Internet Privacy & “degoogling” a bit

Technology Guides
#1

Internet Privacy & “degoogling” a bit

Background

I have grown weary of giving ownership of my digital life over to Google and other major service providers. I’ve seen more cases of Google and other platforms locking their customers out of their service, which concerns me. Even free customers are paying customers for these giants.

I wanted to make progress on protecting my data, identity, and online presence. This article is a fundamental overview of what I think and the steps I took to progress toward that goal. Each person will have different tinfoil hat levels, and I consider myself a 3 or 4 out of 10 compared to some of those who run servers in their homes, hosting content and trusting open-source software. I try to balance.

Before making any moves, here is what my digital world looked like:

  • Mail was all on a personal Gmail account (ending with gmail.com)
  • Calendar as on a personal Gmail account
  • Photos were on Google Photos (and Photos does not give you direct file access to backup elsewhere and no longer stores original files in Google Drive)
  • Google Drive (all of my files, etc.)
  • Backblaze.com (Unlimited backup, 1-year retention. Used to back up Google Drive and my Desktop)
  • Privacy.com (A new addition, secure, one-time, or vendor-locked credit cards)
  • 1Password (password manager)
    • I don’t talk much about this in the document, but a password manager is a must-have if you intend to use random or unique email addresses. Without a password manager, you’ll struggle to track/remember all those unique emails. I like 1Password, and Bitwarden is very good, too.

Most of my “digital stack” was tied to a single account on numerous Google services that linked back to an @gmail.com domain name. The biggest risk in any digital stack is the potential to be locked out of the email, which ultimately means I get locked out of other services. Not controlling my domain name means I could be locked out of my banks and other critical services, given my username is often that email account. I don’t own gmail.com, so I do not “own” my credentials. If I lose access to my gmail.com, then I can not use password recovery to recover my accounts, etc. I am locked out of my digital world. Full stop - think about this. While I will continue to use Google services, they will be the paid services that let me control my domain name, as that is what I am optimizing for – identity safety.

New Digital Stack

  • Mail on a paid Google Workspace using a custom domain
    • All previous email accounts are forwarded here
  • Burner domain hosted on Namecheap forwarding a catch-all to my Google Workspace email.
  • The calendar is still on Google Workspace.
  • Photos synced through iCloud; Phone and Desktop all sync full, original quality files. Backblaze backs this up from my Desktop computer.
  • Google Drive for all of my storage; On my Desktop, I do offline sync, so the entire data set lives locally, and then Backblaze backs this up
  • Privacy.com
  • 1Password

My new stack is very similar to the old one it’s just that I now own my domain name and I’m slowly changing my email address in all of my online services. I plan to avoid Single Sign On so I am not locked into Google. I have increased my usage of iCloud, but as an Apple user, this was pretty painless. The added benefit here is if iCloud/Apple decides some of my content warrants a ban (I sure hope not), I will not lose access to Google Drive, Email, etc. So I’ve started unbundling all of these services, so I have more fault tolerance and defensibility!

Good Security + Privacy Practices

In general, I try not to use the same identity across the Internet, and I do my best not to give out my personal information, credit cards, and other sensitive data. I do this because I do not trust the companies’ security that I am interacting with on the Internet. If you buy that t-shirt from a new brand on Instagram, do you know how they store your credit card data? Data breaches continue to ramp up, and it is often from websites that, despite making a good product, don’t have the sophistication to protect your information against a growing number of hackers—security through isolation. I become harder to target if I use various email accounts across different services, use one-time credit cards, etc. And if one service, like Netflix, gets hacked, the hackers can’t take my login name and password and test those credentials at countless other sites like Hulu, Peacock, etc. Why does this matter? Different services expose different information. If I can gain access to one system and then leapfrog to others, I can quickly build a profile of you up and use that to then, say, steal your identity. Trust the process, not the players.

Privacy comes at the cost of labor. Everything is up to you and your desire to invest time today to avoid spending time later should something happen.

Backups

1263×513 16.8 KB

You should be backing up everything. I operate using the 3-2-1 backup strategy. The ease of backups somewhat boils down to where you create documents. I say this because if you’re using Google to create documents of various kinds, then those documents are stored in the cloud only and never get synchronized to your desktop, no matter what settings you use. In Google’s case, you must use Google Takeout https://takeout.google.com/settings/takeout to export your data and have all of those ‘gdoc’ Google cloud document files converted to Word documents that have the content in them. Even if you see a ‘gdoc’ file on your computer, if you open it up in a text editor, you will see some jumble like the one below. This is essentially just a link to your real file in the cloud. Google Takeout will pull all your data in a portable format so you can back it up and not rely on Google being around later to view that data.

809×545 59.5 KB

Using OneDrive or another document editing tool that stores your files in full text, your backup solution can look much simpler. In the simpler case, you can add Backblaze to get an off-site backup, and then now and then copy your computer/folders to a thumb drive, external hard drive, or disc. This will give you 2 cloud-based storage, 1 local storage on your primary computer, and 1 offline copy on your chosen medium.

