How I went (mostly) private online for $111 a year
Watching tech companies mismanage their customers’ data and violating their privacy has been a horrifying experience. The debacle between Apple, Facebook, and Google is just the most recent example of data mismanagement. This year, I decided to secure (most) of my privacy online, and I thought I’d share what I did.
Gizmodo’s Kashmir Hill produced a wonderful video series called “Goodbye Big Five” which I recommend watching. Hill cut Amazon, Facebook, Google, Microsoft, and Apple out of her life with the help from some VPN software and changing up her devices. The videos are fascinating, but Hill takes a much more extreme approach to ridding herself of the ‘Big Five’ — including blocking all websites hosted by Amazon Web Services (AWS) and Microsoft Azure. I didn’t go this far. In fact, I’m not even trying to necessarily cut out the Big Five completely, just limit how much data they obtain from me, and use alternatives that don’t mess up my workflow too much.
Here’s what I’ve done so far…
Deleting (most) social media
There’s research that confirms and rejects the notion that social media use leads to depressive symptoms. But, there’s overwhelming evidence that social media platforms — Facebook especially — aren’t very good at securing our data.
So, I deactivated Facebook. I didn’t delete it, yet, in case there’s data I’m missing or something I need to retrieve later. But, if after a year I don’t miss the service, I will delete it. Other social media sites and services I’ve deleted include WhatsApp (also owned by Facebook), Quora, Disqus (for website commenting), Snupps, and Groovee.
I’ve kept my two Twitter accounts, LinkedIn, and Instagram. Twitter is something I use professionally, for keeping in touch with colleagues and hosting academic discussions. I also have a Tech Bytes Twitter account. LinkedIn is a no brainer to keep. It lists my work experience for the world to see. Instagram might go on the chopping block in the future.
I miss family photos I used to see. I miss seeing updates from friends and family. But, people who really needed to get in touch with me sent an email!
Obtaining a secure email account
I have two email accounts. A personal Gmail (which I don’t share) and a public email account. I own the domain for my public email which turned out to be an excellent decision in retrospect.
My goal was to move the domain to an encrypted email service. There are a number of them out there, but I decided to go with Proton Mail. It’s based in Switzerland, it uses strong encryption, and it has good usability. On the Mac I can still use my Mac Mail account with their Bridge app. On Mobile, Proton has developed solid Apps. Tutanota is solid German-based alternative, but its apps are lacklustre. Proton Mail is not free if you want sufficient storage and a custom domain. It costs me $63 CAD a year — the first half of my expenses.
Getting away from Gmail is more problematic, so I’ve made a compromise. Private conversations go through my own email domain using Proton. Unfortunately, my Gmail is tied to too many services and I’ve had the account since Gmail was in beta (yeah that long). Changing them all would take days, and I’m not convinced it’s worth the effort. For now, I will allow Gmail to spy on my Amazon purchases and Wired magazine subscription.
Moving away from (most) Google Services
Moving away from Google’s other services was surprisingly easy. While my work requires me to use a Google Apps account for collaboration, I don’t have the same requirements at home. Prior to this experiment, my only use for Google Drive was to host content for my website, such as my CV, certificates, images, etc. I moved those documents directly into WordPress. Problem solved.
I continue to use iCloud as a photo and document backup service. For my purposes, it’s been reliable and works across my devices. I’ve seen huge improvements over the past few years.
However, for documents that I wouldn’t be willing to share publicly, I’m sticking to local storage only. I have a network attached hard drive attached to a Raspberry Pi 2 running Open Source Media Centre. This drive’s primary function is to serve up media content on my TV, but I also use it for storage. My MacBook Pro backs up to a TimeMachine Drive, and I have a third portable hard drive that mirrors my network storage.
This is a 3–2–1 backup system. My computer has the first copy of my content. I have two local backups at home. Plus, my cloud storage backs up really important stuff off site.
Google Search was surprisingly easy to abandon. My default across all devices is now Duck Duck Go. It’s not as good, and I occasionally still use Google when it fails. However, the search results are more consistent and easier to replicate, and I care about that because I’m a librarian.
I still occasionally use Google Maps on my iPhone, as well as YouTube. Apple Maps is fine most of the time. It’s only when it doesn’t work that I launch Google’s service. Because I follow a large number of YouTubers, I am not willing to abandon the video service.
Browsing the web
Speaking of web browsing, being private online was something I was already doing. I don’t use Chrome. Safari is secure enough for my purposes and it has quite a few useful privacy features. I also use Brave, Firefox, and the Tor browser (if I’m really feeling paranoid).
