The Road to Privacy

April 30, 2020

In another article, I state my opinion on privacy in the 21st century. Instead, let us review some changes I have made in an attempt to improve my own practices around safeguarding my data. The following changes are not exhaustive and in some cases (some may argue) may not seem to make an appreciable difference, e.g., migrating from Android to iPhone, but it is a start.

Mobile

Likely the most contentious of changes, some may argue, but I develop technology for a living and I cannot quite rid myself of a stable smartphone. Pinephone, LineageOS and others are active Google-free Android OS under development, but I need a reliable device, not a computer to tinker with when some basic feature does not work. I imagine the general populace has less patience than I do for these issues.

At the end of the day, most (if not all) cellular communication and data transfer is likely already monitored by someone. But, at the OS level, we can make some changes. Google is an ad company. Yes, they have some really interesting products and technology, but at the end of the day, it all comes down to their core asset: serving ads. I surmise that most data collected through their services are for this purpose (some may be purely for the benefit of the user, but I doubt it). Apple is a hardware and software company. Ads are present in their platforms, but it is not a core business and their privacy page even explains, in specific terms, how they actively safeguard a user’s data.

The transition from Android, which I miss, to iPhone is mostly painless and offers the following and very compelling benefits:

  • No user location tracking with Apple Maps
  • E2E encrypted messaging in iMessage
  • No transaction tracking in Apple Pay

Out: Android

In: iPhone

Cloud

Out: Dropbox, Google Drive

In: Nextcloud Hub, SpiderOak

Productivity

Google Docs is still utilized, although at a diminishing rate. Joplin, an open-source note-taking app on steroids has proven capable and fits well within muy workflow. OnlyOffice offers a self-hosted alternative to Google Docs, which I plan to implement as soon as my Nextcloud instance is on v18.

Out: Google Docs

In: Joplin, OnlyOffice

Media

This does not inspire confidence.

Out: Google Photos

In: Plex, Nextcloud Hub

Communication

This is easy. Google is proficient at screwing up communication tools, so I migrated almost 2 years ago. From a privacy standpoint, Signal might offer the best security, but iMessage has a decent track record and Nextcloud Talk is a great way to chat with my son since it is tied to a user account and is installed on my on-premise server.

Out: Google Hangouts

In: iMessage, Signal, Nextcloud Talk

Web

Out: Google Search, Google Chrome

In: Duck Duck Go, Firefox, EFF Privacy Badger, uBlock Origin, Pi Hole

Mapping

Google Maps remains the contender to top in terms of user experience, reliability and features, but Apple Maps has improved tremendously over the past 2 years. I have not had any navigation issues in the last 6 months of using it. As previously mentioned, Apple Maps does not track user location history.

Out: Google Maps

In: Apple Maps

Social Media

I have not used any of the services listed below, but they are on my shortlist to try. Many of these operate using the fediverse model as opposed to a central authority.

Out: all of them

In: Matrix, Mastadon, Pixelfed, face to face conversations?

Voice

Getting rid of the Google Home was tough. It is a really fascinating product that enabled smart home and music control with ease. Alexa is smart enough to play some music, but still useful. Regrettably, I have not really produced any equivalent scenario to my satisfaction, which is a shame because voice UX is hugely empowering and efficient. Siri from Apple is a possible contender, but I admit that my research into this product has been light.

Out: Google Home, Alexa

In: Almond or Mycroft?

Smart Home

This area is a work in progress, but the general goal is to preserve as much local control as possible. It seems ironic that to preserve local rules and effects, a service, e.g., Smartthings, requires an active internet connection. Please, no. IoT security is often an afterthought and more frequently a nightmare for end users. See how Nest, Ring have been compromised. At least on the security front, the major players have added two factor authentication (2FA) as a means to bolster account security, but does little in the way of enhancing account privacy.

Out: Nest, Ring, Smartthings

In: Home Assistant, MotionEye

Areas In Need of Help

Email

This most difficult services to let go of might be Gmail and Google Calendar. I have a Proton Mail account, but really, it is sort of pointless to have encrypted email unless all other recipients are using a similar system. This may be an area that I must settle on a compromise. I may consider finding an alternative paid mail provider since running my own is of little interest and tends to cause more trouble than it is worth.

RSS

Nextcloud has a RSS aggregator app and I might give this a try. I have heard that TinyTinyRSS is great as well.In th meantime, I started using Feedly as soon as Google Reader shut down and I am a fan of the service. Lately, though, Feedly has taken the approach of adding more fluff and is seemingly targeting power users and team collaboration for effective use of the tool. Also, their pricing has increased, so I might be falling out of their target.

YouTube

It’s a great learning resource and the suggestion engine is equal parts useful and annoying. I would be ok with finding videos based on explicit actions of following them instead of fringe videos or “what’s popular.” No, I do not care about Taylor Swift’s new song, but I am interested in propogating fig cuttings.

Further, As a Google Play Music subscriber, I watch YouTube without ads. This is a big user experience win. Most likely, my actions are tracked for serving ads in other part of Google’s platform, but my reduced reliance on Google in general means this is less important

Google Play Music

This is supposedly getting phased out in favor of YouTube Music, which I do not care for, so I may switch to a high res service such as Spotify, Tidal or Quboz (although not sure what their privacy policy is like).

Conclusion

The list of services is not conclusive and only explores the start of my journey in taking back control of my data. Making these changes require a fair amount of effort from research to implementation and will likely not appeal to the masses, but I am hopeful that federated services or decentralized apps (dApps) might offer a great blend of convenience and privacy in the near future.

Here is a compilation in tabular form:

Category Out In
Mobile Android iOS
Cloud Dropbox, Google Drive Nextcloud, SpiderOak
Productivity Google Docs Joplin, OnlyOffice
Media Google Photos Plex, Nextcloud
Communication Google Hangouts iMessage, Signal, Nextcloud Talk
Web Google Search, Google Chroem Duck Duck Go, Firefox, Eff Privacy Badger, uBlock Origin, Pi Hole
Mapping Google Maps Apple Maps
Social Media FB, Twitter, Instagram, Etc.. Matrix, Mastadon, Pixelfed, face to face conversations?
Voice Google Home, Alexa Almond, Mycroft
Smart Home Next, Ring, Smartthings Home Assistant, MotionEye