unlike the free services that couldn't care less if they lost thousands, they try very hard to keep their privacy policies honest and clear. It's just an application of the saying "you get what you pay for."
I don't want to feel like an advertisement, but here are some "expensive" services that make me feel that I'm using their product instead of being their product. The following are some services I'm proud to pay their amount for.
After convincing myself to do this kind of a switch, I noticed the experience using open protocols (IMAP, CardDAV and CalDAV) on Android isn't perfect.
First of all, I had to buy a 3rd party app that does CardDAV and CalDAV syncing, because unlike iOS, Android doesn't support it natively.
Secondly, IMAP doesn't come close to what I was used to with Gmail. And I'm not talking about the lack of good global search, I mean the general responsiveness when reading emails. No matter which client I use (I currently settled on Outlook), things seem to load for a long time, sometimes freeze, etc.
Thirdly, all the Google supplied apps technically have support for other providers, but the Google account is clearly a first class citizen. E.g. adding/removing a generic IMAP account simply makes it appear/disappear from the sidebar in the Gmail app. You can never truly hide the Google account. You CAN disable syncing, but it will remain in the app and you can easily re-enable it accidentally if you just tap it in the sidebar.
Anyone have similar experience? What do you recommend? Are there any commercial clients with a better user experience? Should I give up and move to iOS?
> First of all, I had to buy a 3rd party app that does CardDAV and CalDAV syncing, because unlike iOS, Android doesn't support it natively.
Android is made by Google and they now have an interest in not promoting open protocols. They are no longer the underdog, so it's in their best interest to push their proprietary protocols. It doesn't always work, the former Google Talk was great because it was light and compatible with XMPP, it all went to shit after Hangouts happened and I'm glad that Hangouts is almost dead.
Either way, you need to recognize that if Android doesn't work well with CardDAV / CalDAV, that's a problem that Google is creating.
> IMAP doesn't come close to what I was used to with Gmail. And I'm not talking about the lack of good global search, I mean the general responsiveness when reading emails. No matter which client I use.
If you're using Gmail, again, that's not fair because their IMAP implementation isn't that great. I haven't had any problems with iOS's Mail or with MailMate (https://freron.com/), in combination with FastMail.
Speaking of which, I use MailMate with my Gmail accounts too, because I love it and all third-party email apps work better with FastMail, because Gmail's IMAP is not standard; e.g. labels are IMAP folders instead of IMAP keywords, so you get duplicate emails and the client needs to do tricks to reconcile the two.
I also use Gmail accounts on iOS and Gmail doesn't do push email on iOS (FastMail does), but I don't mind it so much to be honest. I don't like being bombarded with notifications, so if email notifications from Gmail are a minute late, it doesn't matter.
And it should go without saying that if you want push notifications on Android's Gmail app, then you can't use IMAP. I don't know of any good solutions for Android, I was a user of K9 because it's open source and does push notifications for IMAP, but it's not great.
And now I'm an iOS user because it has better support for open protocols, even if I was a die hard Android fan. I might reconsider for my next phone, I might get back to Android, but when I do, I'll factor in the cost of using open protocols, because it's Android's fault for IMAP, CardDAV and CalDAV not working well.
It's always funny to me to see alternatives to YouTube. The creators I like are on YouTube and rarely anywhere else. So while if I wanted to start vlogging, I might choose Vimeo, I'm tied into going to YT to see the content I want.
It's like saying "for an alternative to NBC, try CBS". OK fine but Cheers airs on NBC, now what.
You can use Youtube as a producer, or a consumer (or both). You are right that as a consumer, you are part of a captive audience.
But as a producer, the others might be a good alternative - especially if you are not trying to monetize and/or rely on YouTube recommendation to get discovered. If you're posting family videos for aunt Mildred, and an instructional video linked to your blog post - then there are perfectly fine alternatives to YouTube - of which most people are completely unaware.
Last week I tried to improve my online privacy and removed all Google products from my life. In short, here's what I did:
1. Replaced my Google G-Suite with Proton Mail and a self hosted Nextcloud
The process was fairly easy: Just export all your mails and import them into Proton Mail. After that I've exported Google Drive data, contacts and calendar and imported everything into Nextcloud. This all took around two hours (including the Nextcloud setup).
The only "issue" was dealing with services where I use my G-Suite account as a login, but most of them allowed you to set a password so you can log in with email.
Nextcloud has amazing one click install apps that offer the same features that Google has (video calls, docs, notes etc.).
