Recent searches
Search options
Administered by:
Safety reminders for these times:
- Direct messages on Fedi are not encrypted.
- If your instance is hosted in the US, the admin has to comply with US law.
- Discord text chat is not encrypted. Video is.
- Encrypted group chats are only as secure as the people with access and their security practices.
If you're interested in protecting the contents of your conversations or work, follow the #privacy tag. People posts some really interesting things on there.
Your privacy protects your friends too. Do it for all of us.
An excellent step-by-step executable guide to implementing better privacy. https://www.optoutproject.net/the-cyber-cleanse-take-back-your-digital-footprint/
Recommended privacy people:
- @Em0nM4stodon
- @techlore
- @privacyguides
- @thenewoil
More advice from smarter people:
- Passwords & General Privacy hygiene: https://infosec.exchange/@avoidthehack/113867140078775299
- VPNs: https://mas.to/@joeturner/113867181288155342
Recommended privacy communities:
- https://discuss.techlore.tech
- https://discuss.privacyguides.net
The rest of this thread describes options that I'm considering and my personal privacy journey.
(Thanks to @joeturner@mas.to and everyone else in the community for your recommendations.)
Tracking bits of this migration via the #MayDeFAANGing tag.
I'm also in the middle of cleaning up my own tool suite. This is what I'm moving to as time permits and I can afford it. It's okay if you can't do it all.
I want to fully recognize that this move isn't easy. Decommissioning bad places is more important than choosing the perfect place. One piece at a time.
Legend:
- 
I've moved
- 
I'm here, but I'm not yet a purist
- 
I'll get there
Communications:
- Socials: / ActivityPub (You are here!)
- Chat: https://Signal.org. SMS is insecure, but also a bit harder to scrape.
- Video :
- Signal for friends.
- https://meet.jit.si (sign in required)
- https://p2p.mirotalk.com (No sign in).
- Email:
Note: You might want to get your own domain/host with your email address so that you can keep your email regardless of provider. https://www.icdsoft.com/ was recommended.
Otherwise:
- https://Tuta.com
- https://Startmail.com
- (affordable) https://Mailbox.org
- (affordable) https://posteo.de
- Protonmail**
Internet:
- Browser:
- https://LibreWolf.net is what a lot of people recommend.
- https://Firefox.com if you're okay with their move towards AI & advertising.
- Blockers:
- https://privacybadger.org,
- https://ublockorigin.com/
- Search: https://duckduckgo.com/ is probably fine.
- Clear your cookies and say no to their 783 partners who process your data.
Passwords & Authentication:
- https://Bitwarden.com/ for passwords
- Get a non-Google 2FA tool (https://Authy.com, https://Ente.io)
Productivity:
- Docs :
- https://OnlyOffice.com (more online collab)
- https://LibreOffice.org
- https://Cryptpad.fr
- Sheets:
- Likely https://nocodb.com for all of those things that shouldn't have been a spreadsheet in the first place.
- Same as above, but I'm still undecided.
Cloud Storage Options:
(Still looking. Likely local.)
- https://cryptomator.org
- https://nextcloud.com
- https://owncloud.com/
- Proton Drive**
- (Photos) https://Ente.io
Other:
Maps: https://www.openstreetmap.org
VPN: ProtonVPN, IVPN, or Mullvad VPN (See linked post above).
See? There are not a lot of green checks. This is HARD. The walled gardens are hard to escape. That's okay. One step at a time. You can see how bad my current ecosystem is in the next post.
**Note about Proton:
- I don't want to give Proton more money for political reasons. They're fine as a privacy tool if you ignore the politics. We can't afford to ignore the politics. Reason: https://neuromatch.social/@jonny/113834852385021286
For full transparency, here are all the bad privacy places I still occupy. It's a lot.
Email:
- Gmail is my primary driver. Slowly migrating things to my Protonmail, but uh.... Yeah.
- Google Calendar runs my life. This is the most important thing to move, but also the hardest for me.
- Yahoo. This is where my commercial spam goes. I don't look here.
Chat:
- Whatsapp. I'll try to move my family, I guess.
- Snapchat. It has no permissions. Rarely use it.
Socials in order of how much I use them:
- Discord. It's where my friends and community are. I'm staying here.