Unfortunately, not all the privacy browser extensions I use are cross platform. On Firefox I use HTTPS Everywhere, Privacy Badger, and uBlock Origin. On Safari I just have uBlock. Also, it might seem ironic that I have ads on my site, yet I use an ad blocker. On the desktop, I whitest most sites except for those that I have paid subscriptions or those which have particularly intrusive ads. I block all ads on mobile to save data and speed up load times.
To be more anonymous online, I did invest in a good VPN service. The trick here is to choose a VPN that doesn’t log your information/history and is located in a different country. I decided to go with Nord VPN which is located in Panama, not a Nordic country. It works great on desktop and mobile too. Good VPN services aren’t free. At the time of writing this Nord had a promotion — three years for $145 CAD. So it costs me $48 CAD a year — the second half of my $111.
Secure logins
Despite cutting down my social accounts, I still have a surprising number of accounts overall. All these accounts are stored in a password manager. I painstakingly went through each account and changed the passwords to be 20+ alphanumeric strings with special characters.
I also turned on second-factor authentication for as many accounts as possible. Because I wanted to get away from Google Services, I opted to use Authy instead of the Google Authenticator App.
Devices and operating systems
Unlike Kashmir Hill’s experiment, I didn’t attempt to change the hardware I use. Over the years, my primary devices have all become Apple-made. I moved away from Android for privacy and security reasons a few years ago — though I do miss the customization. I use a MacBook Pro 13” Retina, a 9.7 iPad Pro (mostly for work), and an iPhone 8 Plus. I realize Apple’s encryption is proprietary, but the company’s privacy track record (despite a few software bugs) is solid. Good enough — that’s my motto! However, if I were to build a new desktop computer (which is on my to do list) I’d go with a Linux distribution like Arc or Ubuntu.
Smart home devices
I don’t use them.
I don’t use a name brand set-top-box for my TV. As I previously mentioned, I have a custom OSMC box. You can read more about that project on my other website.
My wife and I won’t have smart speakers in the house, and we don’t have a use for automation. One could argue that this is crazy because my phone (which I carry everywhere) has both a camera and microphone. The difference is that the best home assistants are made by Amazon and Google which have a less consistent privacy track-record. Apple’s HomePod is more of a music device, but my stereo is already superior, and Siri is too dumb to justify its use. I charge my phone in a separate room with the door closed (not beside my bed), and sometimes I just turn it (and my iPad) off. I use Siri on these devices to set timers, open podcasts, play audio books, and get weather updates only. Again, good enough.
Things I didn’t do
You might have noticed that I didn’t make any mention of Microsoft or Amazon. Let’s start with Microsoft.
I don’t use Office 365 nor do I use OneDrive for storage. I have a local version of Office that I use for Excel and Word only. Apple’s iWork is alright, but Numbers doesn’t cut it for my research data nor tracking my finances. My Xbox account is my Microsoft account, so I opted not to negatively impact my gaming hobby by deleting it.
Amazon definitely has questionable labour practices and I’m sure it collects user data. But, for many of the products I like (Anker for instance), it’s the best place — or the only place — to order. We did get rid of our Prime membership in my household, so we don’t order as much as we used to.
Conclusion
The majority of these services and security features are free. Currently, my Proton Mail and VPN services cost me approximately $111 dollars a year which is a fairly small expense. But if you don’t need a VPN, or if you’re not a heavy email user, you can do everything I’ve outline for $0 a year. It just requires your time and a little thought.
While I was writing this, a colleague asked me why I went to all the effort. There’s two reasons. The first is that there’s a certain amount of comfort in securing my data. Moving away from these service taught me that not having them didn’t really impact my life that much. I don’t waste as much time online, I get more done, and I feel more secure. I also spend less money because I don’t see targeted ads. (I also switched to a cash budget which is a whole other experiment). This basically means that even after my email and VPN costs, I’m still spending less.
The second reason is principle. I don’t like data being collected about me, and the less data collection I allow the less likely a company will accidentally leak my information to the world. I certainly haven’t moved away from every online service, but most don’t feature my real name, they point to an email address I don’t use publicly, and few have my credit card info. Because I use second-factor authentication, it’s very difficult for a hacker to get into my accounts.
Being privacy conscience took some work. I spent quite a few hours researching the best services and thinking about how to best backup my data. But, I hope that by documenting this experience you too will be able to go (mostly) private online.
Originally published at www.tech-bytes.net on February 9, 2019.
