Reducing Your Information Footprint

The Setup

It all started with what I thought would be a simple change. I decided that I was OK with Google knowing my location and activity as long as they didn't keep it. So I tried turning off "Location History" and "Web and App Activity".

Not so simple. Voice commands stopped working with Android Auto, making it almost completely useless. My Google Home literally wouldn't give me the time of day. "Hey Google, what time is it?" "Sure, but first you need to enable Location History and Web and App Activity in your preferences!" Why does Google need to know where I've been and what I've been doing in order to be able to tell me what time it is?

Someone else might have just given up and turned them on at this point. But I was concerned with what these problems said about how Google thought about privacy. It became quite clear to me in that moment that Google did not care one lick about giving people meaningful control over their information. They were just ticking boxes. We let people turn this off, so we're good. Never mind that huge swathes of our services break for them if they do choose to exercise that option.

So I stopped using Android Auto. I gave away my Google Home and my Nest Cameras. Eventually I even managed to migrate my legacy free (I hear they eventually started making people pay) "Apps For Your Domain" account away. Now I have no Google account at all.

I've started thinking about privacy as "reducing my information footprint" rather than keeping information from being discoverable at all. I spread the information around, use encryption when I can, and use services I pay for with money rather than my privacy.

What I Use

Speaking of paying, I use Privacy.com for that wherever I can (except in person where I use cash as much as possible). Not only is their application pretty good, but their customer service is top notch. They've always been very responsive, and in the one case where I've disputed a charge (a merchant charged me twice for a subscription), it quickly succeeded even though I was pretty sure I hadn't provided sufficient evidence.

My personal smartphone is a used unlocked Pixel 5 I got on Swappa. I installed GrapheneOS without the sandboxed Google Play services (they're mostly useless without a Google account) and use F-Droid and Aurora Store to install apps. I'll probably make another post soon with more details about my GrapheneOS experience.

For personal web browsing I use Firefox. For work I'm still stuck with Chrome, because it's the modern Internet Explorer, and I don't have the option of simply not using apps whose developers are too lazy or unskilled to support more than one browser.

For search I use DuckDuckGo. Sure, it's not quite as good as Google, but Google search has gone way downhill in recent years, so in relative terms there's not much of a difference.

For email I use FastMail. I would prefer encrypted email, but email is not particularly secure in transit anyway. They are far more generous with their aliases than Tutanota or ProtonMail, and I use their "masked addresses" to avoid spam and add a little bit of security to my various online accounts.

I don't currently use a cloud storage provider like Google Drive. I tried MEGA for a while, but their web app is extremely buggy, especially in Firefox, their mobile app doesn't support syncing, and they're slow. I do still occasionally use MEGA for sharing, but not for long-term storage or backup.

For syncing between my phone and laptop, I use Syncthing.

For backups, I use Backblaze B2 with Restic. The price is right, and they're transparent about how their systems work. Restic backups are encrypted, so I don't really have to worry about their security or spying.

For passwords, I currently use Bitwarden, though I've been thinking about switching to someting like KeePassXC that uses a local file that I keep synced with SyncThing.

For online document editing and sharing, I use CryptPad. It's end-to-end encrypted, so unless they insert a backdoor in their Javascript I don't need to worry about spying.

For text messaging, I'd like to say I use Signal, but sadly my family won't use it, so I'm stuck using SMS with them.

For video conferencing I use Jitsi. My family does use this, because they can just go to a URL I send them. For sharing photo albums with family I use Ente. I don't use them for backup, though; I have accumulated too many photos over the years, and they're just too expensive for large-scale storage. So I sync them to my laptop with Syncthing and back them up to Backblaze B2 instead.

You already know what I use for blogging and web hosting. For short-form posts I use Mastodon. For code hosting I use Sourcehut.

For email and web I use my own domain names hosted with Gandi. That will make it easier to change providers should I ever choose to, though my use of Fastmail's masked email addresses will make it harder to move away from them. But I deliberately don't use a custom domain for those anyway to make it harder to link accounts together when information inevitably leaks.

Conclusion

I know the title is about reducing your information footprint, but this seems like I'm just spreading it around, right? But that's the point: Google's entire business model is getting you to reveal as much as possible about yourself and then exploiting that information to make money. That is not the business model of any of the services I use. And some of them are end-to-end encrypted, and some aren't even businesses.

I use separate email addresses for each service, and randomly generated usernames when usernames are required except in cases where I want the account linked to my real-world identity. This means that even if information leaks or is shared, it would be difficult to like the information from my accounts together in an automated manner.

A lot of these things are probably too complicated for most people. I may write a more "how-to" oriented post in the future, focusing on the easiest-to-use options and how to use them.