It’s worth noting that laptops continue to shrink their hard drive sizes. It is worth buying a bigger hard drive and not relying on the cloud for your data. The one caveat is if you’re like me and have a laptop for mobile and you have a desktop at home running 24/7 with a large enough hard drive to do offline synchronization so that tools like Backblaze can constantly be backing up files changed in Drive. A small, always-running computer (like a Mac Mini) is excellent for continuous backup.

My Google Drive backup works like this: I use Google Drive with local storage and have everything synchronized to my computer. Backblaze runs and automatically backs up my Google Drive. It’s not perfect for the reasons stated above, but it’s a good start to getting a second copy of my data elsewhere for safekeeping. I then use Google Takeout to get the data out in a reliable way. I do this annually. Because I tend to create my documents in Word and other places, I have fewer ‘gdoc’ and ‘gsheet’ files floating around, so my annual process is to capture the random things I created in Google Docs throughout the year. To make my life easier, I do this during Tax season. If I am being honest, I can afford to lose lots of data, but Tax, with a capital t, is not data I want to lose. I take that Google Takeout download and put it right back into Drive(!), which then gets backed up to Backblaze, etc. I keep one copy of my data in this Google Takeout format in Drive until the next tax season, when I replace it with a fresh Google Takeout. So, in short, here is my tax season process:

  1. Delete my old Google Takeout folder
  2. Download a new Google Takeout folder to my Google Drive (I check the boxes for Email, Google Drive, etc. You can leave all ~50 options checked, but these are the two I care about)
  3. Do a spot check that Backblaze has some specific files (like a tax return) from historical years, and make sure my Google Drive does as well.
  4. Copy my entire Google Drive (and any other folders I have Backblaze backing up on my Desktop) to an external hard drive
  5. Carry on crying about taxes

The goal of backups is to reduce the risk of a single point of failure. And to make sure getting locked out of any one service does not mean losing access to much of your data.

I am a big fan of Backblaze, and their pricing makes it a no-brainer at around $100/year per computer (this is the base price and the 1-year retention add-on). If you accidentally delete your Google Drive, you can recover it! Peace of mind. There are other players, and I’ve tried a few, recommended a few, and ultimately felt most comfortable with the reliability of Backblaze. In addition, they have a great blog post and are truly passionate about backups.

Email

Email is our core online identity. Most websites are moving to use email as your login. This exposes your email address, which is a bad thing for privacy. And since many people don’t use unique passwords for their logins, gaining access to one service and getting your password means gaining access to your Gmail or core email account is easier. To that end, here is how I think about email security:

  • Always enable 2 Factor Authentication using a single-use TOTP/one time password. Do not use text messaging/SMS as they are not secure.
  • Always use 1Password or another password manager for robust, secure, service-specific passwords.
  • This will be controversial, but I don’t like Single Sign On (SSO). It ties you to specific email providers (even if on your own domain). Just use logins and secure passwords!

Always use specific email addresses for your services where you can.

If you’re using Google Mail and don’t want to get off your @gmail.com domain, so be it, but at least start using the “+” in your email address to create more unique emails. Simply put, you can attach any work after the “.” or “+” symbol in your email to make automatically unique emails. Examples:

You can get fancier and make random numbers after the ./+ as I did with “amaz0n.” Ultimately, this helps stop automated attacks if one of those services gets hacked. The hacker needs to figure out your real email and can’t blindly take your +netflix email and try to login to Gmail with it. That’s pretty nice. You can also more easily identify spam and scams – if an email comes from Netflix but not to your Netflix email, then it’s unlikely Netflix sent it. To that end, I suggest using non-obvious email qualifiers. For example, maybe for your bank account, you’d do youemail+moneymoney@gmail.com.

Using these special emails, you can also create filters. For example, with +moneymoney, you could mark this as important and never let it go to spam, so you always get all the important emails.

Burner Email (the 80% value for 20% effort privacy)

This is new for me, but I am enjoying this. You can go to Namecheap.com and register a random domain name (like FrozenTundraExpress.com) and then forward all emails sent to that domain name to your primary email (youremail@gmail.com or your own custom domain name). This is called a catchall email, and it’s free from Namecheap for any domain you have. Domains are $10-15/year.

This is truly the best value for the effort path. As you sign up for new services online or hand out your email when you buy something in a store, you can magically create new emails on the fly, which will all be routed back to your primary email. This gives you full privacy – it masks your primary email so hackers who get your randomly created emails can’t do anything with them.

Examples:

No “+” tricks are needed. Everything will flow into your primary email. Here’s a real example of a BBQ spot by me, emailing one of my made-up emails:

To Edley’s, I am jdrose@mycustomdomain. I made it up on the fly. It’s also now easy to create a rule that all emails to jdrose@ are marketing emails!