2. Removing Google from my Android phone
For that I flashed LineageOS for microG. The great thing with this is, that you can install and use all apps you normally have but without having Google Services installed. As a PlayStore alternative you can use F-Droid and Yalp Store. Anyone who installed a custom ROM before will have it running in under an hour.
3. Securing my network with a PI-Hole and Proton VPN
For devices like my phone, laptop and desktop I installed Proton VPN. As a browser for mobile and desktop I use Firefox with uBlock origin. For everything else (like "smart" devices etc.) I installed a Pi-Hole (basically Easy-List on network level) to remove ads and tracking scripts.
These were only the major steps that I've taken. So far I don't have any regrets about it and I haven't faced any limitations with the alternatives I use now.
If anyone has questions or ideas for further improvement, let me know.
I know that apple Mail and ProtonMail's are enabled by default. Don't know about others - I don't use them, but I expect it to be same, as defaults are always set for user convenience, not privacy.
You probably should install something like LineageOS to replace stock Android and avoid installing any Google apps/services if you want to be Google-free... (use f-droid or Yalp to find apps). Because if you replace all Google products with alternatives but have a Google service running on your phone 24/7, what's the point?
Absolutely. Last year Google was tracking the location of Android devices that used its push messaging service (so basically all of them) even when privacy features were turned on. Installing a Google-free custom rom is the only solution to prevent this. I have been using LineageOS without Gapps for the past month, and it's worked superbly.
One problem that I found with Lineage without GApps (using microG) was that GPS was done for. I couldn't use any map application for navigation, nor book a cab using Uber (their web interface kept denying my payment methods), etc. There were times when I was at a tough spot with friends and family -- trying to book a cab but couldn't. Again, using Uber is sending a tracking signal but it's either that or paying 2x the amount to a local cab.
So google play services is the necessary evil that I have to keep using even after switching to Lineage. I'm back to using them again, but PlayStore and PlayServices are the only two google apps that I have currently. I try getting most of my apps from FDroid -- my filter for "good" apps is mostly how active the repo is, not great but it works.
I've moved my mail over to Fastmail, and looking alternatives to Google Drive (Backblaze B2 is one that I'm thinking of). The problem with all of these non-google alternatives is although they're only slightly inconvenient for me, they're almost impossible for my family to use (B2 for example doesn't have an app).
I wonder, am I the only one who's actually happy to be a paid up Google customer? I own a Chromebook and an Android phone and have migrated absolutely everything onto google drive, play and photos. It's a wonderfully relaxing compute experience. Everything just works and works well.
Yes I know they're mining data about me and are likely making money off that. But has that actually had a tangible negative effect on my life in any way at all? I'm not aware of anything bad, and their products are a boon to my life.
I've invested in a couple of other web sites to satisfy my requirements (like picmonkey) and have a DigitalOcean account for my VM needs, but that's it.
I installed etar, but I fail to see how this is a replacement for Google calendar. It is a nice app with seemingly identical functionality that still reads and works with my Google calendar feed and seemingly nothing else. If Google still hosts my calendar, then this app isn't providing anything of value privacy wise. Am I missing something here? I've been looking for a Google calendar replacement that respects privacy for years. I hear rumors proton mail might get one at some point... but I'm not holding my breath.
This site is so obviously trying to sell everyone VPN software for affiliate revenue. The aggressive SEO structure is a pretty clear tell. So color me skeptical in terms of their advice.
Google Photos would be the most difficult thing for me to leave behind. Nothing to my knowledge even comes close in terms of functionality. A year or two ago I tried Microsoft's equivalent in OneDrive and it was absolutely abysmal, the web interface barely functioned with a few thousand photos.
Not to mention the search works so well, I don't know how I'd replace it for finding things. I would take an eternity to go back and tag all of my photos.
Anyone know why G Suite (the paid version of Gmail) is not considered private? From the site it says they are encrypted, regularly audited by 3rd parties and not used for ads.
I've used alternatives (namely ProtonMail), but the experience is not as good as Gmail.
I would like to see more projects that make robust self-hosting easier and friendlier. That would make decentralization of the Internet services actually more fun.
Today, only people who basically live inside terminal emulators have a fair chance of correctly configuring and running a server with mail/webdav/www/webindex/dns/git, and all of that with letsencrypt.
