How I’m locking down my cyber-life

Drafted Jan. 4, 2019; updated occasionally since then; most recently updated May 11, 2019

Three problems of computer technology

My 2019 New Year’s resolution (along with getting into shape, of course) is to lock down my cyber-life. This is for three reasons.

First, threats to Internet security of all sorts have evolved beyond the reckoning of most of us, and if you have been paying attention, you wonder what you should really be doing in response. My phone was recently hacked and my Google password reset. The threats can come from criminals, ideological foes and people with a vendetta or a mission (of whatever sort), foreign powers, and—of special concern for some of us—the ubiquitous, massively intrusive ministrations of the tech giants.

Second, the Silicon Valley behemoths have decided to move beyond mere moderation for objectively abusive behavior and shutting down (really obvious) terrorist organizations, to start engaging in viewpoint censorship of conservatives and libertarians. As a free speech libertarian who has lived online for much of my life since 1994, these developments are deeply concerning. The culprits include the so-called FAANG companies (Facebook, Apple, Amazon, Netflix, Google), but to that list we must add YouTube, Twitter, and Microsoft. Many of us have been saying that we must take ourselves out of the hands of these networks—but exactly how to do so is evidently difficult. Still, I’m motivated to try.

A third reason is that the same Big Tech corporations, with perhaps Facebook and Google being the worst offenders, have been selling our privacy. This is not only deeply offensive and something I refuse to participate in, it again puts my and my family’s safety at risk, creating new “attack surfaces” (to use the information security jargon) that corporations must protect on our behalf. They may not do a good job of that. Similarly, governments have taken it upon themselves to monitor us systematically—for our safety, of course. But if you’re like me, this again will make you feel less safe, not more, because we don’t know what bad actors are at work in otherwise decent governments, we don’t know what more corrupt governments might do with the information when we travel abroad, and we don’t know the future shape of our own governments.

At the root of all problems is simply that the fantastic efficiency and simplicity of computer technology has been enabled via our participation in networks (especially cloud networks) and agreement to user agreements offered by massively rich and powerful corporations. Naturally, because what they offer is so valuable and because it is offered at reasonable prices (often, free), they can demand a great deal of information and control in exchange. This dynamic has led to us (most of us) shipping them boatloads of our data. That’s a honeypot for criminals, authoritarians, and marketers, as I’ve explained in more depth.

The only thing we can do about this systematic monitoring and control is to stop letting the tech giants do it to us. That’s why I want to kick them out of my life.

The threats to our information security and privacy undermine some basic principles of the decentralized Internet that blossomed in the 90s and boomed in the 00s. The Establishment has taken over what was once a centerless, mostly privacy-respecting phenomenon of civil society, transforming it into something centralized, invasive, risky, and controlling. What was once the technology of personal autonomy has enabled—as never before—cybercrime, collectivization, mob rule, and censorship.

A plan

Perhaps some regulation is order. But I don’t propose to try to lead a political fight. I just want to know what can do personally to mitigate my own risks. I don’t want to take the easy or even the slightly-difficult route to securing my privacy; I want to be hardcore, if not extreme.

I’m not sure of the complete list of things that I ought to do (I want to re-read Kevin Mitnick’s excellent book The Art of Invisibility for more ideas), but since I started working on this privacy-protection project in January of 2019, I have collected many ideas and acted on almost all of them as of the current edition. I will examine some of these in more depth (in other blog posts, perhaps) before I take action, but others I have already implemented.