There are “burner email” companies that are pretty cool looking. https://anonaddy.com/. AnonAddy is a few dollars per month, supports impressive filtering, and lets you reply from email addresses in case you need to (something burner domains don’t offer). FastMail has a plug-in if you’re a Bitwarden customer to generate random email addresses automatically.

Finally, here’s an example of me using my burner on Grammarly!

Primary Email

Burner emails are great for siphoning off junk services onto their own domain name. And detaching them from your primary email. I use my primary email for banking, healthcare, school, etc. The core stuff. In this regard, I think it’s important to own your credentials. After spending 20 years of gmail.com, it was time to regain control of my identity online.

You can still use Google if you want to use your own domain name. There are many options here. Most of these services range from $1/month to $20/month email accounts using your own domain name. Google is on the expensive side, but I know Google well. As I said earlier, my goal of removing Google from my stack has more to do with not using “gmail.com” and Google Photos. So for this part of my journey, I decided to switch to Google for Business (Google Workspace) and pay $12 per month per email account. I only need one account, but this cost per user may be prohibitive for others. My single account, alongside my burner email, hit the sweet spot for me. And I like Google Drive.

There are other players in private domain hosting.

And some people want encrypted email, etc.

Whoever you pick, here is the process that I think will work for most of us. I assume Gmail is being used for a context in this mini-guide.

  1. Identify your new email provider.
  2. Buy a domain name
  3. Setup your new email provider with the domain name
  4. Setup your main email account (in my case, it’s ‘john’)
  5. Go to your existing Gmail accounts and burners, etc, and start forwarding mail to this new account Automatically forward Gmail messages to another account - Gmail Help
  6. Do an inventory, if you use SSO, of the apps you’re logging into with SSO or have granted permissions to with Gmail
  7. Set up email forwarding from your old accounts
  8. Migrate your old email (there are numerous ways to do this. Google Workspace has a built-in Gmail to Workspace migration. It Takes time but it works well). This is an important thing to figure out before you go wild making a new email. And if you aren’t sure about this part, start with a burner email domain forwarding to your current email.

Go to your Google Account → Get to your Security Page:

1384×1156 141 KB

Click sign in with Google to see where you’re signing in with Google:

717×961 70 KB

I went through this list and converted most of these to username/passwords and stored them in 1Password. In this process, I also switched many to burner emails or my new primary email depending on the service.

Privacy Credit Cards / One-Time Use Credit Cards

This is a big topic, and for the last two years, I’ve been pushing Privacy.com to all the people I care about. Privacy.com is a free service (you can pay for cashback rewards, etc) that sits on top of your bank or debit card and allows you to create special credit cards. They have mobile apps, integrate with some password managers, and have a slick website that makes creating credit cards on the fly super fast. Why I think burner credit cards are important:

  • Too often we see people use the ‘last four’ of a credit card to prove identity. Burner cards remove the ability for someone to uncover your ‘last four’ and use it on other services (the same concept with burner emails)
  • We don’t know how good of security any website has. Let’s not trust them with our real credit card data. Let’s not trust them with any of our data…
  • Privacy.com and others will let you use any name you want and billing address. This is huge! When I checkout online I can be “James Balooga” and “123 Pine Street” and Privacy will approve that charge since they know I just created it
  • You can set up credit cards with a per month spending limit, a per year limit, a per transaction(!), a total amount, and a single-use
  • You can create cards for specific services either as groups (all your streaming services on one card) or by service (Netflix)
  • And finally, they’re incredibly helpful for services that want a credit card for a trial. Just enter an amount below the renewal rate ($1) and don’t worry about being charged accidentally

Here are some pictures of the Privacy app. The free plan is sufficient for me and likely you.

912×586 53.9 KB

Other Stuff

Google Drive/Photos

You’ll need to migrate over your content for each service. In my case, I opted to unbundle all of my stuff (no longer everything on Google). I opted for iCloud for Photos (and deleted Google Photos). I went with Google Drive on my new Google Workspace account and that migration involved using Google Takeout (their backup service) to pull my old Drive and upload it to my new Drive.

  • I am testing out PhotoSync, which is cheap ($6/year) and can sync in full high quality your camera roll to different destinations like Google Drive. If this works, I think this is my preferred way to get my photos into Google Drive and remove iCloud from my stack (or leave it until I run out of storage and prune)

Things I did that are unlikely things you’ll want to do

While I like Photo apps like Dropbox, Google Photos, iCloud… I generally prefer to have my original photos backed up in Google Drive (which gets backed up a second time, you’ll see). So My usage of these “photo apps” is more or less only for a short period. Typically once a year I will go and export all my photos from whatever photo app I am using and dump the photos into my Google Drive. Why do I do this? Google Drive does not support backing up photos off of my phone automatically, so I have to use another Photo app to get my Camera Roll/photos into the cloud. Whatever service you use, be it DropBox, Photos, or iCloud, it’s up to you to decide your level of trust in that storage.