526 comments

[ 5.0 ms ] story [ 354 ms ] thread
I'm a little discouraged when I see articles like this that seem to be completely tuned for developers or look over completely decent pro-privacy alternatives like Apple.

For example, the "best" calendar alternative is Etar which looks to a Github repo. Really? At the very least you could mention Apple Calendar. Is Maps.Me (which uses AdSense) really better than Apple Maps? I'm not a fan of hooktube either - it just further cements YouTube's monopoly.

I think what what bothers me is that "privacy focused" tends to be conflated with FOSS. I'm really thankful for organizations like Mozilla and Signal that are trying to deliver privacy focused applications to real people. However I also think we should recognize Apple-like companies who are also privacy focused without necessarily being FOSS. I think that will help move more non-technical people out of central databases.

I am on linux ... just tried Apple Maps - horrid ... it fails to permit location search by zip code ... just show the globe and let me zoom around - fail ... forced me to login - fail ... unable to enter arbitrary address - talk about slurping personal data ... unbelievably evil
What are you going on about? Apple Maps does all of those things, without asking for login information.
I thought it was strange bing was not mentioned, even though it has Mozilla's endorsement of having a better privacy policy than Google[0] and is probably the most popular alternative to search in the United States. This far from a complete list of Google alternatives.

[0]https://www.pcworld.com/article/184520/mozilla_endorses_bing...

As much as I like Microsoft, Bing is awful. Ive used it, and I tried to like it. It can't find anything.
I find bing to be better than any other Google alternatives.
It would be possible for you and your parent comment to be correct simultaneously.
Bing's video search (particularly for porn) is the best in the business.
Its image search is also pretty good. If I'm not successful on a google image search, bing usually comes up with quality images. Their maps also tend to better render local businesses and it's easier to navigate the results than google, surprisingly. On the other hand technical searches are way better on google.
> (particularly for porn)

I had not considered Bing a serious competitor to Google's search engine until now.

>> (particularly for porn)

> I had not considered Bing a serious competitor to Google's search engine until now.

I can’t tell how much humor was intended here, but that’s a serious competitive point that had not occurred to me. Ever. It’s not something that MS could use in a marketing campaign, but could easily sway lots of people to give it a try when they otherwise wouldn’t.

I'm not sure if it was implemented as a 'competitive point' or if Microsoft just has employees that solved the porn search problem for personal use.
That’s likely on purpose now, even if it was accidental in the beginning. Microsoft marketing people are not stupid, and they know the right amount of piracy and the right amount of porn is excellent marketing.
I use Bing a fair amount and I like it.

I'm wondering if you could elaborate on what sorts of things you are trying to find and having trouble with. Perhaps HN could make a few suggestions for how to get more out of your Bing experience.

I've tried switching to it but for looking up code and projects it kinda sucks. Even when I throw hints at it sometimes it just doesn't seem to care. I'm using DuckDuckGo instead for now.
It’s a matter of taste but I prefer the Apple/google clean and white UI with little else distraction than what you are trying to achieve over Microsoft’s “portal from the 90’s/let’s fill every bit of space”. Whether it’s bing or Windows, something as stupid as showing you a different background picture every time means you always have to deal with a new visual, which means more effort to find your way. It’s the same for IE and edge, the default new tab is to show you a busy page with news, weather forecast, most visited stuff. That’s like advertising banners to me.
I’m surprised to learn an it professional regularly finds their way to a search engine home page. I would assume you’d just type your query directly into the address bar? This seems to work for every major browser at least, unless I’m mistaking?

I actually use Bing, and I see the oddity that is their homepage once a month, if that.

(And I think bing is fine for about 80% of searches. The rest I use google, which manages for another 10%, and for the remaining tithe I have to do something archaic like think about how to properly format a search query. Party like it’s 1999.)

Why are you going to Bing’s homepage? The rest of the site is minimalist.
It was also disappointing to hear recently one of their developers say that they mostly just copy what Google is doing to keep up.
I like/sometimes use Bing, and it's decent, but it's not significantly different than Google in terms of data collection. The biggest difference, arguably, is that they pay you for it via Bing Rewards.

DuckDuckGo uses Bing data and respects your privacy more, and probably the best choice for the privacy-conscious.

My primary goal of using Google alternatives is to deprive Alphabet of revenue. Privacy benefits are secondary.
Why do you want to deprive Alphabet of revenue, if not for their privacy-disrespecting business model?
Read a cyberpunk book. The mega-corp as focal point for resources, innovation and political clout is a scary thought.

Consider the almost exclusive dataset they have moated "everyone" else out of, and the long line of disingenuous/unethical business practices. The privacy considerations are the proverbial top of the iceberg.

Using Microsoft products to avoid feeding megacorps would be a strange strategy.
Most of the fictional dystopia center around a single mega-corp not mega-corps... Thus if you have 3 or 4 Mega Corps that would be preferred to a single monopolistic Mega-Corp.
Do you have any book recommendations?
Dune's CHOAM corporation is a great example. Ownership in choam is synonyms with power and wealth. All political maneuvering is based on gaining or keeping control in choam corporation.
For "receiving end" perspectives, watch Blade Runner (the old one) or Altered Carbon. The Expanse probbly qualifies too. For books, Peter Hamilton incorporates different mega-corps in his universe but it's not the main object. Special mention to the Void Trilogy's Commonwealth.
The Expanse's high-political scene is best described by the balance of powerful sovereigns, and how that changes over time. Companies have a lot of power, but that power is primarily expressed by influence in governments. A company gets mining rights from a U.N. charter by influence. Then the company expects the U.N. military to defend those mining rights. Sometimes the company influences the goverment and sometimes the goverment influences the company. The big exception to this is the O.P.A. which always tends centralize power around Tycho.

Altered Carbon also uses goverment as the primary seat of power. United Nations Envoy Corps are primarily a reskinning of Dune's Sardaukar, the powerful super soldiers that enforce the rule of law out of fear. There are very powerful corporations, especially those discussed in the first book, but their power is again through the influence of government, and goverment has the authority to act independently.

This is in comparison to a true mega-corp like Final Fantasy 7's Shinra Corporation, where all power exists within the company. Shinra can destroy 1/8th of the capitol city with no repercussions, and there is no significant economic activity outside of the company.

I wouldn't throw someone into the deep end of corporatism based on where this thread started ;) I figured the implicitness of my examples' corps' power fits better as an illustration of the potential short term future.

Yours is a terrifying endgame, but it feels (to me) quite far removed from what we should look out for before it's too late.

Alphabet has several projects that Microsoft does not have a counter-project for and in which my primary ethical concerns are not privacy related.

I'm specifically concerned about their approaches and attitudes on AI and Life Sciences.

That was in 2009 - Windows 10 probably wasn't even a project at that point, for instance.

I doubt Mozilla would recommend Bing over Google again because it's more "pro-privacy."

I think the point is not so much pro vs anti privacy. On the web you have to assume every site is anti privacy, and you may have some rare pleasant surprises. To me the point is rather to spread that trail of data among multiple providers that are not known to sync their data.
I don't see that in the article. Search, email, drive, youtube, maps all have many non-FOSS entries.

I am fairly sure that no apple product is mentioned because replacing all the hardware one has just for more privacy is likely too extreme for many. Not to mention that one of the biggest things you can do for your privacy is ad-blocking / cookie cleaning, and apple does not make it easier at all.

> biggest things you can do for your privacy is ad-blocking / cookie cleaning

Very true. But there is no problem with apple, in fact Safari is first browser that is clearing cookies - ITP(2). I use uBlock Origin on Safari and Private browsing - no cookies at all.

Firefox has been able to clear cookies like that for years without any extensions.
Usind default settings or manually?
Neither. It's an option in the preferences.
Is that option enabled in default installation of firefox? Sorry, I must have specified that in Safari ITP is enabled by default, and this is important for non-tech people.
No. It hasn't been enabled by default in my experience. It isn't the exact same as the Safari technology. Firefox lets you block "3rd party cookies" or "all cookies" from the privacy pane of preferences. I've always "set it and forget it". The assumption is that many tracking cookies will come from 3rd party websites.
(comment deleted)
The default is 'allow everything'

You can change a setting to block third party cookies. This gets you similar treatment of cookies as was the default in safari 1-10.

Safari 11 still blocks third party cookies by default, but has 'Intelligent Tracking Protection' as an additional filter on top of it. ITP blocks/limits certain uses of first-party cookies.

Firefox has no analogous option. Either cookies are off, or all uses of first party cookies are allowed.

Firefox has an option to block all third party cookies in the manner similar to Safari 1-10's default behaviour. And like everything else, it lets you clear all cookies at once, or manually look through the cookies to clear them.