  1. Stop using Chrome. (Done.) Google collects massive amounts of information from us via their browser. The good news is that you don’t have to use it, if you’re among the 62% of people who do. I’ve been using Firefox; but I haven’t been happy about that. The Mozilla organization, which manages the browser, is evidently dominated by the Silicon Valley left; they forced out Brendan Eich, one of the creators of Firefox and the JavaScript programming language, for his political views. Frankly, I don’t trust them. I’ve switched to Eich’s newer, privacy-focused browser, Brave. I’ve had a much better experience using it lately than I had when I first tried it a year or two ago and when it was still on the bleeding edge. Brave automatically blocks ads, trackers, third-party cookies, encrypts your connections—and, unlike Google, they don’t have a profile about you (well, it never leaves your machine; the Brave company doesn’t have access to it). As a browser, it’s quite good and a pleasure to use. It also pays you in crypto for using it. There might be a few rare issues (maybe connected with JavaScript), but when I suspect there’s a problem with the browser, I try whatever I’m trying to do in a locked-down version of Firefox, which is now my fallback. There’s absolutely no need to use Chrome for anything but testing, and that’s only if you’re in Web development. By the way, the Brave iOS app is really nice, too.
  2. Stop using Google Search. (Done; needs more research though.) I understand that sometimes, getting the right answer requires that you use Google, because it does, generally, give the best search results. But I get surprisingly good results from DuckDuckGo (DDG), which I’ve been using for quite a while now. Like Brave and unlike Google, DDG doesn’t track you and respects your privacy. You’re not the product. It is easy to go to your browser’s Settings page and switch. Here’s a trick I’ve learned, for when DDG’s results are disappointing (maybe 10% of the time for me): I use another private search StartPage (formerly Ixquick), which reportedly is based on Google search results, but I see differences on some searches, so it’s not just a private front end for Google. You might prefer StartPage over DDG, but on balance I still prefer DDG. Still, I should research the differences some more, perhaps.
  3. Start using (better) password management software. Don’t let your browser store your passwords. And never use another social login again. (Done.) You need to practice good “password hygiene.” If you’re one of those people who uses the same password for everything, especially if it’s a simple password, you’re a fool and you need to stop. But if you’re going to maintain a zillion different strong passwords for a zillion different sites, how? Password management software. For many years I used the free, open source KeePass, which is secure and it works, but it doesn’t integrate well with browsers, or let me save my password date securely in the cloud (or maybe better, on the blockchain). So I’m got a better password manager and set it up on all my devices. I switched to EnPass. This is essential to locking down my cyber-life. Along these lines, there are a couple of other things you should do, and which I did: set my browsers to stop tracking my passwords, and never let them save another one of my passwords. (But be aware that your ability to log in to a site is more secure if a site ue a cookie, called a token, to do so; that doesn’t include a plain-text stored password. When a website asks me if I want to log in automatically, with checkbox in the login form, I say yes; but when a browser asks if I want it to remember my password, the answer is always no. Finally, one of the ways Facebook, LinkedIn, et al. insinuate themselves into our cyber-lives is by giving us an easy way to log in to other sites. But that makes it easier for them to track us everywhere. Well, if you install a decent password manager, then you don’t have to depend on social login services (based on the OAuth standard). Just skip them and use the omnipresent “log in with email” option every time. (I haven’t encountered a website that absolutely requires social media logins yet.) Your password manager will make it about as easy to log in as social media services did.
  4. Stop using gmail. (Done.) This was harder, and figuring out and executing the logistics of it was a chore—it involved changing all the accounts, especially the important accounts, that use my gmail address. I had wanted to do this for a while, but the sheer number of hours it was going to take to make the necessary changes was daunting (and I was right: it did take a quite a few hours altogether). But I was totally committed to taking this step, so I did. Another reason is that I figured that I could get a single email address for the rest of my life. So my new email address resides at sanger.io, a domain (with personalized email addresses) that my family will be able to use potentially for generations to come. Here’s how I chose an email hosting service to replace Gmail. And here’s how I set up private email hosting for my family.
  5. Stop using iCloud to sync your iPhone data with your desktop and laptop data; replace it with wi-fi sync. (Done.) If you must use a smartphone, and if (like mine) it’s an iPhone, then at least stop putting all your precious data on Apple servers, i.e., on iCloud. It’s very easy to get started. After you do that, you can go tell iTunes to sync your contacts, calendars, and other information via wi-fi; here’s how. And I’m sorry to break it to you, but Apple really ain’t all that. By the way, a few months after writing the above, I looked more carefully at the settings area of my iPhone for data stored in iCloud; it turns out I had to delete each category of data one at a time, and I hadn’t done that yet. They don’t make it easy to turn off completely, but I think I have now.
