The Road to Privacy
April 30, 2020
In another article, I state my opinion on privacy in the 21st century. Instead, let us review some changes I have made in an attempt to improve my own practices around safeguarding my data. The following changes are not exhaustive and in some cases (some may argue) may not seem to make an appreciable difference, e.g., migrating from Android to iPhone, but it is a start.
Mobile
Likely the most contentious of changes, some may argue, but I develop technology for a living and I cannot quite rid myself of a stable smartphone. Pinephone, LineageOS and others are active Google-free Android OS under development, but I need a reliable device, not a computer to tinker with when some basic feature does not work. I imagine the general populace has less patience than I do for these issues.
At the end of the day, most (if not all) cellular communication and data transfer is likely already monitored by someone. But, at the OS level, we can make some changes. Google is an ad company. Yes, they have some really interesting products and technology, but at the end of the day, it all comes down to their core asset: serving ads. I surmise that most data collected through their services are for this purpose (some may be purely for the benefit of the user, but I doubt it). Apple is a hardware and software company. Ads are present in their platforms, but it is not a core business and their privacy page even explains, in specific terms, how they actively safeguard a user’s data.
The transition from Android, which I miss, to iPhone is mostly painless and offers the following and very compelling benefits:
- No user location tracking with Apple Maps
- E2E encrypted messaging in iMessage
- No transaction tracking in Apple Pay
Out: Android
In: iPhone
Cloud
Out: Dropbox, Google Drive
In: Nextcloud Hub, SpiderOak
Productivity
Google Docs is still utilized, although at a diminishing rate. Joplin, an open-source note-taking app on steroids has proven capable and fits well within muy workflow. OnlyOffice offers a self-hosted alternative to Google Docs, which I plan to implement as soon as my Nextcloud instance is on v18.
Out: Google Docs
In: Joplin, OnlyOffice
Media
This does not inspire confidence.
Out: Google Photos
In: Plex, Nextcloud Hub
Communication
This is easy. Google is proficient at screwing up communication tools, so I migrated almost 2 years ago. From a privacy standpoint, Signal might offer the best security, but iMessage has a decent track record and Nextcloud Talk is a great way to chat with my son since it is tied to a user account and is installed on my on-premise server.
Out: Google Hangouts
In: iMessage, Signal, Nextcloud Talk
Web
Out: Google Search, Google Chrome
In: Duck Duck Go, Firefox, EFF Privacy Badger, uBlock Origin, Pi Hole
Mapping
Google Maps remains the contender to top in terms of user experience, reliability and features, but Apple Maps has improved tremendously over the past 2 years. I have not had any navigation issues in the last 6 months of using it. As previously mentioned, Apple Maps does not track user location history.
Out: Google Maps
In: Apple Maps
Social Media
I have not used any of the services listed below, but they are on my shortlist to try. Many of these operate using the fediverse model as opposed to a central authority.
Out: all of them
In: Matrix, Mastadon, Pixelfed, face to face conversations?
Voice
Getting rid of the Google Home was tough. It is a really fascinating product that enabled smart home and music control with ease. Alexa is smart enough to play some music, but still useful. Regrettably, I have not really produced any equivalent scenario to my satisfaction, which is a shame because voice UX is hugely empowering and efficient. Siri from Apple is a possible contender, but I admit that my research into this product has been light.
Out: Google Home, Alexa
In: Almond or Mycroft?
Smart Home
This area is a work in progress, but the general goal is to preserve as much local control as possible. It seems ironic that to preserve local rules and effects, a service, e.g., Smartthings, requires an active internet connection. Please, no. IoT security is often an afterthought and more frequently a nightmare for end users. See how Nest, Ring have been compromised. At least on the security front, the major players have added two factor authentication (2FA) as a means to bolster account security, but does little in the way of enhancing account privacy.
Out: Nest, Ring, Smartthings
In: Home Assistant, MotionEye
Areas In Need of Help
This most difficult services to let go of might be Gmail and Google Calendar. I have a Proton Mail account, but really, it is sort of pointless to have encrypted email unless all other recipients are using a similar system. This may be an area that I must settle on a compromise. I may consider finding an alternative paid mail provider since running my own is of little interest and tends to cause more trouble than it is worth.
RSS
Nextcloud has a RSS aggregator app and I might give this a try. I have heard that TinyTinyRSS is great as well.In th meantime, I started using Feedly as soon as Google Reader shut down and I am a fan of the service. Lately, though, Feedly has taken the approach of adding more fluff and is seemingly targeting power users and team collaboration for effective use of the tool. Also, their pricing has increased, so I might be falling out of their target.
YouTube
It’s a great learning resource and the suggestion engine is equal parts useful and annoying. I would be ok with finding videos based on explicit actions of following them instead of fringe videos or “what’s popular.” No, I do not care about Taylor Swift’s new song, but I am interested in propogating fig cuttings.
Further, As a Google Play Music subscriber, I watch YouTube without ads. This is a big user experience win. Most likely, my actions are tracked for serving ads in other part of Google’s platform, but my reduced reliance on Google in general means this is less important
Google Play Music
This is supposedly getting phased out in favor of YouTube Music, which I do not care for, so I may switch to a high res service such as Spotify, Tidal or Quboz (although not sure what their privacy policy is like).
Conclusion
The list of services is not conclusive and only explores the start of my journey in taking back control of my data. Making these changes require a fair amount of effort from research to implementation and will likely not appeal to the masses, but I am hopeful that federated services or decentralized apps (dApps) might offer a great blend of convenience and privacy in the near future.
Here is a compilation in tabular form:
Category | Out | In |
---|---|---|
Mobile | Android | iOS |
Cloud | Dropbox, Google Drive | Nextcloud, SpiderOak |
Productivity | Google Docs | Joplin, OnlyOffice |
Media | Google Photos | Plex, Nextcloud |
Communication | Google Hangouts | iMessage, Signal, Nextcloud Talk |
Web | Google Search, Google Chroem | Duck Duck Go, Firefox, Eff Privacy Badger, uBlock Origin, Pi Hole |
Mapping | Google Maps | Apple Maps |
Social Media | FB, Twitter, Instagram, Etc.. | Matrix, Mastadon, Pixelfed, face to face conversations? |
Voice | Google Home, Alexa | Almond, Mycroft |
Smart Home | Next, Ring, Smartthings | Home Assistant, MotionEye |