It does not have a feature analogous to safari 11+'s tracking prevention.

What about the tracking prevention that Private Mode has had since FF 42 or so?
Firefox’s tracking protection is the same feature as Safari’s content blockers. [the defaults differ, though], and prevents specific listed domains from loading anything. Except when it turns out blocking them breaks too much. Like Youtube embeds.

Safari’s tracking prevention applies to things that do wind up getting loaded, and limits access to their own cookies/context. [kind of like loading all those embeds in seperate private sessions, even though they're on the same page]

> It does not have a feature analogous to safari 11+'s tracking prevention.

I never said that it did... I wrote that firefox has had the ability to block cookies automatically for years, which it has had. My response was not a comparison between the browsers but a statement of one particular feature that was mentioned. I simply said that what had been stated by the gp was also available in Firefox.

When you wrote 'like that', I assumed that you meant 'like that'.

> I simply said that what had been stated by the gp was also available in Firefox.

Given that the gp referred to ITP... no, it's not.

The gp has clarified their comment, since that time. Snark is beneath you.
By the time I posted anything, the post clearly referred ITP.

You were ignoring that nine hours later.

The clarification was to add ITP.

Disqus is over that way, if you want to keep arguing without a reason and without reading what others write.

It's not that "privacy-focused" tends to be conflated with FLOSS. Rather, it's nearly impossible to guarantee privacy in proprietary software. The transparency of FLOSS makes it trustless. Want to know what data of yours, if any, is being collected? Look at the code.

This is why, when it comes to privacy, Apple isn't worth consideration. All we have is their word, and that simply isn't enough.

This is true iff you look through the code yourself, or are willing to trust that others have done so in as thorough a manner as your use case (attack vectors) necessitate.

Apple isn't worth consideration if you are willing to put in the effort, or delegate trust, to other systems. If you'd prefer to delegate trust to them, how is that effectively different that FOSS that you haven't examined?

Incentive.

When devs announce how their software handles privacy concerns, they have an incentive to be honest because all it takes is one discovery of conflicting code and their trust is lost. But if the code is closed source, that incentive for honesty is removed. Of course the media can still seek circumstantial evidence and make accusations, but that’s a far cry from version control.

Separately, closed source code invites new incentives to disrespect user privacy for profit.

So, there are these two major categories involved, both of which are mitigated by opening the source code.

Apple remains liable for both of them.

All that Apple has is an observation that they sell hardware too. I guess we are just assuming they already make enough money from advertising as it is and don’t really want more.

I think there is a significant difference.

Companies get hit with multi-million dollar fines for violating their privacy policies. So there's your incentive.

I just don't see open source as better protecting privacy. See for example the telemetry in .NET Core or VS Code [1]. Users discover this stuff by watching network traffic, not through code audits.

1: https://github.com/Microsoft/vscode/issues/16131

Is a multi-million dollar fine enough to matter?

Let’s assume Apple violated their privacy policy and was fined $999 million, the highest “multi-million dollar” fine they could be assessed. That’s just barely more than 1% of their market cap.

Fines are definitely incentive to do right but the fine must be felt. I’m not aware of any cases where the tech giants have been levied a fine that really hits them hard.

The fine you're proposing would cause a much larger hit to market cap than you're suggesting. Consider, Apple made ~20 billion in profit last quarter, your hypothetical fine would be a precipitous hit to profit margin which, when reported on the quarterly earnings call, would cause an abrupt downturn in share price. Consider the 13% hair cut earlier this year when the market thought Apple was going to miss. Then there's the existential panic of "does this mean Apple is in for more such fines?".
I guess jail time will have to do.
Fines are accounted as overhead.

Watching network traffic is limited to circumstantial evidence, and not even that without a circumstantially isolated environment. Those are a couple of scenarios where these accusations can be made.

Let's consider the incentives in each case and how they enable you to distribute your trust. Apple is a for-profit, publicly traded corporation. Their purpose is to make money, and they will likely do whatever they can to achieve that. More importantly, only they can see their code, not you and not other users. All you can possibly have is their word, and they will say whatever it takes to sell you their product. If they lie or exaggerate, there's no way you or anyone else could know.

On the other hand, open source projects come in all shapes and sizes. Generally, they have a strong community of both developers and users around them. If you don't feel like looking at the code, you don't even have to trust the project itself. You can look to the community and its abundance of users, at least a few of which have audited the code and share your use case. And these users aren't just neutral third parties. Nay, they're better than that. They, too, value their own privacy, and are therefore motivated to protect it.

This is silly. Apple publishes their privacy policy. If they were found to be violating it, they would lose business and be liable for expensive lawsuits. And security researchers are extremely good at finding these things. So yes, Apple has a very powerful incentive to tell the truth.

As for the theory of "open source community," see the MyBTGWallet scam. This open source project, recommended by the Bitcoin Gold team, stole $5 million via a single line of code. Being open source isn't much protection really.

He's telling you about the fact that there's conflict of interest between you and crapple and you tell him an anecdote where some scum of this earth stole money and open source software was involved. Does this really sound like a compelling argument?
Yes. There are bad and good actors on all sides.

Just because something is closed source doesn’t make it bad. And just because something is open doesn’t automatically make it good.

Agreed. But what can we infer from this? Let's suppose "good" refers to "privacy respecting", with regard to users.

The primary difference is that closed source cannot feasibly be determined to be good. This is an inherent property of being closed -- we, as the users, have no proper access to investigate the actions performed by the program.

Open source software can, potentially, be classified as privacy respecting. As others have mentioned, this is not a trivial task. It requires significant contributions from the community to audit the code perpetually. We cannot exercise complacency here and presume someone else has already performed this action on our behalf.

(Tangent: Perhaps we need to develop a system to keep track of which sections of which open source projects have been audited, and by whom. A list of volunteer auditors for each source file on a GitLab repository, for example? With each audit being associated with a hash/commit for that file. In the current model, reading the code without finding any privacy concerns means no commit. Whether there is value in keeping track of this occurrence and leveraging it to conclude an increase in trustworthiness of the project is both a philosophical and practical question.)

So being open source does not magically make software more privacy respecting. But it does open the door, and invite us to investigate its claims and behavior; something that closed source does not. It's our responsibility to capitalize on that advantage.

Considering the current state of privacy violators and malicious actors in this industry, a "guilty until proven innocent" approach might be the most pragmatic. This is not a form of scaremongering; this skepticism applies to both closed and open source software equally, contributing to a solid foundation of good OpSec and assisting to shape the industry into more ethical business models.

It does however increase the chance that it will be bad, because the average snake that produces closed source software is likely to be motivated by greed, so it has the incentive to milk you as hard as it can without turning you away from products (using lies of course, you can't check anything after all, it's closed shit).

But seeing sibling explanation being downvoted into oblivion makes me think no one is interested in discussing this anyway so why waste breath.

(comment deleted)
Apple makes its money from expensive hardware. And respecting your privacy and security helps selling it a lot. And they earned trust by being serious about it for a long time.
Uhm 2014 ... https://en.wikipedia.org/wiki/ICloud_leaks_of_celebrity_phot...

By comparaison, while there have been a few issues with Google, for a company that processes so much personal data, their track record is excellent. I can't think of any major personal data leak that could be attributed to Google.

Maybe Apple got better within these 4 years, TBH, they most likely did. However, I don't consider 4 years to be a "long time" for a tech giant. Their privacy focus is relatively recent.

The iPhone 5s is the first one with a great secure enclave, and it was planned out a lot longer than 4 years ago.
Did you even read the Wiki article you linked to? Even if we ignore your conflation of information security and privacy, the Fappening was not caused by a security breach at Apple, but rather through the use of targeted phishing attacks.
Definitely, and note that GP explicitly mentioned security, which is a good thing because they are tightly linked. You can't have privacy if you don't have security.

The thing is: we often associate ad tracking and (lack of) privacy. It is certainly one aspect, but it is far from the whole picture. The most damaging form of privacy violations are usually not caused by advertisers but first by people who are close to you (ex: revenge porn), and second by hackers (ex: blackmail). I used the fappening as an example because nude pictures are the archetype of private data.

As for targeting phishing, I think companies who take privacy seriously have to do something about it. Phishing is the number one threat users face when it comes to cybersecurity and therefore privacy.

Now comes the debatable part: hackers targeted the iCloud platform, why? Why not Picasa, or Facebook, or whatever place images are stored? My hypothesis is that iCloud was the best target for such an attack, partly because compared to the others, it didn't offer as much anti-phishing security.

