Privacy Focused Services I use
In a previous post, I described my journey of focusing more on data privacy and switching away from some of the mainstream services, which are a privacy nightmare, towards more privacy-focused solutions.
But first, let’s explore what I mean with “privacy nightmare” and why I’m happy to invest time and money to search for, test and use alternatives to mainstream services. What does privacy even mean and why is it important?
On Privacy
Privacy is a fundamental human right. It protects human autonomy and dignity and is the basis of any diverse, open and tolerant society. Without privacy, people can not flourish and any experiment, any non-conformist thought, any behaviour outside of accepted boundaries can prompt negative consequences from institutions and people in power.
Protecting our privacy has been an essential element of human civilization for a long time. There is a reason we live in isolated communities of people we trust, with spaces completely our own where we can be ourselves and explore the world and our own conscience without fear of consequences, as long as we don’t impede the freedom of anyone else doing so.
Unfortunately, with the advent of the information age and the digital transformation of our lives and especially with the introduction of the smartphone, an omnipresent device tracking its users in any and every possible way, sending this data, by default, to the companies producing these devices, and/or providing the software for them, the protection of our privacy has become a lot more difficult.
Now, the easy solution to this would be to just not use all of this new dangerous technology. However, besides the fact that society is changing with the technology and some of the devices and services are almost mandatory at this point to live a life without barriers in modern society, many of the technological inventions in the information age are very, very useful and empowering.
All of these wondrous technological gadgets and apps have their advantages and disadvantages, but having the ability to stay in contact globally, searching for information with a lot less effort, having the possibility to collaboratively work with others on documents and many other great things can certainly be considered as net positives at this point.
Also, all of these great feats of progress in our communication and collaboration can be achieved without exploiting the people using these services - none of the modern technologies depend on spying on their users. Some services get better by feeding incoming queries into databases and models, but this can be done anonymously without losing any value for the user. The same can be said for recommendation systems - an algorithm trying to figure out what kind of movies, songs, or books I like doesn’t need any personal information about me, it can work with anonymized data I provide on my own accord.
If you’re interested in diving deeper into this whole topic, I can very much recommend the following two books on privacy and algorithmic exploitation:
Now, how to find these services, which provide the wonders of modern technology without sacrificing our privacy?
Besides actively looking for companies focused on privacy and security (it’s easy to claim these things, harder to prove them), one of the best strategies I have found is to question the business model of the device, or service you want to use.
As person not working within IT, it might be difficult to estimate how much an app, a website, or a digital device cost in terms of production and maintenance. The fact that Google, Facebook and many more provide their services without having to pay money for them has skewed the perspective of how much digital services should cost.
So, when I look for services, I make sure I understand the business model and the option I’m most drawn towards is simply paying a reasonable amount of money for the service.
Why is it important, that a service costs money? It’s nice to get free stuff, right? The problem is, if a company doesn’t charge anything for their service, how does it survive? People in IT earn high salaries, infrastructure isn’t cheap and building quality apps and services takes a lot of time.
So if a service you’re using, such as email, calendar, or even a simple to-do list doesn’t cost any money, you should immediately become very suspicious.
There are some notable exceptions, of course. The Signal messenger, which is purely financed by donations and subsidies is one of them. This is great, but it also begs the question, if this model is sustainable and if it can sustain growth and maintenance over the long term. Unfortunately, this step of checking how a service is financed is necessary and can be time-consuming and companies are sometimes not 100% clear on how they create revenue. Clearly, it’s also possible for a company to charge you money and to track and sell your data, so a second criteria I use is a communicated focus on privacy and security. That way, the companies commit themselves to a set of values and the fact that they take your money so they can respect your privacy will make any scandal, or wrongdoing on their part in this area very, very costly and will immediately kill any trust people have in the company, so they have a strong incentive to actually keep their promise.
My first email provider ever was Hotmail and after that I moved, as many others, to Gmail. I’m not even sure why I did that - I think it was just “the thing to do” back then. And not only did I use Gmail, I also leaned on many other Google services quite heavily, such as Maps, Docs and even Google Now when I was traveling.