- Bluesky. It's not bad yet, but I'm ready to leave if it is. It's where Canadian politics and product chatter live. The Fedi still has my heart.
- Linkedin. It's a part of my work. I hate it with a passion.
- Facebook. Why I keep it. https://mstdn.ca/@MayInToronto/113790276980179446
Productivity:
- Google Maps. I have it set to delete all data. I love it and I don't know if I'll ever move.
- Google Drive
- Google Meets
- Google Docs (an easy move. I'll do this today.)
- Google Sheets (a harder move. I have scripts.)
- Notion (Paid). I'm honestly not sure what I use this for anymore. I hate the way it does formatting.
Guilty Pleasures:
- Spotify (This needs to go.)
- Youtube.
- Reddit. I managed to ditch it for 9 months, but this is an addiction. Going to try quit again.
Maybe when I have to replace my hardware:
- Stock Android Pixel.
- Windows 10.
You know, this list used to be a lot worse. Progress!
Things I've successfully abandoned/cleaned up that I can remember, in order:
- Chrome (only for testing and Google Meets)
- Google Authenticator
- Box
- Dropbox
- Zoom (unless someone else is initiating)
- Messenger (Stopped using, not deleted for reasons above)
- Spotify
Professional:
- Substack
- Mailchimp
- (Will likely drop Airtable soon too for NocoDB).
Ancient Zombie accounts:
- Livejournal (wiped!)
- Evernote (I forgot I had this. Found some emo posts from slightly too old for emo-posts May.)
(I feel like there was more, but 
.)
@mayintoronto excellent advice, May. Thanks.
@mayintoronto I've found https://www.privacytools.io/ to be a pretty good resource to find alternative apps for what I'm trying to do, they do still list Proton unfortunately.
@mayintoronto
Proton CEO openly supports fascism [citation needed].
@mayintoronto If you’re really looking for an as like-for-like alternative to Proton, Tuta is probably the closest simply for the fact they use “zero access” encryption for the inbox, which is critical imo. But there’s also Mailbox.org and StartMail, which “zero access” encrypt the inbox.
Fastmail doesn’t hold a candle to any of these - iirc, Fastmail owns the keys to decrypting your inbox (like Gmail), unless something changed.
Discord rolled out E2E encryption for voice chat. Otherwise, yes, messages are indeed not E2E encrypted.
You may want to include using a more private web browser (AKA getting people off Edge and Google Chrome) and using a more private search engine. Both are also low hanging fruit.
A lot of privacy basics are rooted in basic security too - using MFA for critical accounts, securing your devices with pins/passwords, having good password management. Even having some sort of phishing awareness too.
@avoidthehack Apologoes to bitt in but I was wondering about your recommendation of Start Mail. They look promising but was trying to understand who is behind this company.
@Catwoman69y2k it’s ran by the same people who started StartPage (the private search engine using Google’s index) but is not managed by System1, who has a stake in StartPage.
@avoidthehack So who is "the same people" you are referring to here? Who is behind Start Page BV?
(I'm trying to find a place for degoogling and paying for some email hosting outside of the US. Vivaldi Broawer has some sort of linkage to Start Page)
@Catwoman69y2k the founders of StartPage and StartMail are the same.
System1 has a stake in StartPage, but does not have a stake in StartMail. So, from my understanding, System1 doesn’t have a say in StartMail.
I am not aware of any link between Vivaldi Browser and StartPage? In fact, I’m pretty sure Vivaldi’s default search engine is Bing.
Vivaldi’s founder is connected to the original team behind Opera (when it was still using the Presto engine)… but that’s rather irrelevant. Though if you’re looking to totally degoogle, you may want to avoid most Chromium browsers, Vivaldi included.
@avoidthehack Okay. Thats helpful information re: the distinction between Smart Mail and Smart Page. In my efforts to degoogle, Im trying to avoid Yet Another Email Service that is just going to advertise to me and collect data to figure out how to sell more shit to me. I know that is hard thing to come by these days.