I switched to DuckDuckGo for a while, and noticed I was having trouble finding things. When I then compared specific searches with Google, it was clear to me that I was getting a superior quality of searches with Google. This disappoints me. I would gladly prefer the alternative, but I can’t add many minutes to my day of work trying to find stuff that should be easy.
Advice here is to toss the !g bang on when you think you aren’t getting what you need. AFAIK this is still better than using google itself because the search is from DDG’s servers and not your personal IP (I could be wrong here though)
Aside from the philosophical argument that is being had in the comment section, there are obvious services missing. Android, for one, because what good are all these alternatives if you run it on a Google OS and then there are the actual moneymakers, namely Adsense/Adwords. What's the alternative for those? Are there any?
Again, like I or others mentioned before. If you don't want to be the product, you just have to pay the equivalent of a beer in month [0]. You need a own domain, but who doesn't these days?
No, the G Suite product has a clearly defined privacy policy that's quite different to the usual Google one. If Google violates it they'll be liable to be sued for millions, at the least.
It's not "expecting to be nice", it's "entering into a legal and business relationship that stipulates niceness".
Page 16 directly mentions:
"G Suite customers own their data, not Google. The data that G Suite
organizations and users put into our systems is theirs, and we do not scan
it for advertisements nor sell it to third parties."
I guess, for me this is good enough and the 4 euros a month are negligible for the huge advantage of using the gsuite.
Could not find full GSuite policy, hmm. The best I got is [1]. They do scan stuff, and for a long (con:) game, it is priceless. They'll have your kids school scores for example.
scan and index your data to provide you with your services and to protect your data, such as to perform spam and malware detection, to sort email for features like Priority Inbox and to return fast, powerful search results when users search for information in their accounts.
I do. They have too much access to too many people's data. And making billions on the data. Plus having biggest infrastructure and buying best AI and ML brains in bulk. I hope you can add all this together and see the picture.
Kids worry me the most, as this G.Education is pushed on them without choice, being profiled from 1st grade.
Some people trust a company to outlive their domain registrations, and hence prefer not to use a custom domain.
A custom domain, commonly of the <firstnamelastname> format, also leaks personal information every time it’s used, whereas a consumer mail provider domain name doesn’t (as long as one chooses a somewhat random address).
> That doesn't make sense. Domains last for as long as you pay their <$10/year fee.
That exactly is the problem. Would most people feel confident that their offspring/relatives/friends keep their domain renewed after they're dead? If that doesn't happen at least for a decade or a few decades after the domain owner's death, then anyone who buys that domain may end up getting many external emails that reveal sensitive and confidential information. And what about forgetting to renew a domain within the approximately two months after expiry when it becomes available for someone else to grab it?
> How many people here still use hotmail.com or yahoo.com emails?
This is a complete non-issue in this context, because anyone who had these accounts and died (or forgot about them) wouldn't have their dead/deactivated email accounts taken over by someone else because the major providers don't recycle deleted or deactivated email addresses. Hence my point about some people trusting a company to outlive their domain registrations.
>> A custom domain, commonly of the <firstnamelastname> format, also leaks personal information every time it’s used
> It only leaks the info you want it to leak. Want to be pseudo-anonymous? Register something that's not your name. Wow, that was tough.
I already mentioned "commonly of the <firstnamelastname> format", and didn't really say that everyone does it. My point was an observation on how people seem to handle a custom domain. I see that it was tough to get my points across!
My biggest problem with this article is that it doesn’t do anything to address built in tracking google has on many pages. Companies embed little snippets of google JavaScript so they can take advantage of analytics. As a result, google can track you whether you use their products directly or not.
And that's exactly why stuff like uBlock Origin / uMatrix / Disconnect / Privacy Badger is not just ethical, it's almost a moral imperative - they stop that kind of tracking, but not fetching those snippets from Google.
Decentraleyes aids further by moving the CDNs into your own machine, killing even the little tracking enabled by those CDNs.
Right. I recently had to debug an official app to a quite expensive enterprise application and was shocked that everything you do in that app is logged with Google. When I brought this up with the company they were furious.
I think they forced them to add an opt out flag. Or at least they tried.
Nice article as well, you could add Qwant & Searx for search; and Tutanota & Posteo for email (though Posteo is not free); and Mastodon for social, just my two cents.
I used to be a privacy advocate until I realized the futility of trying to thwart the data collectors. Our Information is everywhere whether we like it or not and the only way to avoid its aggregation is by not associating with the world and abandoning the convenience of modern technology. I feel like at some point we just have to accept the loss of privacy to gain better harmony within our communities.