EDIT: I just noticed I didn't mention governments. First, for most people in western countries, government is unlikely to be their biggest problem. So I would rather focus on the immediate surroundings (ex: boss, partner, neighbors, etc...). And if the government really is after you, then an Apple solution might be good, but I don't think they are completely turstworthy. They are still bound by the US law after all, and they are not completely zero-knowledge. To make things clear, Google and Facebook are also out in that case.

> Now comes the debatable part: hackers targeted the iCloud platform, why? Why not Picasa, or Facebook, or whatever place images are stored?

Possibly because the celebrities targeted used iPhones, and didn’t publish their private pictures to Facebook or a Google service.

Until it paid for them them to sell out their Chinese customers. There they didn't think for a second.
I have no more trust in the American government to not spy on its citizens than the Chinese government. If iCloud data is encrypted and only the user has the private key. It's just as secure as being on American servers.
The difference being that Tim Cook handed Beijing the iCloud private keys for Chinese users
How did he do that without completely rearchitecting how iOS works? Do you have any citations?
I'm not saying that this is what happened and I don't know the background of this story, but it would have been easy (technically speaking) to just push an update to Chinese users that will extract their private key and send it back to Apple without any significant changes.
AFAIK the Secure Enclave chip is specifically designed to make this impossible. There is no planned method to extract the private key from it. ("Planned method" meaning anything that's not an exploit or an electron microscope.)
Maybe generate the key in the normal processor, send it to apple for escrow, and then push the key to the secure enclave? I have no idea whether the secure enclave supports loading existing keys, but generally this is how it's done.
This is about the architecture of iCloud not iOS. Apple has the keys to all encrypted iCloud data (iCloud email is not encrypted at rest).

The only exception is iCloud keychain, but I believe only if you decline the default setting to create an iCloud security code (I'm not entirely sure about that)

https://support.apple.com/en-us/HT202303

(comment deleted)
Note that only some of your iCloud data is end-to-end encrypted: https://support.apple.com/en-us/ht202303. The rest is also encrypted, but Apple does have the key and can likely be legally compelled to share it with authorities.
What am I missing? According to the link, everything is encrypted at rest besides email. No one thinks email is secure.
> I have no more trust in the American government to not spy on its citizens than the Chinese government.

This is more than a little hyperbolic. In the US you need a warrant.

Also, in the U.S., police don’t shoot unarmed suspects, get caught planting evidence on camera and the judicial system prosecuted and convicts fairly regardless of race and class and always follow the rules.....
Apple actually had some of the worst security for a long time. They even lied about Mac OS being immune to viruses rather than market share so low hackers didn't care about it. They still made piles of money due to great product development and marketing. Their brand was the main, selling point for a long time. The iOS situation is quite a turn around for them on privacy/security. They still sell them on mainly image, features, apps, and so on. Just like before [plus Windows-style app dominance] with privacy/security reporting in media likely about boosting sales.

I don't trust it, though, if we're talking domestic surveillance. The ECI-level leaks said FBI "compels" domestic companies to enable their stuff for eavesdropping. Whatever that means is secret. In the Lavabit case, the FBI argued to the judge Lavabit wouldn't be harmed if they lied to their customers about the compromised. The judge agreed. So, court orders, fines, retaliation, forced lies, and secrecy orders of all that are a possibility in the United States. Just don't put secrets on anything made in America or by Americans. You can use American tech for obfuscation or untrusted functions, though.

Pre OS X versions of Apple OS had even smaller market share and way more viruses than current versions with much bigger market share.
(comment deleted)
I use Apple products instead of Google's. They also look much better.
> Want to know what data of yours, if any, is being collected? Look at the code.

I find this to be an extremely un-compelling position. A relatively small proportion of the general population has the skills to meaningfully look at the code, never mind the time. Moreover, even for someone who is capable, such an exercise quickly becomes non-trivial on an unfamiliar codebase for an app of any complexity.

In many cases there's also no guarantee that the code you're reading is the code that's running.

> I find this to be an extremely un-compelling position

It's more damaging than that. The bundling of privacy and FOSS advocacy weakens the former. Few without deep technical knowledge is sympathetic to FOSS. The potential audience for a privacy pitch is broader. By bundling the two, however, the technical advocacy community limits the appeal of the former to those supporting the latter. This is an issue because the opponents of privacy rights are not similarly limited. Hence, we find ourselves reliant on Google, Apple, Facebook and Amazon being benevolent dictators, in their services and Washington.

> Few without deep technical knowledge is sympathetic to FOSS.

Few without deep technical knowledge do even know what FOSS is.

Yes, all they know is “this is impossible to install” and “what is a GitHub” and “where do I log in to the cloud?” and “this is the ugliest software I have ever seen in my life”.

Unless we’re talking about hosted FOSS, in which case you get the worst of both worlds.

I run my own mail server so this comes from a place of love: FOSS for server side products for consumers is a joke.

That's something reproducible builds address.
You can't check if the server actually runs that reproducible builds.
Right, that really only helps for local binaries.
Even then, it might work well for you, and if I had the patience or the time it could work well for me, but it'll never be of any use to my mum or my brother, neither of whom are technical.
I suppose it depends on how it ends up being implemented. I was envisioning something fairly automated, which could presumably spit out PACKAGE VERIFIED information that could be used in systems not requiring users to be technical.
While I generally agree with you about the soundness of the FOSS==privacy argument, I think you're misstating it subtly. The claim isn't necessarily that the privacy sensitive user specifically will be able to audit the source but rather that someone somewhere will have done, and will have written about problems they uncovered. See also many eyes making all bugs shallow.
Not always. Heartbleed was present in OpenSSL for two years before anyone noticed.

Many eyes make all bugs shallow, but if there aren’t enough eyes with the skills or the time then problems will remain deep, even for important software like this.

Perhaps everyone thought everyone else had done the work?

OpenSSL can just as easily act as a point towards FOSS for privacy given that it was a vuln that was discovered externally (multiple times by distinct parties).
Heartbleed was a very subtle security bug, the discussion here is about privacy violations. You think that detecting if, I dunno, mutt is secretly uploading your contact list is going to escape detection for years?
It will. IIRC HomeBrew’s integration of Goigle Analytics went unnoticed for almost a year, and only then they included an opt-out option (it’s still opt-in by default)
Closed source code, even if it has no hidden purpose, may be hackable as well. Nothing is perfect. I think you are making an unfair comparison.
Heartbleed was found though.

Thinking out loud here, what's the best counterfactual on HB?

I can imagine a ClosedSSL that gets hammered in a blackhat presentation. I can imagine ClosedSSL getting fixed, eventually.

It's just hard for me to imagine that happening faster because people like Neel couldn't read the code.

Maybe the counterfactual is that ClosedSSL is also well funded and cares deeply about security, so it finds HB internally.

But openness doesn't preclude funding. And closed source doesn't grant you an automatic security focus.

So rich ClosedSSL vs poor OpenSSL isn't an apples to apples comparison.

All things held equal, openness provides one extra possible avenue to find and catch bugs, and so such projects will tend to have more caught on average.

What does HB teach us then? Just that some bugs are hard.

Now, to be fair, if "openness" is just used as a substitute for internal security audits, a way to shrug and farm out that work and blame to passers-by, then that would be obviously terrible.

That probably happens more than we'd like to admit, but I still don't think it's the typical reason people open their code.

(comment deleted)
With tools like Guix (and then hopefully, eventually distributed networks like IPFS / Dat doing the distribution) we will be able to have people audit free software and every user being guaranteed to have the exact version that was audited.

The future looks good if we just continue to implement it the way it should be.

That's provably false when you get to the bottom of what makes proprietary software trustworthy: it has to be verified by qualified people who you trust after being designed and built with enough rigor to not have accidental flaws. That's regardless of whether it's proprietary or FLOSS. I went into detail here:

https://pastebin.com/EZQWbwCB

In fact, the first systems that resisted strong pentesting by NSA were proprietary, shared- or closed-source systems. They shredded everything else. Two are below with another designed like that. The first, safe, kind-of-secure machine that I know of was Burroughs B5000 whose CPU did things like stop overflows, protect pointers, and check function arguments. It was immune to common, root causes of many failures or attacks. OS in a type-safe, high-level language (ALGOL variant). It was a proprietary system whose source was shared with customers. Linux systems still don't have as much code-level security in average case as that proprietary software from 1961. The virtualization solutions in FLOSS still aren't produced as securely as VAX VMM or the separation kernels that followed in 2000's with VMM's layered on top.

http://www.cse.psu.edu/~trj1/cse443-s12/docs/ch6.pdf

http://lukemuehlhauser.com/wp-content/uploads/Karger-et-al-A... (See Layering and Assurance sections especially. Compare to QA practices of favorite FLOSS VM.)

http://www.smecc.org/The%20Architecture%20%20of%20the%20Burr...

https://www.usenix.org/legacy/events/sec04/tech/wips/wips/04... (Nizza uses FLOSS components. This document is just great at describing the architecture they and the proprietary vendors were using with separation kernels. The proprietary offerings contained a lot of problems FLOSS didn't with their 4-12kloc kernels having less code to screw up. User-mode drivers can boost reliability a bit, too.)