When I became a bit more privacy-aware, I started to question this decision. Does Google really read my emails? Surely no person at Google reads my private messages - but algorithms analyze them and attempt to create a detailed personal profile for me, based on highly sensitive data I certainly never conciously agreed to share with anyone.
At some point, I decided to move away from Gmail and Google services in general, which at that point took a lot of time and planning, because I was fully locked in. One of the central changes I made, was to look for services which charged money for their service and which had a focus on privacy.
First, I moved to Fastmail, which was already a huge improvement over Gmail in terms of privacy. However, one thing that still bothered me was the fact that Fastmail used servers hosted in the US. Now, the fact that Fastmail is not a US company means that technically, no US government agency can access the data within Fastmail’s servers without first applying to Australian authorities, which is good. more about this here.
I was quite happy with Fastmail and used the service for 3 years. The only reason I switched was because I found Protonmail, a security and privacy focused email provider from Switzerland, which fit my needs even better.
First of all, Protonmail’s servers are located in Switzerland and it’s a Swiss company, so all data is protected by Swiss privacy laws, which are as strict, or stricter than the laws regarding data privacy within the EU, which is a whole different quality from the US.
Besides that, Protonmail adds another layer of encryption and security and while it’s not possible to fully end-to-end encrypt emails due to protocol limitations, all internal email traffic within Protonmail is fully encrypted and Protonmail itself can’t read customer’s emails. The same goes for Protonmail Calendar, which has a unique (to my knowledge) approach to encryption, which is explained here.
The Protonmail apps work well enough for me, although the Calendar is, at this time, still in Beta. Another side-effect to the rigorous encryption is that everything is a bit slower, since, for example, the calendar needs to be decrypted every time it’s accessed. For me personally, this trade-off is not an issue though.
Cloud Storage
For cloud storage, I relied on Google Drive and Dropbox for the longest time and wasn’t really aware of other alternatives, especially ones which focus on privacy. A colleague pointed me towards Tresorit, a Swiss privacy and security focused cloud storage provider.
Tresorit provides everything I need and could imagine to be useful in terms of cloud storage so I don’t see myself moving away from it in the foreseeable future.
Mobile OS
I talked about switching to /e/-OS in a previous post. To this day, I’m still very happy with it and besides the initial setup and issues I ran into with some apps not being available, I didn’t encounter any more troubles and it has been working nicely.
I regularly get updates and the updates are fully automatic and have been working well so far. I haven’t done a major version upgrade so far, but since there is now the easy-installer available for my device, this shouldn’t be an issue.
It’s exciting to see the progress in this area, since smart phones in general are something of a privacy nightmare. The amount of sensitive, high-quality data that can be collected from a device people carry everywhere is gigantic.
Notes
I used Evernote for a while, but honestly I used such a small subset of its functionality and didn’t really get any benefit from the cloud-sync, that I looked for alternatives.
A colleague told me to check out Notable, an Electron based, minimal note-taking app. What’s nice about Notable is, that it simply uses Markdown files underneath to store your notes. This means that you can point it to a cloud-synced folder and all of your notes will be automatically synced.
For some people, the fact that there is no mobile app might disqualify Notable, but for me this is actually a blessing in disguise, as I try to use my smart phone less during the day anyway. Plus, if you’d have an app that can manage (CRUD) markdown files, you could just use that and your cloud storage provider to at least have basic access to your notes from anywhere.
Conclusion
Getting to the point I am at today, having moved from the mainstream platforms to privacy and security-focused alternatives took quite a bit of time and effort.
However, being able to trust the technology I use daily without having to blissfully ignore potential future (or present) nightmare scenarios in regards to my data, is valuable and freeing.
Resources
- e-Foundation
- Notable
- Protonmail
- Tresorit
- Weapons of Math Destruction by Cathy O’Neil
- Privacy is Power by Carissa Véliz