I could empathize with your viewpoint more if not for the fact the lack of privacy wouldn’t be symmetrical. The middle and lower class will lose all semblance of privacy while the elite will be able to buy it. Case in point Mark Zuckerberg buying up that Hawaiian island.
Not only is it unfair but when the rich are just getting richer them having privacy while no one else does just allows for so many more ways for the poor to get screwed.
I don't think I quite understand your argument, could you please elaborate a bit? I have always been under the assumption that fame grows linearly with wealth and the more famous someone is the less privacy they hold. Is that inaccurate? I could tell you that Warren Buffet is 1.78 m tall and that I know where he was born but I honestly know nothing about the minimum-wage-working Bob Smith.
If you were to find the most personal details of this Mr. Smith it would be far easier to do that. You could sit outside his house whole day long and observe his every move, dumpster dive into his trash and get documents, even bribe a certain official and get more info out of him/ her. I don't think any of that will be possible in the case of Warren Buffet.
That will be very difficult to do with Warren Buffet because he assumes that people will already be trying to do that. Mr. Smith, on the other hand, knows that he is low profile enough to be ignored among the masses. I fail to see why anyone would spend the time stalking someone who is not wealthy; the return value of finding information on Mr. Smith is not worth the trouble.
If anything, Ad companies would more aggressively target the wealthy because they have more money to spend.
I'm glad you mentioned this- something that perplexed me a lot this year about the uproar on privacy is how people expect to have the ability to upload unlimited amount of personal images and videos for free, make internet call for free and somehow don't expect these companies to make money. And privacy is currency unfortunately- if we were in a perfect society everything will be open sourced and like signal all tech companies will be publicly funded- but it's not. We fail to see value in these companies and what they do and instead demonize them. Hopefully someone can let me see what I'm missing.
After DDG recently switched to imprecise search, ignoring what I really search for, the same way as Google does for a while, I don't see any use for it anymore.
Is there another good alternative for precise search? Thanks
What about Android? Android allegedly collects your data too. If you are running all your apps on an Android phone, all these replacements don't really mean anything.
I want universities back in their role of defining and creating the basic services we need on the internet. Corporations have shown they can't handle it. A few large open source organizations like Mozilla are now doing the work of universities, but they don't have the financial backing of governments, so it's a miracle they even exist.
Corporations can go back to their role of creating hardware. They have no business looking at our data.
I use Nextcloud since a few years now and I have to say I am quite happy.
Sometimes the devs have some awkward attitude towards not supporting the latest stable PHP version with their current version, but overall they do a decent job and every major release brings cool new features. With KDE the desktop integration is quite nice (don't know about other desktops).
Thanks for list but I am always worried about what if the new ,safe,better privacy provider is bought by Google or <any company which we are trying to avoid> ? Referring the recent history we have seen many good products just bought up and they changed their business model e.g WhatsUp
I considered many of these alternatives (I am a Google fanboy but wanted to host a few things myself, notably Seafile) but never found any alternative to Docs and their multiuser concurrent edition capabilities. I think this is a know-how particularly difficult to reproduce.
Perhaps I'm off base, but there's an awful lot of other tracking possible by Google - how many sites are pulling fonts, compressed JS libraries, etc from Google but don't have a referer policy defined? Decentraleyes and the like may help, but are they foolproof?
The URL restoreprivacy.com is an interesting choice, considering that the Internet and browsers were never private and weren't designed for privacy. The Internet was designed to be redundant and persistent, both of which are effectively non-private qualities.
I use Nextcloud (files, contacts, calendar, notes), Firefox on all the things and pay for email. My last "things" are the play store and Google maps, I can't seem to shake them (I love paying for good apps and gmaps is the best nav app imho).
I run it on my server in the basement, but you could go for a Digital Ocean droplet, there used to be "one click" installs, but I'm not finding those anymore [0]. There are a lot of tutorials thought you could use. This is my referral link which will get you 10$ and me 25$ [1] (runs a 5$ droplet for 2 months with more than enough specs, if you need more space, that is also easily achieved at DO). Or use this link from Jupiter broadcasting (Linux Unplugged podcast) for a two months 100$ credit [2] (probably there are other codes to getting that 100$ referral discount, this is the one I know).
As much as i like OpenStreetMaps, i wouldn't really consider it a great alternative for google maps.
Consider making a small application to find the nearest cofee shop. OSM might have 10% of the POI coverage that Google has. And that 10% likely has some stale data.