>Rather, it's nearly impossible to guarantee privacy in proprietary software. The transparency of FLOSS makes it trustless. Want to know what data of yours, if any, is being collected? Look at the code.

>This is why, when it comes to privacy, Apple isn't worth consideration. All we have is their word, and that simply isn't enough.

Quite a few of the things listed in the article are not open source (some of the map stuff, as an example). Last I checked (several years ago), we only have DuckDuckGo's word for it.

I think the idea is not that these are all trustworthy services, but that no single company has all the data on you.

"Look at the code" is an anachronistic strategy.

Nowadays, very little of our data solely relies on our own devices, and most of the value of consumer software occurs when data is being transmitted between systems. When your data lives in the cloud, there is almost always a side-channel way to get at your private data that won't be visible in any Git repository: Just go look at it directly.

Meaning that, nowadays, if we're to live any sort of non-Luddite, Internet connected lifestyle, all we have to go on with anybody is their word. If I limited myself to services where inspecting the source code would give me what I need to know about how well my privacy will be protected, without trusting the word of any third parties, then I'd have to let go of email, telephone, and credit and debit cards (and banking in general). Plenty of other things, too, but I think those three paint the picture well enough.

This isn't true. You can use disassembly tools to trace through code, and you can see what imports/exports there are, as well as what API calls are being made using static analysis tools.

You can also use all sorts of runtime tools to see what a binary is doing at runtime, so I imagine it would be pretty easy to see if an application is phoning home, and where home is located, although the data is probably encrypted.

In fact, it might actually be easier for an end user to audit a binary using such automated tools instead of looking at the source code itself. At least with the automated tools, the tools can flag suspicious constructs in the binary that may indicate that it's up to no good, and do so in a way that is more understandable to the end user.

I don't disagree that Apple looks really good nowadays from a privacy perspective. They treat their customers with respect and don't sell their data.... until they do.

How can you trust a single point of failure to "do no evil"?

Apple doesn't have the data that Google et al has. All of the ML that apple does for example is done on-device or is privatized [0]. This goes for all of their services that Google has built their business off of: Messages, Siri, Maps, etc. People don't respect Apple's security because they trust Apple, they respect it because Apple has intentionally shot themselves in the foot if they wished to sell their data in the future.

[0] https://machinelearning.apple.com/2017/12/06/learning-with-p...

> Apple doesn't have the data that Google et al has.

Huh? Apple potentially has everything on the device, just as Microsoft does. Maybe they don't touch it, at least intentionally, out of respect (or just prudence). But if I recall correctly, they accidentally logged all Safari URLs for a while.

iPhone also sent geolocation coordinate files to Apple, until that was discovered. As you point out, there is a lot more than just the superficial concept of privacy, such as the Prism program that had/has a pipeline into Apple data. Like any large company, there are competing forces of strategically enforcing privacy and treating data in a way that doesn't respect privacy.
Chrome has search and url in the same bar, and therefore needs to log all urls you enter (and their metadata) for the sake of logging all searches. Absolutely benign, right?

Safari shares the same url/search bar, but I have not read their license. Would be pretty surprised if they are not logging all URLs.

Dude, google has been doing diff. privacy earlier than apple. Even now, their researchers( one of them the great Ian Goodfellow-inventor of GANs) is working on federated learning. Heck google had even open sourced their diff. privacy system. Apple just made a big deal put of it when they started diff privacy.
Well as Mark Zuckerberg put it during the congressional hearing—and this is a paraphrase—"we do not and have never sold data."

Which is true. They don't sell the data because they directly monetize it. Same with Google. Google didn't just start doing that one day, that's been their business model since they started doing ads. Apple's business model is selling users devices, which they would jeopardize if they tried to also sell their users' data.

It's better to host your own content if you want to have a better chance at privacy.
There is a difference between privacy by charity and privacy by design
I know it's not exactly your point, but Etar is pretty nice, and apparently is cross-platform (Android & iOS - which I didn't know), and exists on F-Droid (https://f-droid.org/en/packages/ws.xsoh.etar/), Google Play (it seems somehow wrong to link to the Google Play Store given the context, but it's easy to find there anyway), and Apple's App Store (https://itunes.apple.com/us/app/etar/id1217625781?mt=8). I think OsmAnd(~) [https://f-droid.org/en/packages/net.osmand.plus/] is probably a better choice than Maps.Me.

Given that alternatives to Google products are largely services rather than software run locally on one's own machine, you're probably right about the partial orthogonality of FOSS here since it can be hard to verify that the remote server is in fact running the software it claims it is, and from a privacy-standpoint it may be somewhat irrelevant (I recall even the FSF said something of the sort).

Apple iCloud privacy policy mirrors Google's. You gain absolutely nothing if you upload your contacts, photos and other data to iCloud. Apple also regularly gives iCloud data dumps to US government (they approved and delivered data in about 80% of US Government requests in 2017: https://www.macrumors.com/2018/05/25/apple-second-2017-trans... )

(The exceptions here are iMessage and phone backups which are E2E encrypted.)

> You gain absolutely nothing if you upload your contacts, photos and other data to iCloud.

This seems so deliberately wrong that I shouldn’t respond, but I will. Quick and easy synchronization of contacts, calendars, and photos are all features that I appreciate. What’s more, my fearful-of-technology brother tells me how useful they are to him. He mentioned photo sync as a benefit only a few days ago.

"Gain nothing" ... over Google's superior features.
The OP was referring to iCloud vs. Google. Not the features of sync in general.
By "gain" they meant privacy. You gain no privacy... you lose privacy when using iCloud and Apple Calendar
You mentioned the exceptions - both of which didn't happen 5 years ago. Is it crazy to believe that we may have Tarnsap-like storage from Apple in a few years.

Side note: I don't think Apple will ever encrypt iCloud iPhone backups because that would make it difficult to use them (how would you restore an iPhone backup to a new device if your old one was incinerated? Your private key would be gone)

Best I can tell, they already encrypt a whole load more and are ready to encrypt everything. When setting up a new iPhone, I’m asked to enter my Apple ID, password, approve via an existing device, provide 2FA and then provide the PIN or password of that existing device. After all that, access is granted. To me, this suggests they’re already encrypting in such a way that while it may be brute force-able, it’s unlikely to be data they can read by default.
But Apple services are still not privacy focused services and for most of them, you have to use an Apple device, which is still less than 10% of PC market and less than 30% of mobile one.
>alternatives like Apple

I would never trust Apple because they have consistently lied and cheated me - For instance, they throttled the speed on my iPhone, they hid the fact that my iPhone has more probability to bend and finally, as a cherry on top, they refused to honor warranty for a design flaw of theirs.

When they realized they fault, instead of making a free replacement, they charged me $30 for it.

Given all these experienced with Apple, to my eyes, Apple is no different than Google and I wouldn't trust any word of theirs as they've consistently been exposed time and again lying to consumers. So, I don't know where you got the idea of Apple being "entitled" to be in that list, but I'd say it's the right thing that they aren't.

>pro-privacy alternatives like Apple

I don't believe this. There is no evidence to support this as Apple runs on proprietary code. And you and I don't have access to the source code, so we have no idea what's going on on their servers. Ever wondered how Apple gets its data for its Apple maps? For all you know, they could be collecting your location information to build their database. Isn't that a privacy violation? I work in the Analytics industry, inside an iPhone, using Charles proxy, you'll be able to see random requests hit Apple's servers from time to time. For all you know, this could be info about you. You can't prove it nor disprove it.

I would never dare put all my trust into a single for-profit corporation whose sole goal is to maximize revenues and has been consistently exposed for unethical practices to its customers.

So, hope that answers why Apple isn't exactly a consideration.

[1] http://bgr.com/2017/12/28/iphone-battery-apple-apology-lette...

[2] https://www.theverge.com/circuitbreaker/2018/5/24/17389220/a...

[3] https://9to5mac.com/2018/06/07/class-action-lawsuit-apple-wa...