  6. Subscribe to a VPN. (Done.) This sounds highly difficult and technical on first glance, maybe, but in fact it’s one of the easiest things you can do. I set mine up in minutes; the thing that took a few hours was researching which one to get. But why a VPN? Well, websites can still get quite a bit of info about you from your IP address and your ISP (or governments that request the data) can listen in on any data that happens to be unencrypted via your web connection. VPNs solve those problems by making your connection to the Internet anonymous. One problem with VPNs is that they slightly slow down your Internet connection; in my experience so far, it’s rarely enough to make a diference. They also add a little new complexity to your life, and it is possible that the VPN companies are misrepresenting what they do with your data (some of the claims of some VPNs have been tested, though). But it’s a great step to take if you’re serious about privacy, if you don’t mind the slight hit to your connection speed. A nice fallback is the built-in private windows in Brave that are run on the Tor network, which operates on a somewhat similar principle to VPNs.
  7. Get identity theft protection. (Done.) After my phone was hacked, I finally did something I’ve been meaning to do for a long time—subscribe to an identity theft protection service. If you don’t know or care about identity theft, that’s probably because you’ve never seen weird charges pop up on your card, or had your card frozen by your bank, or whatever. BTW, LifeLock’s customer service isn’t very good, in my experience, and also according to the FTC. There are others.
  8. Switch to Linux. (Done.) I used a Linux (Ubuntu) virtual machine for programming for a while. Linux is stable and usable for most purposes. It still has very minor usability issues for beginners. If you’re up to speed, in which case, it’s simply better than Windows or Mac, period, in almost every way. On balance the “beginner” issues aren’t nearly as severe as those associated with using products by Microsoft and Apple. I’ve put Ubuntu on a partition on my workstation, and switched to that as my main work environment. I also gave away my Mac laptop and got a new laptop, on which I did a clean install, also of Ubuntu. Linux is generally more secure, gives the user more control, and most importantly does not have a giant multinational corporation behind it that wants to take and sell your information. Read more about how I switched to Ubuntu on my desktop and also my laptop.
  9. Quit social media, or at least nail down a sensible social media use policy. (Done.) I’m extremely ambivalent about my ongoing use of social media. I took a break for over a month (which was nice), but I decided that it is too important for my career to be plugged in to the most common networks. If I’m going to use them, I feel like I need to create a set of rules for myself to follow—so I don’t get sucked back in. I also want to reconsider how I might use alternative social networks, like Gab (which has problems), and social media tools that make it easy both to post and to keep an easily-accessible archive of my posts. One of my biggest problems with all social media networks is that they make it extremely difficult to download and control your own friggin’ data—how dare they. Well, there are tools to take care of that… Anyway, you can read more about how I settled on a social media use policy.
  10. Stop using public cloud storage. (Done.) “Now,” you’re going to tell me, “you’re getting unreasonable. This is out of hand. Not back up to Dropbox, iCloud, Google Drive, Box, or OneDrive? Not have the convenience of having the same files on all my machines equally available? Are you crazy?” I’m not crazy. You might not realize what is now possible without the big “public cloud” services. If you’re serious about this privacy stuff and you really don’t trust Big Tech anymore—I sure don’t—then yeah. This is necessary too. One option is Resilio Sync, moving files between your devices via deeply encrypted networks (via a modified version of the BitTorrent protocol), with the files never landing anywhere but on your devices. Another option is to use a NAS (network attached storage device), which is basically your very own always-on cloud server that only you can access, but you can access it from anywhere via an encrypted Internet connection. There are also open source Dropbox competitors that do use the cloud (the term to search for is “zero-knowledge encryption“), but which are arguably more secure; at any rate, you’re in control of them. Yet another option is to run a cloud server from your desktop (if it’s always on), using something like NextCloud. At first, I decided to go with Resilio Sync. Then I changed my mind, because it was a pain to be able to sync only when both devices are on, so I took the plunge and got a NAS after all. It took quite a while both to deliberate on what type of solution to go with (after Resilio), and to choose a specific NAS. It took quite a few hours altogether, but it turns out to be so useful. If you want to consider this more, check out my explanation of why they’re such a good idea.