As for the Vivaldi connection I speak of, I am talking about how, when you open up Vivaldi Browser, they have this workspace system. Within that is this thing called Start Page. (here is a link to Vivaldi's info on what this is, why its there, etc): https://help.vivaldi.com/desktop/navigation/start-page/
@Catwoman69y2k That Vivaldi feature and StartPage are not at all connected. They just share a name.
FWIW, in the privacy community, when there's a mention of "start page" or "startpage" it's usually in reference to the private search engine, StartPage. The _founders_ of StartPage and StartMail are the same.
Honestly, if advertisers are the limit of your threat model in email, then something like Fastmail could work for you. But as I mentioned earlier, they do own the encryption keys to your inbox, so you're merely trusting them not to use/share your inbox data with third parties. That's a lot of trust required and is the strongest reason I try to push people to "encrypted email" and "zero access" encryption implementations (it's a criterion on my recs list for my website).
StartMail is one of those email services that offers "zero access" encryption to the inbox. Their implementation is different than Proton or Tuta's, but it seems to work okay.
@avoidthehack Ugh. ...the shared name thing is confusing as hell.
Regarding my email needs, I'm just looking for having my email hosted outside of the majors, and seeking a bit more privacy . Paying for it, and avoiding the ad model would be preferable.
@avoidthehack I'll take a look at these. I have a domain I might be able to hook onto a Tuta plan
So, what is your perspective of Germany re: privacy. I know Tuta is saying they are privacy conscious, but just wondering how having email hosted in any of the Eyes works out. (Germany is part of The 14 Eyes)
(linking to this just for reference, and it's not paywalled : https://www.techradar.com/vpn/five-eyes-nine-eyes-and-fourteen-eyes-explained-how-these-alliances-affect-you
(( I had wondered the same of Start Mail too since they are based in the Netherlands. The Netherlands is within the 9 eyes. I'm gathering that Proton Mail was attractive to some because Switzerland is not within the 5, 9 or 14 eyes ))
@Catwoman69y2k honestly, that kind of boils down to your threat model. I can’t speak to the nuances of German privacy law, just that they are formally covered by GDPR and have more privacy guardrails than we do in the US.
What I can say though is that while jurisdiction matters, it matters less when end-to-end encryption and zero access encryption are involved, even less so when the service is designed on data minimization principles and limited data collection. It doesn’t mean they won’t get/fulfill requests for user information… but if they have limited or no information then what are they giving up? This is simplified for sake of length as the topic can get nuanced quickly.
Look up Signal’s case for an example; based in the US, but when authorities came knocking for info and started serving subpoenas, they had no effective user information to give. Granted, Signal is a messenger versus an email service, but it’s a good case.
@avoidthehack That second paragraph is actually helpful and gets into some of the things that I have been thinking about. I wasn't too sure if encrypted would matter only bc not everyone who writes me is gonna use encrypted email (many may still use Gmail, yahoo, apple's mail, live/Hotmail)
Overall, I see a push for alternatives (Signal), when concerning truly secure communication. Even so, getting on board woth hosting in a country that is less liberal with USA- based imfo requests. The GDPR tenets are a bit more my speed.
@Catwoman69y2k encryption always matters. In encryption we trust.
For email using E2E encryption (which is a very specific use case) you are correct on that front, its real world use is very limited.
However some encrypted email providers use zero access encryption for your inbox, a fancy way of saying they don’t own the keys to decrypting your inbox. Which means they can’t view messages in your inbox, which also means they can’t grant copies/access of it to third parties like authorities or whoever else.
@mayintoronto I've read few months ago that Google partnered with Mozilla to enable all features on Firefox to avoid anti-monopoly investigstions and it always worked well for me, did you try it?
@mayintoronto Do you think nextcloud, owncloud and perhaps opentreetmap figure in their somewhere?
I ran an owncloud instance for an org before Office 365 & Onedrive existed
https://nextcloud.com/
https://owncloud.com/
https://www.openstreetmap.org
@mayintoronto Do you have longer term plans for your email with regards to Proton? I’ve got a paid plan that runs until November, so I’m curious how others plan to react.
If you dont mind paying maybe consider taking out your own domain and using a hosting service. Ive been using ICDsoft for personal and professional for about 10 years. Its reasonably priced and gives you unlimited email and a ton of on line storage/web options. At this point I am the email provider for the whole extended family! Also has a webmail portal.