>And you and I don't have access to the source code, so we have no idea what's going on on their servers

Consider this: for 90% of the population, that is also true of any FOSS solution. I'm tired of the "you don't have access to the source code" argument. I don't inspect the microcode that runs on my CPU - why should I trust Intel and not Apple? And for a greater portion of the population, that source code may as well be mud.

This article is about alternatives to Google on the basis of privacy. Isn't a company that doesn't base its core business model on mining your data an improvement for a vast majority of users?

Even if you don't inspect it personally, there's a greater community of people who don't get their paycheck from Apple who may be looking at the code.

Regarding the Intel comparison, you have no choice but to trust them, but by using Apple products, you are trusting Intel and Apple, which is worse than just trusting Intel.

> who may be looking

may be

This is called faith

I agree, though I prefer the word trust; I think in the end most security arguments basically move trust around between entities, so I would either trust the open-source community or Apple.

In this case I decided trust the open-source community more than Apple, since the incentives of people inspecting open-source code probably align better with my own interests than the incentives of Apple.

> the incentives of people inspecting open-source code probably align better with my own interests than the incentives of Apple.

The incentives of any people are: earn enough money for a peaceful existence.

When Heartbleed happened, it turned out that only a handful of people in the entire world have the expertise to do a full audit of the OpenSSL code. And their work is ridiculously expensive. And the audit didn't happen until someone paid for it [1] (I'm not entirely sure it ever completed [2]).

People may actually have less incentives to inspect open-source code because there's always the question of life, money, time, work-life balance etc. etc.

[1] https://www.zdnet.com/article/ncc-group-to-audit-openssl-for...

[2] http://isopensslauditedyet.com

> I don't inspect the microcode that runs on my CPU - why should I trust Intel and not Apple?

You shouldn't trust Intel either (see ME and all of the other negative-ring stuff that runs on their CPUs). But at the moment there isn't a strong alternative. AMD is somewhat better but still has similar issues. ARM is a mixed bag. RISC-V might save us but still isn't at the tape-out stage. OpenPOWER is possibly the only really usable option but software support is awful (if you've never had to deal with ppc64le bugs, you're lucky).

At least you have a reasonable alternative to Apple.

> doesn't...mining your data

This is my point. You simply don't know that. You have no idea what's happening on their servers. It's all proprietary. You have absolutely no evidence to claim that.

having the source code be open doesn't necessarily make it trustable, but it definitely has an added benefit. like op says, proprietary code is untrustable by design.

there is also the fact that I cannot take the code and compile it myself, proprietary solutions like the nvidia linux driver for example have given me headaches so many times, it would be nice if there was some form of entry to the code to at least get a vague idea of what the code is supposed to be doing. I basically have to pray for software to do what I want, when it doesn't the whole solution due to it's closedness/unadaptivity becomes useless to me.

What was the latest price of source code you inspected?
But then you have no protection against Apple, privacy wise.
14M Users affected by Facebook Privacy Bug that makes Posts Public
Apple is a US based company. The point of this post is to try and hurt American hegemony in tech and promote European alternatives. Europe desperately needs it given a dangerously old population and increasing irrelevance of its tech industry, with GDPR being yet another populist nail in the coffin. Method of choice is thru soft power - swaying opinions on HN, Reddit, Facebook, and other social media.
Apple is closed source, so we really don't know if they respect our privacy now, and in the future.

Also, they may work with the US government, even if they say otherwise, and people from both the US and other countries may not like that idea.

I've been using startpage.com to search Google anonymously for the past year. Startpage proxies your query to google and back while leaving off the identifying metadata, making the query anonymous. At first you notice the slight increase in roundtrip time, but quickly get used to it. I find Google Search to have a better search engine than any alternative I've tried, so Startpage is right up my alley.
> Maps.Me

Has several useful functions like being able to pre-download specific countries or parts of specific countries.

Many mapping apps work offline but the way Maps.me lets you specifically pick & choose areas = more user friendly.

It uses Openstreetmaps which I've found to work amazingly well in areas where you wouldn't expect (it has off-road trails in remote areas of Vietnam for example)

via iTunes I can also import gpx tracks (or gpx converted to kml, I forget) for things like mountainbike routes, which works super well.

I trust nothing I can not verify...
You are seeing a problem where there is none. Etar is just a fork of Google Calendar, and you can find it in Play Store / F-Droid (which is linked from the mentioned GitHub page).
>Is Maps.Me (which uses AdSense) really better than Apple Maps?

The "Maps (F Droid)" alternative suggested before the Maps.me app is a fork of Maps.Me that doesn't include any tracker/ad. It works pretty well although I've had a few issues logging into my OSM account and it takes a little too long to navigate "up" from a place search. It also features a GPS track recording function that Maps.Me lacks (AFAIK). It's really great and deserves more contributions!

Anyone know of an alternative email client that sorts your mail intelligently into promotions, updates, forums, primary like Gmail does? That's had such a positive impact on my productivity I can't leave it behind (I've tried).
Spark for macOS and iOS can do something similar for any mail accessible via IMAP/POP/Exchange.
Spark is notoriously bad for privacy. This is a really poor recommendation given the article.
I am not aware of Readdle doing anything bad or having a bad reputation. How is it bad for privacy, just asking because I’m a regular user and would switch if it’s not good for privacy.
It's pretty easy (less than 2 hours work per quarter) to build your own filtering system that works similarly effectively.

Google built a bunch of ML systems that work by default for everyone. Personally, I just have a bunch of filters setup that do the same thing. Has taken minimal effort but some discipline to file incoming emails based on my own patterns.

This is what I've done as well. Mostly for social updates. Even when I was on Gmail, I found issues using smart labels because they weren't supported by other IMAP clients: It's still one big inbox. So I ended up creating my own filter rules to move them to a different folder. I've done the same for some of the more prolific marketing emails I still want to receive but don't want cluttering my inbox.

(Note that FastMail does have filters that classify your inbox like Gmail: Personal, Notifications, and Mailing Lists. But while I highly recommend FastMail, I don't use those features because the aforementioned manual sorting rules are better, I brought them over when I migrated as well.)

I use Gmail, but I deactivated that feature. It resulted in too many emails getting missed because they got categorized as promotions or updates.

Here is what I now do instead:

1. I archive all incoming email unless I still need to act on it. Ideally my inbox should always be empty.

2. I unsubscribe from all unwanted email like newsletters and most social network updates.

3. I learned gmail keyboard shortcuts to clear my inbox quickly.

4. I use filters for some mailing lists.

Since I started doing this I am much more on top of my emails. At least for me, most emails in those tabs was stuff I wasn't going to read anyway.

Outlook's focused and other segregation works well enough for me. I like the fact that in case of a miscategorization, it gives you very clear and explicit knobs to turn. Gmail classification always remains somewhat mysterious to me.
"intelligently"

I only had trouble with Google's "intelligent" sorting; you're better off with a proper filter system, like sieve, and setting it up for yourself. Eg. I remember reservation confirmations going into "promotions".

What's wrong with data collection and tracking? Privacy seems extremely overrated here on HN. Am I missing something?

Why would anyone take such efforts to avoid using Google products? That doesn't seem very rational...

I'm actually more worried about Google banning my account and every service along with it, and having no way to get it back or even speak to a human about it because I don't have a large Twitter following or a buddy that works at Google.
That sounds like a reasonable concern. I generally worry more about alternative options being bought by someone else, or languishing / deprecation.

In either case, the subject of a decent article might be: setting up automated exports from service features like Takeout, to mitigate the risk of personal service account closures and disruptions.

There are plenty of discussions on HN (including ones where you've participated) regarding privacy. Different people value privacy differently (and privacy means different things to different people). You may not value it as much as others, and that's fine. Ignoring this as you have here with what appears to be a naïve question amounts to trolling. Please don't.
I recognize that other people value privacy more than I do. I also recognize that privacy is unsustainable and unlikely to survive in the future.

I see people seeking privacy as I see technophobes. I'm sure they're genuinely concerned, but I can't help but think they're mistaken. I think it's important to change their minds, as they're otherwise making the transition to a post-privacy world very difficult.

I've asked this question many times before, and nobody managed to explain how privacy would survive through the next 100 years of technological progress. That alone makes me think privacy is not a long-term solution.

Only a handful of people have clarified their position in defense of privacy as temporary and pragmatic (as opposed to ideal). They think that privacy is bad, but they prefer it to the alternative given today's context. I can appreciate this position, and I find it a lot more reasonable than the usual "privacy is good" most people seem to blindly accept.

Ultimately, I'd like to discuss strategies to make the transition to a post-privacy world smoother. This whole pro-privacy sentiment makes it very difficult.