  11. Nail down a backup plan. (Done.) If you’re going to avoid using so much centralized and cloud software, you’ve got to think not just about security but about backing up your data. I used to use a monster of a backup drive, but I wasn’t even doing regularly-scheduled backups. In the end what I did was, again, to install a NAS. This provides storage space, making a complete backup of everything on my desktop (and a subset of files I put on laptop) and on the other computers in the house (that need backing up; perhaps not all of them do). It also keeps files instantly backed up a la Dropbox (see next item). But even this isn’t good enough. If you really want protection against fire and theft, you must have an off-site backup. For that, I decided to bite the bullet and go with a relatively simple zero-knowledge encryption service, iDrive, that works nicely with my NAS system. It simply backs up the whole NAS. It bothers me that their software isn’t open source (so I have to trust them that the code really does use zero-knowledge encryption), but I’m not sure what other reasonable solution I have, if I want off-site backup.
  12. Take control of my contact and friend lists. (Partly done.) I’ve been giving Google, Apple, and Microsoft too much authority to manage my contacts for me, and I’ve shared my Facebook and other friends lists too much. I’m not sure I want these contacts knowing my contacts and friends, period; the convenience and value I got out of sharing those lists was of very limited value to me, but evidently of great value to Big Tech. I don’t know what they’re doing with the information, or who they’re sharing it with, really. Besides, if my friends play fast and loose with privacy settings, my privacy can suffer—and vice-versa. So I am now maintaining my own contacts, thanks very much, and I have fully deleted the lists I gave to Google, Microsoft, and Apple (on iCloud). One problem this does leave you with, mind you, is that you can completely lose all your contacts if they’re only on your own devices, and you’re not syncing them anywhere. So you’d better back up your contacts, if you follow my need. Ideally, the next step I’d need to do is to start using my NAS’ built-in contacts server, which makes it possible to sync contact info across your devices using your own personal server.
  13. Stop using Google Calendar. (Done.) I just don’t trust Google with this information, and frankly, Gcal isn’t all that. I mean, it’s OK. But they are clearly reading your calendar (using software, that is; that means the calendar data isn’t encrypted on their servers, as it should be). So after I got my own NAS server, I was able to install a calendar server that could be accessed and synced from all of my devices. I had to transfer my data from Gcal to the server, which wasn’t very hard. The hardest part was that I had to teach a colleague how to make appointments for me using the new system. Here are my notes on how I made the change to interfacing with my own NAS’s calendar info via a protocol called CalDAV.
  14. Study and make use of website/service/device privacy options. (Done semi-regularly.) Google, Apple, Facebook, Twitter, YouTube, etc., all have privacy policies and options available to the user. It is time to study and regularly review them, and put shields up to maximum. Of course, it’s better if I can switch to services that don’t pose privacy threats; that’s generally been my solution, but I have looked at quite a few privacy options and read privacy policies in order to do my due diligence about how my information is being used.
  15. Also study the privacy of other categories of data. Banking data, health data, travel data (via Google, Apple, Uber, Yelp, etc.), shopping data (Amazon, etc.), even automobile (onboard computer/networked) data—it all has unique vulnerabilities that is important to be aware of. I’m not sure I’ve done all I can to lock it down. So I want to do that, even if (as seems very probably) I can’t lock it all down satisfactorily, yet.
  16. Figure out how to change my passwords regularly, maybe. (Not started.) I might want to make a list of all my important passwords and change them quarterly everywhere, as a sort of cyber-hygiene. Why don’t we make a practice of this? Because it’s a pain in the ass and most people don’t know how to use password management software, that’s why. Besides, security experts actually discourage regular password changing, but that’s mainly because most people are bad at making and tracking secure passwords. Well, if you use password managers, that part isn’t so hard. But it’s also because we really don’t have a realistic plan to do it; maybe the main thing to do is to regularly change a few important passwords every so often, not all of them. I’ll figure that out.
  17. Consider using PGP, the old encryption protocol (or an updated version, like GNU Privacy Guard) with work colleagues and family who are into it. (Not started.) Think about this: when your email makes the transit from your device to its recipient’s device, it passes through quite a few other machines. Hackers have ways of viewing your mail at different points on its journey. Theoretically, they could even change it, and you (and its recipient) would be none the wiser. Now, don’t freak out, and don’t get me wrong; I’m not saying email (assuming the servers in between you and your recipients use the standard TLS, or Transport Layer Security, protocol) isn’t perfectly useful for everyday purposes. But if you’re doing anything reallyimportant and sensitive, either don’t use email or use a higher encryption standard, because basic email is insecure. Now, I’m aware that some think PGP is outmoded or too complex (that’s why I never got into it, to be honest), but the general idea of encrypting your email more strongly isn’t going out of style, and improvements on the PGP protocol are still actively maintained. Still, when information security might matter quite a bit, then it might be easier to do what I’m doing now with my boys: using a chat tool with end-to-end encryption built in.
  18. Moar privacy thangs. Look into various other things one can do to lock down privacy. Consider the new Purism Librem 5 phone, or some other privacy-friendly phone. Look into a physical security key for laptop and desktop. Encrypt my hard drives. Encrypt the drives on the NAS. Etc., etc.

