The Setup
It all started with what I thought would be a simple change. I decided
that I was OK with Google knowing my location and activity as long as
they didn't keep it. So I tried turning off "Location History" and
"Web and App Activity".
Not so simple. Voice commands stopped working with Android Auto,
making it almost completely useless. My Google Home literally wouldn't
give me the time of day. "Hey Google, what time is it?" "Sure, but
first you need to enable Location History and Web and App Activity in
your preferences!" Why does Google need to know where I've been and
what I've been doing in order to be able to tell me what time it is?
Someone else might have just given up and turned them on at this
point. But I was concerned with what these problems said about how
Google thought about privacy. It became quite clear to me in that
moment that Google did not care one lick about giving people
meaningful control over their information. They were just ticking
boxes. We let people turn this off, so we're good. Never mind that
huge swathes of our services break for them if they do choose to
exercise that option.
So I stopped using Android Auto. I gave away my Google Home and my
Nest Cameras. Eventually I even managed to migrate my legacy free (I
hear they eventually started making people pay) "Apps For Your Domain"
account away. Now I have no Google account at all.
I've started thinking about privacy as "reducing my information
footprint" rather than keeping information from being discoverable at
all. I spread the information around, use encryption when I can, and
use services I pay for with money rather than my privacy.
What I Use
Speaking of paying, I use Privacy.com for that
wherever I can (except in person where I use cash as much as
possible). Not only is their application pretty good, but their
customer service is top notch. They've always been very responsive,
and in the one case where I've disputed a charge (a merchant charged
me twice for a subscription), it quickly succeeded even though I was
pretty sure I hadn't provided sufficient evidence.
My personal smartphone is a used unlocked Pixel 5 I got on
Swappa. I installed
GrapheneOS without the sandboxed Google
Play services (they're mostly useless without a Google account) and
use F-Droid and Aurora
Store to install
apps. I'll probably make another post soon with more details about my
GrapheneOS experience.
For personal web browsing I use
Firefox. For work I'm
still stuck with Chrome, because it's the modern Internet Explorer,
and I don't have the option of simply not using apps whose developers
are too lazy or unskilled to support more than one browser.
For search I use DuckDuckGo. Sure, it's not
quite as good as Google, but Google search has gone way downhill in
recent years, so in relative terms there's not much of a difference.
For email I use FastMail. I would prefer
encrypted email, but email is not particularly secure in transit
anyway. They are far more generous with their aliases than
Tutanota or
ProtonMail, and I use their "masked
addresses" to avoid spam and add a little bit of security to my
various online accounts.
I don't currently use a cloud storage provider like Google Drive. I
tried MEGA for a while, but their web app is
extremely buggy, especially in Firefox, their mobile app doesn't
support syncing, and they're slow. I do still occasionally use MEGA
for sharing, but not for long-term storage or backup.
For syncing between my phone and laptop, I use
Syncthing.
For backups, I use Backblaze
B2 with
Restic. The price is right, and they're
transparent about how their systems work. Restic backups are
encrypted, so I don't really have to worry about their security or
spying.
For passwords, I currently use Bitwarden,
though I've been thinking about switching to someting like
KeePassXC that uses a local file that I keep
synced with SyncThing.
For online document editing and sharing, I use
CryptPad. It's end-to-end encrypted, so
unless they insert a backdoor in their Javascript I don't need to
worry about spying.
For text messaging, I'd like to say I use
Signal, but sadly my family won't use it, so
I'm stuck using SMS with them.
For video conferencing I use Jitsi. My family
does use this, because they can just go to a URL I send them. For
sharing photo albums with family I use Ente. I
don't use them for backup, though; I have accumulated too many photos
over the years, and they're just too expensive for large-scale
storage. So I sync them to my laptop with Syncthing and back them up
to Backblaze B2 instead.
You already know what I use for blogging and web hosting. For
short-form posts I use Mastodon. For code
hosting I use Sourcehut.
For email and web I use my own domain names hosted with
Gandi. That will make it easier to change
providers should I ever choose to, though my use of Fastmail's masked
email addresses will make it harder to move away from them. But I
deliberately don't use a custom domain for those anyway to make it
harder to link accounts together when information inevitably leaks.
Conclusion
I know the title is about reducing your information footprint, but
this seems like I'm just spreading it around, right? But that's the
point: Google's entire business model is getting you to reveal as much
as possible about yourself and then exploiting that information to
make money. That is not the business model of any of the services I
use. And some of them are end-to-end encrypted, and some aren't even
businesses.
I use separate email addresses for each service, and
randomly generated usernames when usernames are required except in
cases where I want the account linked to my real-world identity. This
means that even if information leaks or is shared, it would be
difficult to like the information from my accounts together in an
automated manner.
A lot of these things are probably too complicated for most people. I
may write a more "how-to" oriented post in the future, focusing on the
easiest-to-use options and how to use them.