Is it wrong for me to trust Google? I think they have really great secure systems. Their security is the best, imo. Privacy is a bit of concern. I wish they came up with a win-win solution fir that. I dont have prob woth data collection, i provide data for making their systems better,ad targeting, they give me great services, and my data doesn't get sold. Plus, indirectly even Apple and other product users do benefit from it coz google is ahead of others in ML due to the vast data analysis they can do, and when they publish their results and papers, other researchers look at them and kearn from it. But i guess, the last part of my reasoning ( just thought if it right now) is somewhat dipshit coz this is quite obvious. But i think contrary to other's beliefs Google's impact on internet had been very positive. I mean they open sourced so many web standards without taking royalty. Had it been MS,apple they would not have hesitated. I read the book The Google Guys when I was 13, since then have been a G fan, tho I am rational, acknowledge their mistakes,which is difficult to do. Also, as a STEM enthusiast Google's research culture has always attracted me. Larry,sergey were the first 2 people I sorta idolized. Also, Google services like Youtube, Google have benefited me a lot as a student. Due to all tgese reasons, i am a bit biased towards Google. Tho, i try to filter out buas whenever I can.
(comment deleted)
> What's wrong with data collection and tracking? Privacy seems extremely overrated here on HN. Am I missing something?

Plenty wrong. It seems you're not new here so I'm amazed you asked that question. Have you been living under a rock in 2013?

Just to start, it creates a big power imbalance between consumer and corporations [1] and due to the tightly knit relationship between the Pentagon and Silicon Valley it's also a civil liberties problem [2]. It also screws with your ideology by turning your internet usage into an echo chamber.

And here's some books:

https://searchworks.stanford.edu/view/10384432

https://muse.jhu.edu/article/452645

https://www.democracynow.org/2013/4/5/digital_disconnect_rob...

https://www.goodreads.com/book/show/16006587-spying-on-democ...

[1] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2309703

[2] https://wikileaks.org/google-is-not-what-it-seems/

Is a power imbalance necessarily wrong? Is it avoidable? Is it suddenly OK if you try to avoid the imbalance but swap one entity for another (dependent on companies versus dependent on your own time/ability to audit code)?
> Is a power imbalance necessarily wrong?

No, it's great, actually! We enjoy it a lot here.

> Is it avoidable?

Yes, yes it is.

> Is it suddenly OK if you try to avoid the imbalance but swap one entity for another (dependent on companies versus dependent on your own time/ability to audit code)?

It's never 'suddenly' OK. More like 'eventually' OK, as you know, you need to take the time to audit code, etc..

Blessed be the sheep, their ignorance is bliss
Add Safari for browser, iCloud Drive and iCloud for email, to complete the list.
Unless you live in China. In that case the Chinese government has full unfettered access to your iCloud Drive data and iCloud email.
If you live in China its game over anyway :) Get a VPN, somehow, and create non-Chinese iCloud accounts. Always on VPN is actually a good thing everywhere.
Haha yeah I'm going to get express vpn now thanks to this article. I can also pay with bitcoin! Yes! :)
Good VPN is like treasure hunt :) gist.github.com/kennwhite/1f3bc4d889b02b35d8aa
But ExpressVPN does admit to keeping

> connection logs including the date of the connection (not the time) and the server used. The total amount of data transferred per user is also monitored. ExpressVPN doesn’t log your IP but the connection logs are tied to the user account.[0]

0) https://www.comparitech.com/vpn/vpn-logging-policies/

Always on VPN hinders my productivity. I live in China and sometimes the VPN connection stalls so while the my operating system indicates it is active, packets aren't being sent/received (I'm on macOS/iOS). Resetting my VPN connection does the trick, but my point is that VPNs aren't stable in China. I need them but I'm annoyed when data isn't pushed/pulled when I expect it to be.
Even in US, Apple regularly gives data dumps to US government. iCloud DOES NOT have the same privacy guarantees than iMessage and similar. The iCloud Privacy Policy closely mirrors Googles.

Here's the report - Apple gave data to US government in 80% of requests in 2017: https://www.macrumors.com/2018/05/25/apple-second-2017-trans...

In the words of Lisa Jackson, VP at Apple:

Please know that Apple will continue its work with law enforcement. We share law enforcement's concerns about the threat to citizens and we work closely with authorities to comply with legal requests for data that have helped solve complex crimes. Thousands of times every month, we give governments information about Apple customers and devices, in response to warrants and other forms of legal process. We have a team that responds to those requests 24 hours a day. Strong encryption does not eliminate Apple’s ability to give law enforcement meta-data or any of a number of other very useful categories of data.

https://wikileaks.org/podesta-emails/emailid/58380

What does Google Chrome track beyond what you can disable under the Privacy and Security settings, when you're not signed in with a Google account?
1) That's a lot of precursors. Many people want Sync functionality, which Google uses to track your browsing history. And most people don't go through the privacy settings.

2) We don't really know, Chrome is not open-source and it's hard to tell from network traffic, since nowadays pretty much every webpage loads something from a Google server in encrypted form anyways (and with those request, Google could send all kinds of data).

3) For Chromium (which's source code is basis for Google Chrome), this project tries to collect and fix all the privacy-infringing stuff: https://github.com/Eloston/ungoogled-chromium

4) There's many ways in which Chrome doesn't actively track you, but infringes on your privacy by just being terrible at protecting it from webpages' tracking. As in millions of lines of code, tens of thousands of design decisions, all made by the biggest tracking company on the planet. No journalist can report about all of these, but it'd be foolish to assume innocence until proven guilty.

Recently I started shelling out $25 a month for a G-Suite account. I wish I could have kept my @gmail email address, as I think your own vanity URL looks a little tacky, but oh well.

Anyway, for privacy but also security it’s been amazing.

DKIM, DMARC, SPF, and S/MIME for mail. All attachments are executed in a special sandbox before moving to your inbox (delays mail a little bit). None of my personal data / content is scanned or looked at (I think?). Plenty of security rules, alerts, and audits I can set up. Also an actual support phone number I can call for help whenever.

Why can’t Google move to a paid model? It’s worked for both Oracle and Microsoft for the last 40 years.

I’m not sure what you mean, isn’t your experience using G Suite as a paid service?
(comment deleted)
I think the parent means, why don't they move away from ads in general to get their revenue from paid services, like gsuite.
I think he wants something in between gsuite and free Gmail. A Gmail+ that lets you keep the @gmail address and take out all the spyware.
> as I think your own vanity URL looks a little tacky, but oh well.

I think it depends on how professional the personal URL is. If it is my_name@wazoo-how-is-it-going-lol.com, then I agree that it looks rather tacky. It it is first_name@last_name.com, then it looks more professional than a @gmail address.

The last price I recall was $60/user/year (at the default level of storage space). Has the price increased that much, or does this reflect extra storage or other add-ons?
It’s $25 per month with no contract and that’s for the Enterprise Edition, the one with the most features. I believe it starts at $10/month for lesser editions.
There are three tiers, ranging from $5 to $25 per month per user.
> None of my personal data / content is scanned or looked at (I think?)

How can you say "for privacy [...] it's been amazing" if you haven't even checked?

They do say "Google does not collect, scan, or use your data in G Suite services for advertising purposes" and "Google does not sell [your] data to third parties" which mostly covers it, though (although ideally they'd strengthen the wording in the first part to say they don't use your data for any purposes other than to provide it to you... but now I'm just being picky.)

(comment deleted)
Is it still tacky if you actually run your own MTA?
If your use of G Suite is only for email (and calendar), and if you don’t need phone support, there are better paid options out there that are a lot cheaper. Mailbox.org, Fastmail, Protonmail, Posteo (this one doesn’t allow custom domains) and more.
None of those are better than Gmail.
Fastmail is better than gmail.
> as I think your own vanity URL looks a little tacky

Free domains like gmail.com, hotmail.com, live.com, yahoo.com, etc emails are tacky, lazy, and unprofessional. A domain is less than $10/year. You don't even have to be technical to buy one and use it with G-Suite. There's no excuse to use a free email domain.

To me the value is in not having to spell it. When I say @gmail.com no one ever typos that half.
With your own domain, you can shorten the part before the '@'. You could call it "forename@lastname.com" instead of "forename.lastname@gmail.com".
Only if nobody got lastname.com first. My last name is squatted, and the leech will sell it for "only $2995". I later discovered I could get the "lastna.me", but that's prone to be mistyped as well.
So register something else that's short and memorable. It doesn't have to be your name.
My "firstname.com" and "first.in" (shorter version of my first-name and that is name I am actually known by pretty much everywhere) are both squatted by a lawyer and it is being renewed every year since last 10+ years. It's not being used. Not at all.