What have I left out?

Are you going to join me in this push toward greater privacy and autonomy? Let me know—or, of course, you can keep it to yourself.


by

Posted

in

,

Comments

Please do dive in (politely). I want your reactions!

52 responses to “How I’m locking down my cyber-life”

  1. Edoelas

    About the password manager, I would suggest using KeePassXC. It’s free, opensource, has a Google extension, an Android version, super safe and everything is stored locally.

    1. Thanks! I explained how I settled on Enpass here. I used KeePass for many years, and switched to Enpass recently, mostly because I could never get the KeePass browser autofill to work. Got tired of copy-paste. Enpass allows you to sync via your own cloud. Soon I’ll switch from my cloud storage service to Resilio Sync (or at least, that’s the plan) and get a bit more security that way as well.

      1. justaguy

        https://bitwarden.com/ is a free, open source, password manager that is available on (Linux/Mac/Win), (Brave/Firefox/Chrome/etc.) and both iOS/Android.
        It does auto-fill flawlessly, syncs across all devices & platforms, is fully encrypted and is independent security audited.
        Best of all, you can host your own free installation on your own server.

  2. Alex

    Hi Larry! nice article. i will suggest this website: https://www.privacytools.io/ . Have a lot of info regarding our privacy and security! (sorry for my english)

    1. Wow, very cool. I will check it out.

  3. sifr

    Can I waffle about my own adventures in association to your own?
    I hope so. ‘cos you know. I’m gonna.