We have had no problem with rejection from the big players (gmail, MS) or corporate email servers. Support is also first rate. They actually talk to you!
This also means that if you decide you dont like the hosting service you can change and your email addr stays the same.
@mayintoronto
Google Sheets (and Forms with Sheets-integration) has been the bane of my privacy-first drive. The only other spreadsheet+cloud tool that I've been able to find to handle my processor-hungry tables is MS Office (which is frustrating to use on mobile, even with the app).
I've been searching for an alternative for almost 3 years at this point... and I keep coming up empty.
I know I could probably cut it if I could manage to learn programming well enough to do my data processing in python or r, but getting over the hurdle of "I can already think in spreadsheet formulae logic/I can't yet think in [insert programming language]" is a mountain I haven't yet been able to scale.
@mayintoronto@beige.party @pockets@beige.party have you tried nextcloud with collabora online? gives a very Google drive-like experience
@greycat @mayintoronto
That actually mostly worked.
The sheets backup file uploaded to their official demo without too much fuss, and while some of my formulae broke, they did so in the same way that Excel breaks when opening the backups, which means it's a problem I should be able predict and work around when working in it and building from scratch.
Now I just have to find a hosted NextCloud instance with Collabora (because I have already tried self-hosting a NextCloud instance and I openly acknowledge it's beyond me, even with the most dumbed-down tutorials I can find).
Any recommendations where I might find something like that?
@mayintoronto@beige.party @pockets@beige.party disroot is my go-to but i'm not actually sure if they have collabra on their nextcloud. I can look when i'm back at my desk!
@greycat @mayintoronto
I am on disroot, and if it's there, I'm going to need a map to find it, because I'm not spotting it on my own.
Glad you're doing your best to move away from applications of big business that track us. Same here.
I used to have a Toronto Freenet email, but I found that a lot of people were not receiving what I sent. So, reluctantly, I did switch to a Yahoo email. I see you mentioned Proton Mail, which I've never heard of. But, I'm glad to learn there may be other options, so I will check it out.
@mayintoronto How to overcome Reddit addiction, (involuntarily) tested version:
Post around 40 long totally legitimate links (to a pastebin).
Reddit now thinks you are a spam bot, asks you to change your password.
You change it.
Still all your new posts get autodeleted, you can post one comment every 10-15 minutes or so and they are probably hidden as no one ever replies or upvotes them.
You use the appeals process several times.
Nothing changes.
(It has been a month and 3 days.)
@mayintoronto Brave is run by Brendan Eich who donated money to take civil rights from queer folks.
FWIW ergonomics aside with pgp you can do encrypted communication through about any medium.
@mayintoronto @Em0nM4stodon @techlore @privacyguides @thenewoil @joeturner
Also a reminder that Signal uses SGX to protect your metadata and also must comply with US law (SGX is very broken and can be easily exposed)
Also the US can order Google Play or Apple to put you in a "special" beta program with an alternative app binary where random numbers are not random.
If you trust a centralized proprietary app platform, all bets are off.
@mayintoronto @Em0nM4stodon @techlore @privacyguides @thenewoil @joeturner
To contrast, Matrix does not require a phone number, can be used anonymously, and you can use any server you want in any legal jurisdiction you want.
Combine that with a FOSS client with decent supply chain integrity practices like F-droid or debian, or self host a web client, and combine with a security focused OS like QubesOS... and get the people you discuss sensitive topics with to do the same.
@mayintoronto This said, I would like to add that while direct messages aren't as private as on Signal, they are more private than on most social media!
The only extraneous people fedi's direct messages can be read by are those who probably can't be bothered by the hassle. (Until we talk malware...)
Just to ensure your point is seen in the proper perspective!
@mayintoronto
Note if you go the *own domain* way and are in Canada, get a Canadian hosting company, not GoDaddy etc., Canadian hosts follow Canadian laws;
@idoclosecuts @mayintoronto wouldn't hurt to share a list of options for the Canadians following along
Two Canadian Hosting companies I use are;
Varial:
https://varialhosting.com
Canadian Web Hosting:
https://canadianwebhosting.com
I’ve removed my affiliate codes; (I can provide it, if you like…)