I tried to contact them but the contact email (Hotmail) probably doesn't exist or expired as my emails bounced off. I tried to contact the registrar but didn't receive any email from them either.

I am thinking of going for firstname.net. I am not sure whether it's better than my already registered "first.im".

Note: first as in if "firstname " is Michelangelo then " first" is Michel.

Why are you paying $25? Isn't it like $5 or $9 per user?
(comment deleted)
Could you forward your gmail address to your gsuite address and set the gmail address as your reply to?
People, turn off automatic content download in your email clients. It immediately leaks when and from where you opened my email.

And Search suggestions in browser, when you type into address field.

Are there any clients these days which don't have external content downloading disabled by default?
I know that apple Mail and ProtonMail's are enabled by default. Don't know about others - I don't use them, but I expect it to be same, as defaults are always set for user convenience, not privacy.
Proton’s is definitely not on by default
(comment deleted)
One thing that I think would be helpful would be some editorial contextualizing how good these products are. A lot of people would like to incorporate privacy into their decision-making calculus, but not to the exclusion of the quality of the experience. In some of these categories, there are great alternatives. In some of these categories, the alternatives are not serious.

This comment intersects with nemothekid's great comment below which highlights how there are some major player alternatives which, while they aren't OSS and may have some privacy considerations, probably are still worth mentioning as an alternative to Google.

Besides the Gmails alternatives:

1. Mailfence – Based in Belgium – 500 MB free; 20 GB Pro

2. Tutanota – Based in Germany – 1 GB free; 10 GB Pro

3. Mailbox.org – Based in Germany – 2 GB storage

4. Protonmail – Based in Switzerland – 500 MB free; 5 GB Pro

5. * * Runbox.com - Based in Norway * *

They forgot #5, runbox.com

If you use something like protonmail aren't you sending a signal like, "Look at me I've got something to hide!"?

If I were role-playing as some mighty and wealthy intelligence bureaucracy, I'd likely monitor anyone using such services as well as Tor, etc. No?

I do like protonmail btw and am concerned about privacy in general, esp for the maintenance of democracy. And I'm not at all against the intelligence bureaucracies, presuming that their true goals are... to protect and serve, and that they are law abiding and accountable.

The more "normal" (bad word but you get what i mean) people using protonmail, the weaker that signal becomes :) Same deal with Tor
I think it's more about adhering to ones own values than keeping your mail secure from rouge nation states. For example, I don't use google (except for the occasional search) and use privacy focused products almost exclusively instead. Yet if a government agency decides to violate my privacy, they wont find anything of interest.

It's about doing what you can.

Besides, using privacy focused products sends a clear signal to companies that privacy is something we want.

or promoting secure communications and having your own privacy too. if everyone is using these means do you still stand out.

it can make you stand out but if the security is good they may have to use indirect means to compromise you you would need to be quit a person of interest i would think though for that.

Why would someone who really has something to hide use protonmail?

Just because it is in Switzerland it can still be subverted, either structurally or by a single planted employee.

Crypto AG is also in Switzerland.

self hosted iredmail on a raspberry/old laptop/home server/rented server/VPS?
The worst thing, the absolute worst thing is, you know all that but you have gotten so used to the way Google services work, that you simply have a hard time to switch.

E.g. thank to Gmail I rarely use an email application on my computer and use webmail. When I tried out Posteo it was extremely annoying that it logged me out every few minutes and I couldn't get my email. They said this couldn't be changed.

Google really did an excellent job of supply me with services which I want to use. Not just tools which are working well.

BTW, Google doesn't use all its services to sell or personalise ads. Which doesn't mean they don't use them to learn more about you which in turn is used to improve the services so that you them even more.

So as much as I wish I could restore my privacy by leaving Google, I think Google knows me too well that I won't for now.

> use webmail ... Posteo logged me out every few minutes

Lets me assume, that you're always logged in. Google thanks you for that, much easier to link this browser's history and searches to your account.

I haven’t found a replacement for Gmail yet. I’ve tried fastmail and ProtonMail but both have limitations.

From a search engine perspective I’ve switched to DuckDuckGo and I’m impressed with how good it has gotten.

With maps I’ve tried various solutions including mapquest, Microsoft, and Apple but nothing comes close to Google Maps.

Can you elaborate on the limitations you experienced with fastmail and protonmail?
I have used Fastmail for years with a custom domain without a single problem. Amazingly great communications from the company too. Highly recommended but not free. (Less than $2/month though - so almost free.)
I think half of my comments on hacker news are how much I love Fastmail, which I've used for email, calendar, and contacts for a decade now.
Haha, I just came here to post how could they write that article without mentioning Fastmail.

I need to use my account more, though. So helplessly locked into my Google account for sign ups everywhere.

Perhaps I ought to read that "The Psychology of Dread Tasks" article that is also trending now.

Are you sure about that price? It looks like it’s $50 per year allowing for custom domain, $30 without.
I paid $117 for the 3-year plan with custom domain (and that price is discounted slightly from the normal 3-year price), which comes out to $3.25 per month. So, definitely not under 2 dollars, but easily under 4.
Ah I see, it doesn’t look like there’s a 3 year option anymore. Thanks for the info!
Does Fastmail have decent search that works on mobile? Gmail’s search is just too good. I’m currently using mailbox.org but it’s impossible to search for old emails that are not already downloaded to your phone. The only way is the use web interface and it’s annoying as hell.
They have a hybrid mobile app, it's not as smooth as a native one could be, but as far as I'm concerned search works perfectly.
Yes, the same search is available in either our app or from any web brower on mobile. We use the Xapian search engine.

It looks much the same either in brower or app. Here's what it looks like on my phone:

https://imgur.com/a/407HN81

I’m doing this in the coming days — setting my custom domain with Fastmail. I’m planning on making that my main email and trying my best to unsubscribe from things on my Gmail account and move accounts over from Gmail to Fastmail until I think for certain I could delete my Google account entirely with no harm.

Then again, I rarely have and like having subscriptions these days because of minimalism but I suppose this is a good trade off for my entire lifetime.

On a different note, does anyone know how GoDaddy is in terms of privacy? Is there a better domain registrar out there?

Edit: Just realized I’m using Google’s Project Fi on my iPhone SE, with Hangouts.

I generally don't trust GoDaddy, but I don't see how they could violate your privacy. From what I can tell, the worst they could do would be to log DNS queries. If you have a server with a static IP, you can always serve DNS yourself.
Out of curiosity, what domain registar do you use? With GoDaddy, I pay $14.99/yearly for .COM Domain Renewal and $9.99/yearly for Private Domain Registration Renewal. It seems a bit price-y but I'm completely unaware of other competitor's prices.
I use Namecheap, but it's not the cheapest. A couple months ago on a thread here in HN a bunch of people were recommending Porkbun, which seems quite cheap (~$9/year with free private domain), but I've never used them.
I'm definitely on the hunt for a Gmail replacement, considering I have been hearing things such as a snapchat-esque disappearing emails, unprintable emails, and other similar stupid ideas. I decide what to do with emails and other data sent to me thank you.
> From a search engine perspective I’ve switched to DuckDuckGo and I’m impressed with how good it has gotten.

I switched to DDG over a year ago and it works great for things that are simple lookups to Wikipedia, IMDB etc. When I have an arcane Windows bug, I end up using "G!". Also DDG isn't that great for latest News but the Image search is pretty good.

I set DDG as the default search on my non-techie wife's new PC earlier this year and she has not once complained about the search qualify.

I use it for python related development queries and it satisfies 95% of them these days. It was unusable two years ago. Things have changed.
I second those asking what limitations you ran into (specifically with FastMail, since I have more chance of being able to fix those than the limitations with Protonmail - though I'd love to know both!)

If it's "costs money", we're not planning to change that! We (FastMail) are proudly a paid-only service.

The biggest thing I've been missing since I started using FastMail is labels. My workflow in GMail used labels pretty heavily, and I've been able to get pretty close using saved searches and folders, but it's not quite the same.
Right, hopefully when JMAP arrives (soon!) you'll be able to use that nicely. It will give label-style handling by allowing the same message to exist in multiple folders.
Kinda hijacking this. When using FastMail with a custom domain can I setup a catch all address and then have each different address somehow tagged? It would be nice to be able to have proper unique email addresses for each service so I know where spam ends up coming from.
You can create an * alias in FastMail which will act as catch-all address. The received email will retain the original To: field so you can use rules to match them.
Fastmail limitations are:

When I signed up in 2016 (I’m still a customer btw) it was a big pain to get my custom domain added after paying for an account. I had to contact support for assistance. I somehow have to have two accounts for my plan but only one has a mailbox. Crazy bad experience here.