    1. Stop using chrome.
    The good news is I never really HAVE used chrome. I have always used firefox. I still use firefox, but lately they’ve been oddly shifty in the things they do. I’m not sure what to DO about that. I don’t want to switch to brave (Blink engine, so just chromium with some changes) because I don’t want to contribute to the EVERY browser is just google chrome reskinned movement. (Opera? Blink based. Brave? Blink based. Even Microsoft edge is now blink based. Firefox is Quantum, which is at least different. But other than that, EVERY browser these days seems to be just google chrome reskinned.) I’m debating switching to say, Pale Moon or something Gecko based? I dunno. I’ll probably stick with firefox…
    2. Stop using google search. I use duckduckgo… If I have to use google, I use startpage. Which is google stripped of any identifying info. In general it’s not a problem though.
    3. Stop using Gmail. I switched to protonmail late last year. They ALSO allow for custom domains. Paying a small amount (About 6 euro’s I think) gets you a few good bonuses, so that’s my plan.
    4. Better password management. I was using bitwarden. You can potentially setup your own server to host your password, and it all works with pretty much any browser… But I recently switched to using pass. I dunno if I’m sticking to it. It has the same issues as keepass. Not great integration. But the entire thing can be hosted in git, or just shoved in a folder on any form of cloud storage. Which I guess I shall talk about later.
    5, 6 and 7. Cloud stuff. I use Nextcloud for all of it. My phone is Android. (Pixel XL) I rooted it, switched to LineageOS, and now manage pretty much everything through Nextcloud. Contacts via cardav, calendar with caldav. (Davx on android handles both), Cardav is supported in various ways on linux, caldav too. Personally I use the gnome calendar. It links direct to nextcloud, so it’s much easier than a lot of the alternatives. This is also how I store my passwords from pass. I run nextcloud on a Raspberry pi in my house, accessed through a Dynamic DNS using no-ip.com.
    8. Switch to Linux. I use arch BTW, on all my PC’s. Have for years, so…
    9. Backups. Nextcloud it all. The Android app even auto backups pictures if you want, so.
    10. Cloud stuff. Nextcloud everything.
    11. Social media. I honestly don’t really use it. I have a facebook, just because my wife REALLY hates that I didn’t.. I don’t know why, I really don’t. Sometimes she sends me links to things she could JUST as easily sent via text message… I don’t argue. She has to remind me to check or I’ll never see them though. I have twitter… I don’t understand it at all… I have a Diaspora that I would LIKE to use, but no one I know has any idea what that is… I had a Mastodon, but… Same deal… I just don’t have enough friends nor a business that requires that I participate really…
    12. Website privacy. I try. Everything SHOULD be locked down like crazy, but they change things randomly and sometimes it’s hard to keep up. I recently did a data detox, and fixed a few things, but I have to remind myself to check every few months.
    13. Other website policies. Again. I try. The goalposts move. You just do what you can.
    14. Subscribe to a VPN. I have three. I don’t know why. It’s like I collect the dang things. ProtonVPN, Private internet access, and nordVPN. I use PIA for torrents using a splitVPN on my pi, I use Nord on my laptops, and proton on my phone. The slow down isn’t bad enough to bother me most of the time.
    15. Change password regularly. If you figure out an easy way to do this, I’m in. Dashlane used to do it for you… But no linux client means no go for me. So now… I dunno.
    16. Identity theft protection. I have multiple free offers for this due to various screw ups over the years by large corporations. You’d think I’d do it. I never have. I need too though. It’s VERY valuable, and worthless if you only do it AFTER being screwed.

    So, that’s my adventure so far. I’m open to criticism and/or advice… Sometimes I find the easiest way to move forward with this experience, is to talk about it. See if anyone else has any insight. Hence my sharing…

    1. Will check out Nextcloud. Thanks!

      “Data detox,” love it!

      I will no doubt follow up on several of your ideas here.

  4. […] With privacy and free speech—in short, digital autonomy—deeply under threat, I decided to lock down my cyber-life. (I encourage you to do the […]

  5. Josh

    Instead of Resilio Sync, I use Syncthing. It’s free and open source, also uses P2P, and there are no limits in terms of folders/files you can sync.

    1. Neat! I’m going to have to check that one out.

  6. J

    Your phone was hacked ? How ? I thought iPhones were so handicapped and restricted the user so much it wont be easy or possible to hack.

    1. Well, not my phone itself; someone somehow managed to spoof my phone number (Verizon never told me how) so that for a few hours, some other phone was receiving calls and text messages that should have gone to me. I think this was Verizon’s fault, not mine, but I’m just not sure because, again, I never learned what the actual exploit was.

  7. Like you, I’m in the process of leaving Facebook and have set up an old PC with Ubuntu Server to host my WordPress blog, which is better than Facebook in so many ways. For cloud storage, have you considered NextCloud? That’s what I went with. I’m still in the process of setting up an email server. I’m considering setting up a Diaspora pod in the future for me and my family. Also, I recommend you use https for your site, you can get free ssl certificates from Let’s Encrypt.

    1. I would have encrypted the site already but I’m in the process of moving from one host to another. Apparently, the process takes a little while; I’m letting someone else do it. The new host has free certificates. Great minds think alike! What led you to start your privacy kick?

