I think the best thing to do is just be the kind of online citizen you want to see. It may be small but it is something you can do yourself.
I will be looking for a way to move my online identity away from Google to something I control more directly. I am also going to try replacing my social media activity with email. The web is already decentralized, we just need to use it.
I closed my G Suite account today because of Google’s announcement of AMP for Email. Luckily I didn’t have a huge Google presence in the first place beyond email which is easily IMAPed over to another server. Takeout allowed me to extract the rest: my docs as ODF, YouTube subs as RSS and contacts as ICS.
> In the end I went with Runbox, will see how they perform but I’m happy so far.
I tried Runbox back in 2013 after a fair amount of research and they looked great. After signing up, they sent a confirmation email with all my account info with user-name and password in clear text. I cancelled immediately after seeing this, but I wonder if they are still doing it?
I ended up switching to Fastmail, which I still use and highly recommend.
I didn’t get that this time at least. It’s worth pointing out that while that’s not great, if they send the password before encrypting it for saving in the database and only send it internally to their own mail server then there’s little security risk. But it’s not best practise as it trains users to expect it from other sites.
You're right, being the kind of citizen you want to be is undeniable a good thing, but it's also undeniably useless. It individualizes a collective problem, thereby being an ineffective solution. The only way to resist power is with collective action that substantially challenges it.
I disagree with your defeatist message and I consider it harmful if spread. Individual action is the foundation of our entire social system. It is not "useless" by any measure.
I don't want to use AMP in email so I'm not going to. It's just that easy.
What are you doing and what do you suggest the rest of us do? Is voting with our wallets not a thing any longer?
And how productive do you think "voting with our wallets" can be for a product we don't pay for from a company with more money than all of us combined?
Google auotmatically collects data on you the moment you visit and site with Google Analytics or a +1 button or when using Google Ads. Or using youtube.
While it's certainly not totally impossible to vote with your data, you should remember that you are the product for google. The customers are advertisers. Not you.
Some of us do/did pay for gmail. Also you could stop using Google all together as I have for this exact reason. (Specifically no way to disable AMP). I’ve been using bing/duckduckgo for search and icloud for email for a few years now. The only reason Google gets away with any of this crap is how many people refuse to switch to another service so yes voting with your wallet/wall clock will get results.
You're right, we should just use Google for everything because they have money. All is lost. Thanks for opening my eyes, you have really made a positive impact.
/s
On a serious note I don't like the negativity in your comment and I don't think there is anything insightful about it. I believe the free market is based on individual actions. I will continue to choose services based on how well they serve my needs.
That's the problem with Google being the default search for almost all browsers and almost all phones: The entire tech industry could unite against Google, and Google still has literally billions of users who don't know better.
If I had a solution I'd be telling you about it I assure you. I'm just saying that vote with your wallet and put your faith in the market is also not a solution in this case.
That's true but the key word is coordinated. Without coordinated action, we're back at individual action. Coordinated action might be protests, boycotts, etc. Usually there are one or more _institutions_, that is a cohesive group of people, backing and advancing the interests of the group. This is a very powerful model.
A familiar example is the NRA. It's not a political party, but it advances the interests of its members relentlessly. Institutions of the left include things like Planned Parenthood. Often, there are issue advocacy organizations that spring up when corporations are doing bad things. Often the strategy is to do things that impact the corporation financially, which short of legal threats is basically the only thing they understand. Anything short of that can be brushed off with rationalizations by various powerful stakeholders within the corporation.
Basically, the point I'm trying to make is that individual action is essential, but not sufficient to make a difference when it counts.
funny thing that, I went to the their membership page for the first time today because I wanted to know how to express my individual support. I'm not an owner, and I will likely get a membership ... because it's an advocacy I care about.
People may not like a compromise approach, but I've switched to using standard IMAP-based mail readers with gmail. If more people did that instead of using the gmail app and web site, Google would maybe see that AMP'd email wouldn't reach a large number of their customers.
Then again, maybe AMP is their solution to this third-party interface "problem": create an incompatible "feature" that will encourage or force users to abandon standards-based tools.
Kind of like what's happened with Google Talk. God I miss the Mac's Messages app being able to interface with my work's gsuite chat.
FWIW, the iOS email client has improved a lot over the last few iOS versions. Worth checking out if you haven't looked at it for a while.
I just had to think a bit in the opposite direction, with respect to email. Archiving some correspondence from other contexts into it. There's a very handy tool for the archiving I'm interested in.
But... under U.S. law, online email storage over X... (I forget the exact count, something over 100 days) days old, is open to examination without a warrant.