Anyone know of an alternative email client that sorts your mail intelligently into promotions, updates, forums, primary like Gmail does? That's had such a positive impact on my productivity I can't leave it behind (I've tried).
It's pretty easy (less than 2 hours work per quarter) to build your own filtering system that works similarly effectively.
Google built a bunch of ML systems that work by default for everyone. Personally, I just have a bunch of filters setup that do the same thing. Has taken minimal effort but some discipline to file incoming emails based on my own patterns.
This is what I've done as well. Mostly for social updates. Even when I was on Gmail, I found issues using smart labels because they weren't supported by other IMAP clients: It's still one big inbox. So I ended up creating my own filter rules to move them to a different folder. I've done the same for some of the more prolific marketing emails I still want to receive but don't want cluttering my inbox.
(Note that FastMail does have filters that classify your inbox like Gmail: Personal, Notifications, and Mailing Lists. But while I highly recommend FastMail, I don't use those features because the aforementioned manual sorting rules are better, I brought them over when I migrated as well.)
I am not aware of Readdle doing anything bad or having a bad reputation. How is it bad for privacy, just asking because I’m a regular user and would switch if it’s not good for privacy.
Outlook's focused and other segregation works well enough for me. I like the fact that in case of a miscategorization, it gives you very clear and explicit knobs to turn. Gmail classification always remains somewhat mysterious to me.
I only had trouble with Google's "intelligent" sorting; you're better off with a proper filter system, like sieve, and setting it up for yourself. Eg. I remember reservation confirmations going into "promotions".
if you go under 'privacy checkup' you could easily turn off any data tracking that you don't want to share with google.
This website I think is kind of misleading we are not 'surrendering' our data as the website suggest, we are still in control of our own data, and we could control of how much data we want to share or don't want to share with google. And all those sharing also has benefits to increase the user experience. On top of that there is always a paid version like youtube where you don't get to see any ads.
If you use something like protonmail aren't you sending a signal like, "Look at me I've got something to hide!"?
If I were role-playing as some mighty and wealthy intelligence bureaucracy, I'd likely monitor anyone using such services as well as Tor, etc. No?
I do like protonmail btw and am concerned about privacy in general, esp for the maintenance of democracy. And I'm not at all against the intelligence bureaucracies, presuming that their true goals are... to protect and serve, and that they are law abiding and accountable.
I think it's more about adhering to ones own values than keeping your mail secure from rouge nation states. For example, I don't use google (except for the occasional search) and use privacy focused products almost exclusively instead. Yet if a government agency decides to violate my privacy, they wont find anything of interest.
It's about doing what you can.
Besides, using privacy focused products sends a clear signal to companies that privacy is something we want.
or promoting secure communications and having your own privacy too. if everyone is using these means do you still stand out.
it can make you stand out but if the security is good they may have to use indirect means to compromise you you would need to be quit a person of interest i would think though for that.
I pay for Google Apps, $5/month and I'm quite certain the anti-privacy factor is drastically reduced vs when one just freeloads their apps where as the OP says, "you are the product."
I would be interested in hearing any feedback from folks here about the email providers listed in this article. Or any other alternatives that people have had good success with.
Any alternatives to Inbox? It's one of the biggest reasons why i am stuck in the google ecosystem. I can't go back to a normal email interface anymore.
If you live in China its game over anyway :) Get a VPN, somehow, and create non-Chinese iCloud accounts. Always on VPN is actually a good thing everywhere.
Always on VPN hinders my productivity. I live in China and sometimes the VPN connection stalls so while the my operating system indicates it is active, packets aren't being sent/received (I'm on macOS/iOS). Resetting my VPN connection does the trick, but my point is that VPNs aren't stable in China. I need them but I'm annoyed when data isn't pushed/pulled when I expect it to be.
> connection logs including the date of the connection (not the time) and the server used. The total amount of data transferred per user is also monitored. ExpressVPN doesn’t log your IP but the connection logs are tied to the user account.[0]
Even in US, Apple regularly gives data dumps to US government. iCloud DOES NOT have the same privacy guarantees than iMessage and similar. The iCloud Privacy Policy closely mirrors Googles.
Please know that Apple will continue its work with law enforcement. We share law enforcement's concerns about the threat to citizens and we work closely with authorities to comply with legal requests for data that have helped solve complex crimes. Thousands of times every month, we give governments information about Apple customers and devices, in response to warrants and other forms of legal process. We have a team that responds to those requests 24 hours a day. Strong encryption does not eliminate Apple’s ability to give law enforcement meta-data or any of a number of other very useful categories of data.