  8. Larry, it actually didn’t have much to do with privacy. I was participating in a closed religious debate group on Facebook, and someone posted a question that asked, if we were not created by Allah, who created us, to which I replied with a link to the goat shagging video on Youtube. Almost immediately, Facebook banned me for three days; I couldn’t even wish a friend a happy birthday. I was not banned from the group. This heavy handed censorship sparked my determination. As a photographer, I post a lot of content after family events that many enjoy, but now I’m taking my ball home, so to speak, and am going to remove all of my content from Facebook. I had a hosting provider, but they set arbitrary limits on things like the number of SQL databases and storage space and charged for SSL certificates. I had an old desktop PC that I don’t use anymore, so I loaded that with Ubuntu Server 18.04 LTS, then installed LAMP. From there I configured virtual hosting and installed WordPress and Nextcloud. I picked afraid.org as my name server, and update my IP address with a utility called Inadyn. After that, I was able to run a utility from Let’s Encrypt to get my certificates for HTTPS. All of it cost me nothing but my time, and it was very easy to do as there is very good documentation and step by step guides all over the Internet. Like you, I’m going all the way and getting away from these big providers, because I realize that I don’t really need them.

    1. Like you, petty and unnecessary censorship played a big role in lighting s fire under me, too. In my case, it was when I rather harshly condemned a pedophile who insisted on being regarded as an object of sympathy. Medium removed my reply, so I removed my content from Medium.

  9. Interesting plan you have Larry, which I to some extent or parts agree to and some not agree. I may reflect and comment further another day.
    Anyway, now I wanted to comment on leaving gmail (and similar I suppose). I have for a long time been having multiple e-mails, both to separate different “things” and also because I need some in some positions (beside professional). Anyway, I have been using my gmail/gmail-like for some specific purposes for a long time but like you considered to reduce the use of it and replace it with one I have better control of regarding privacy.
    When working on changing registrations and accounts (there are quite some…), I have noticed that some companies/org use the e-mail as user name, but not just user name but apparently also probably as a master key in the data base – there is no chance mor me myself to change the e-mail (in some cases possible with their direct support). So it means either terminate that account, which in some cases is not desirable, or live with this e-mail for those also in the future.
    It’s been interesting to read your plan, thanks for sharing it!

    1. Thanks for the feedback.

      There is no need to worry about losing your account access if you move away from Gmail. I have changed my email address on dozens of accounts to my new sanger.io address in the past six weeks and never had any problem of any sort doing it.

      As a programmer, I can also assure you that people do not use email addresses as keys in databases. Any programmer worth his salt knows that would be a terrible practice. The usual practice is to assign each user a user ID, which you are not able to edit. When you give the system a new email address, it is assigned to the ID.

      1. You are surely right (I’m not a programmer, but been into requirement owner and system manager) should not use the e-mail as direct key in data base. Nevertheless, several companies (eg where I purchase and is customer), do not allow me to change e-mail on the account profile. Maybe they do if I contact their support. Not a big problem, but surprising!

        1. Oh, that does make sense, I see what you mean now. I was referring to the bigger and more common sort of sites, rather than more specialized and locked-down services, like vendor or health or whatever. Sure, they can have special annoying ways to make it hard to change your user data… In such cases I just haven’t completely stopped using Gmail. I’ll still have it, but get less and less mail through it.

  10. Clairvaux

    Great post. And balanced, too. I’ve had it with the conspiratorial tone of so many privacy-oriented circles.

    One of my tricks for achieving the goal you described is a Word document in outline mode, where I file everything useful related to privacy. Your post is going right there. (2003 Word, if I may say. None of this always-online modern malarkey.)

    Are Chrome-based browsers as objectionable as Google Chrome ?

    1. Thanks!

      If you get into Linux (which is now easier to use than you might think), and even if you don’t, you can use LibreOffice, which I find every bit as easy to use and convenient as Word.

      But the idea of maintaining a master list of all my privacy and security related changes is good. I’ve already done more than can be found on the above list, and I intend to do more than can be found on the above list. So maybe I’ll just keep updating the above list; I have done so a fair bit from first posting, but I really need to update it even more.

Leave a Reply to Larry Sanger Cancel reply

Your email address will not be published. Required fields are marked *