Not that I've anything particular to hide. But moving my personal correspondence in that direction?
I may spin up a an email server under my own sub-net, just to make use of this tool and capture its output. But I'm strongly disinclined to put it on a publicly facing email server.
The 100 day warrantless examination is an interesting point. Are you suggesting the government doesn't have access to your correspondence on other platforms? You can at least run your own email server.
It depends on the platform, and on ongoing developments in law, regulation, and third-party cooperation (one big way U.S. governments get around their own restrictions is by soliciting (often, paid) data from third parties not bound by such restrictions).
Anyway, they may well have this data. Some other data, more likely not.
And, even where they may have -- or have access to, this data, retention periods may be significantly shorter. At least, the retention periods that aren't shrouded in secrecy in e.g. a large campus in the middle of Utah.
Not email, but more and more social/communications platforms are offering to archive your data in your Google Drive account. Now, maybe with a privately held passphrase to AES encryption, some might consider that ok. But that is not what these services are offering.
For the majority of people, "Who cares?" And there is value to keeping your life free of unnecessary friction.
But, more and more of this stuff is getting supeonaed in divorce cases, employment disputes, etc., etc.
Though, I suppose if you maintain private access to the messages, and don't share them, you are still a candidate for contempt of court.
Anyway, I'm not interested in accumulating more of my social life into a data store that, here in the U.S., has less constraints against third-party (here, meaning particularly, government) access.
I think there are many pieces of that puzzle floating around. Fastest replacement might be if someone can make an app to encrypt on device replies via email.
but that's not all.. if a pw protected chunk was sent back to a buddypress activity or message reply and could be decoded there... then people could setup a wordpress/buddypress for family and a separate install for friends..
Options to get rss read of activity, or get emailed activity and replies. Could just email a reply back with a plugin, but that's currently in the clear. It could just be a notice that ScreenName X posted a reply on the Activity Group Y.. click to read.. and it's trivial to make those things private / login needed kind of privacy at that point.
So solve email encrypt on device, send to server which I think can hold data encrypted with php 7, and it would need to be decrypted within wordpress/buddypress for friends / family there when they logged in .. then there are most of the other pieces for mutliple messaging different contacts and groups.. it's all there.
I am sure there are other similar projects with similar hooks where a similar thing could be streamlined / integrated with just on device email, with options to beef up the privacy to make it better. Would be nice to addin sms texting to the mix for notifications and replies somehow.
most people know using email, and buddypress can be very similar to fbook for layout, so familiar to most I think. It's all close.
Well, I like the idea of end-to-end encryption, combined with storage/archiving on equipment under my own control.
Email seems fine, if it's your own server and you can keep it secure. Including, secure from some legal argument that they can knock on your door or the data center's and just have a look at whatever they want.
There was a fellow in the UK who used assymmetric keys to encrypt all his inbound email, holding it on the server in encrypted form where the paired key was not on the server but rather available only to his email client.
Then, you have the problem of security in transit. That email doesn't offer, inherently. And most of your correspondents won't use PGP/GPG nor SMIME.
I just had another friend start using WhatsApp. Is it really secure? I don't know. At least, she'll use it.
WhatsApp offers to archive your correspondence to Google Drive. I haven't turned that on.
I've tried brining up Signal with a few friends, but they won't give it the time of day. (Unlike the Washington, DC crowd, who now appear to be flocking to it in minor degree.)
The tool I might use is for SMS/MMS. It used to also offer to archive WhatsApp conversations, but that's been discontinued.
So yeah, this isn't any "big security context". Just my personal stuff. But the default is to put the messages into Gmail. On the one hand, actually convenient. On the other... just, no.
I have a bootlooped Nexus 5x with a bunch of SMS/MMS I never backed up. Including, I now realize, from a friendship that's ended. I'd kind of like to have some of those. So, I'd like to be pro-active with regard to the next phone that's going to crap out on me.
----
P.S. In short, I think I basically agree with you. Decentralized, and under one's own control.
It's just that:
Email doesn't secure the transport, and many people won't secure their messages before transport.
If it's not your own email server, under your control including perhaps physical, law in the U.S. with respect to email designates older messages as quasi-abandoned and "up for grabs".
And I forgot to mention the many posts/comments I've been reading here, about how more and more difficult it's becoming to run your own email server, not just in terms of securing it but also because more and more email providers are shit-canning any emails that don't appear to be blessed by their counterparts.
Anyway, I'm not promoting the idea that I have some particularly good answer. Rather, just food for thought.
I will be looking for a way to move my online identity away from Google to something I control more directly. I am also going to try replacing my social media activity with email. The web is already decentralized, we just need to use it.