There are plenty of discussions on HN (including ones where you've participated) regarding privacy. Different people value privacy differently (and privacy means different things to different people). You may not value it as much as others, and that's fine. Ignoring this as you have here with what appears to be a naïve question amounts to trolling. Please don't.
Is it wrong for me to trust Google? I think they have really great secure systems. Their security is the best, imo. Privacy is a bit of concern. I wish they came up with a win-win solution fir that. I dont have prob woth data collection, i provide data for making their systems better,ad targeting, they give me great services, and my data doesn't get sold. Plus, indirectly even Apple and other product users do benefit from it coz google is ahead of others in ML due to the vast data analysis they can do, and when they publish their results and papers, other researchers look at them and kearn from it. But i guess, the last part of my reasoning ( just thought if it right now) is somewhat dipshit coz this is quite obvious. But i think contrary to other's beliefs Google's impact on internet had been very positive. I mean they open sourced so many web standards without taking royalty. Had it been MS,apple they would not have hesitated. I read the book The Google Guys when I was 13, since then have been a G fan, tho I am rational, acknowledge their mistakes,which is difficult to do. Also, as a STEM enthusiast Google's research culture has always attracted me. Larry,sergey were the first 2 people I sorta idolized. Also, Google services like Youtube, Google have benefited me a lot as a student. Due to all tgese reasons, i am a bit biased towards Google. Tho, i try to filter out buas whenever I can.
I recognize that other people value privacy more than I do. I also recognize that privacy is unsustainable and unlikely to survive in the future.
I see people seeking privacy as I see technophobes. I'm sure they're genuinely concerned, but I can't help but think they're mistaken. I think it's important to change their minds, as they're otherwise making the transition to a post-privacy world very difficult.
I've asked this question many times before, and nobody managed to explain how privacy would survive through the next 100 years of technological progress. That alone makes me think privacy is not a long-term solution.
Only a handful of people have clarified their position in defense of privacy as temporary and pragmatic (as opposed to ideal). They think that privacy is bad, but they prefer it to the alternative given today's context. I can appreciate this position, and I find it a lot more reasonable than the usual "privacy is good" most people seem to blindly accept.
Ultimately, I'd like to discuss strategies to make the transition to a post-privacy world smoother. This whole pro-privacy sentiment makes it very difficult.
I'm actually more worried about Google banning my account and every service along with it, and having no way to get it back or even speak to a human about it because I don't have a large Twitter following or a buddy that works at Google.
That sounds like a reasonable concern. I generally worry more about alternative options being bought by someone else, or languishing / deprecation.
In either case, the subject of a decent article might be: setting up automated exports from service features like Takeout, to mitigate the risk of personal service account closures and disruptions.
> What's wrong with data collection and tracking? Privacy seems extremely overrated here on HN. Am I missing something?
Plenty wrong. It seems you're not new here so I'm amazed you asked that question. Have you been living under a rock in 2013?
Just to start, it creates a big power imbalance between consumer and corporations [1] and due to the tightly knit relationship between the Pentagon and Silicon Valley it's also a civil liberties problem [2]. It also screws with your ideology by turning your internet usage into an echo chamber.
Is a power imbalance necessarily wrong? Is it avoidable? Is it suddenly OK if you try to avoid the imbalance but swap one entity for another (dependent on companies versus dependent on your own time/ability to audit code)?
> Is it suddenly OK if you try to avoid the imbalance but swap one entity for another (dependent on companies versus dependent on your own time/ability to audit code)?
It's never 'suddenly' OK. More like 'eventually' OK, as you know, you need to take the time to audit code, etc..
I'm an engineer working on Firefox Platform (Gecko). In the linked blog post, the author recommends Firefox (thanks!) and links to a "privacy recommendations" for it, which include items such as "resistFingerprinting" settings.
I'd like to remind everyone that turning on this setting has far fetched consequences to how you experience the Web. Your dates, timezones, preferred languages will all be masked which will result in weird experiences.
The option is behind a flag and without UI precisely because it is a pretty complex feature, that we didn't iron out yet, and which should be well understood before being used.
It concerns me to see it being references and recommended without any explanation whatsoever.
Of course I'm likely biased because I'm on the receiving end of bug reports from people who experience the Web in weird languages and with wrong timezones because they followed some tutorial that recommended it. :(