The amount of space we get for mail is low for the fee. I pay around $12/year in additional fees with Google for another 70GB of space outside of the 30GB they give for the base plan. Fastmail was pricier last I checked.

There is zero quality collaboration option for me. Even if you added one the fact that anyone who wants to collaborate would have to have a paid account with me creates a barrier for me to even try and use it for anything but just email.

The spam filter is about 30% as accurate as Gmail. I try and train it but don’t have time to always be doing that.

The mobile app on ios doesn’t remember me. It doesn’t even have an option to remember me. What a pain, I hardly even bother to use it because of that.

That all said. I like some things about fastmail:

The web interface is fast.

The admin features are robust and easy for adding aliases and new custom domains.

The fact you are pushing to make the world a better place for email is why I keep paying for the service.

What you are doing is hard. Your competitors are massive and well established. I hope you continue to make progress.

>When I tried out Posteo it was extremely annoying that it logged me out every few minutes

I haven't encountered this with my personal email server nor heard of it from anyone else. I think this might just be an issue with Posteo.

It's easier if you don't try to move all at once. Spend some time looking at different email options and move that. Do calendar later. Get rid of Google Apps on your Android later still. Gradual change is much easier.

Posteo is very aggressive on privacy, reducing exposure, and keeping information safer. So a shorter webmail session timeout may be related to this. Depending on the use case, if this were the only issue with Posteo, the GP could’ve used Firefox with one of the many tab reload or tab refresh extensions to keep the logged in session alive.
Posteo doesn't allow custom domains (a no go) and lies about why they don't.
What's the real reason they don't allow custom domains in your opinion? Why do you say they are lying?
Their support replied with a mumbo-jumbo of techno-babble why it's not possible.

Of course it's possible.

The reason is clear: lock-in.

People are reluctant to change providers if they lose their mail address.

The FAQ (https://posteo.de/en/site/faq) says the do it because a domain has personay identifying information in WHOIS and they would need to store it.

I think for .de domains, you are required to have your personal address in WHOIS if you are not a company.

That's a new claim, and it's also obvious bullshit.

First, I may be okay with it. And why would Posteo store WHOIS data? Unless they want to be a domain reseller, which is not what I asked them about.

Second, there are other TLDs.

I still insist that they do it because of lock-in and that they lie about it.

They wouldn't store whois data of course, but the domain needs to be stored at it can then be used to look it up.

I think mailbox.org supports custom domains and is similar in other respects.

That's a stupid excuse.

They should stop storing the mails themselves, they are full of private information. /s

AFAIK the GDPR explicitly mandates registrar to hide personal information.
Yes. Since May 25, the whois for .de is limited to technical information like DNS server or DNS key.
I've enjoyed fastmail for many years as an alternative to gmail. I've never once had any issues with them and their UI has been very responsive. They also give you a MASSIVE list of domain names to choose from! ^_^
I started using fastmail for my business domain, it's going pretty good so far.
Unfortunately, Fastmail is very expensive.
Expensive? It's cheaper than G-Suite...
$50 per year for what is arguably one of the most important services/tools you use? That's not very expensive to me.
$3/month is quite reasonable
Unfortunately it costs money to hire people and run servers, and we have to pay for it somehow! Over 1/3 of our staff are first line customer support, and you get through to the engineers actually building and running the product quite quickly if you find an issue that the support team can't help you with directly.

The alternative is trying to monitise the userbase some other way, and we're not interested in that game. We have no advertising, no data sales, and no ethical conundrums or regrets about that choice!

Cheers.

$30/year is expensive?
I'm in the process of switching over to fastmail. I'm pretty happy with it so far.
How is their spam filtering. For me gmail really does an outstanding job in that regard and it's hard to beat them.
A French non-profit named Framasoft [1] started a few years ago an effort named "degooglify internet" [2] and provides several open source solutions that you can self-host or use on their (arguably slowish) servers.

[1] https://framasoft.org/

[2] https://degooglisons-internet.org/?l=en

I’ve used the freely hosted online spreadsheet from Framasoft. It’s somewhat primitive for today, but gets the job done! It will remain one of my goto solutions to use where I need more privacy.
Framasoft is pretty good. I'm sometimes turned off due to the french (I don't speak french at all, my own language and english are already too much).

I can recommend it however.

Again, like I or others mentioned before. If you don't want to be the product, you just have to pay the equivalent of a beer in month [0]. You need a own domain, but who doesn't these days?

[0] https://gsuite.google.com/pricing.html

Which of the tiers are you talking about?
This is ridiculous. It is the same company, Ads driven company, you're expecting to be nice just because you paid few dollars.
No, the G Suite product has a clearly defined privacy policy that's quite different to the usual Google one. If Google violates it they'll be liable to be sued for millions, at the least.

It's not "expecting to be nice", it's "entering into a legal and business relationship that stipulates niceness".

Could not find full GSuite policy, hmm. The best I got is [1]. They do scan stuff, and for a long (con:) game, it is priceless. They'll have your kids school scores for example.

scan and index your data to provide you with your services and to protect your data, such as to perform spam and malware detection, to sort email for features like Priority Inbox and to return fast, powerful search results when users search for information in their accounts.

[1] support.google.com/googlecloud/answer/6056650

They literally say why they scan and you are talking about your kids school scores. You clearly have an agenda.
I do. They have too much access to too many people's data. And making billions on the data. Plus having biggest infrastructure and buying best AI and ML brains in bulk. I hope you can add all this together and see the picture.

Kids worry me the most, as this G.Education is pushed on them without choice, being profiled from 1st grade.

You are volunteering that data. I can see the picture fine, they are a company that hires smart people to build out an targeted advertising business.

They don't have access to people's data. People are giving them access to their data.

That is correct. Please read this whitepaper [0].

[0] https://storage.googleapis.com/gfw-touched-accounts-pdfs/goo...

Page 16 directly mentions: "G Suite customers own their data, not Google. The data that G Suite organizations and users put into our systems is theirs, and we do not scan it for advertisements nor sell it to third parties."

I guess, for me this is good enough and the 4 euros a month are negligible for the huge advantage of using the gsuite.

Some people trust a company to outlive their domain registrations, and hence prefer not to use a custom domain.

A custom domain, commonly of the <firstnamelastname> format, also leaks personal information every time it’s used, whereas a consumer mail provider domain name doesn’t (as long as one chooses a somewhat random address).

On the other hand it does let you switch providers easily without all your contacts noticing.
> Some people trust a company to outlive their domain registrations

That doesn't make sense. Domains last for as long as you pay their <$10/year fee. How many people here still use hotmail.com or yahoo.com emails?

> A custom domain, commonly of the <firstnamelastname> format, also leaks personal information every time it’s used

It only leaks the info you want it to leak. Want to be pseudo-anonymous? Register something that's not your name. Wow, that was tough.

> That doesn't make sense. Domains last for as long as you pay their <$10/year fee.

That exactly is the problem. Would most people feel confident that their offspring/relatives/friends keep their domain renewed after they're dead? If that doesn't happen at least for a decade or a few decades after the domain owner's death, then anyone who buys that domain may end up getting many external emails that reveal sensitive and confidential information. And what about forgetting to renew a domain within the approximately two months after expiry when it becomes available for someone else to grab it?

> How many people here still use hotmail.com or yahoo.com emails?

This is a complete non-issue in this context, because anyone who had these accounts and died (or forgot about them) wouldn't have their dead/deactivated email accounts taken over by someone else because the major providers don't recycle deleted or deactivated email addresses. Hence my point about some people trusting a company to outlive their domain registrations.

>> A custom domain, commonly of the <firstnamelastname> format, also leaks personal information every time it’s used

> It only leaks the info you want it to leak. Want to be pseudo-anonymous? Register something that's not your name. Wow, that was tough.

I already mentioned "commonly of the <firstnamelastname> format", and didn't really say that everyone does it. My point was an observation on how people seem to handle a custom domain. I see that it was tough to get my points across!

I used to be a privacy advocate until I realized the futility of trying to thwart the data collectors. Our Information is everywhere whether we like it or not and the only way to avoid its aggregation is by not associating with the world and abandoning the convenience of modern technology. I feel like at some point we just have to accept the loss of privacy to gain better harmony within our communities.

I would recommend The Transparent Society by David Brin to anyone interested in this matter: https://en.wikipedia.org/wiki/The_Transparent_Society

I could empathize with your viewpoint more if not for the fact the lack of privacy wouldn’t be symmetrical. The middle and lower class will lose all semblance of privacy while the elite will be able to buy it. Case in point Mark Zuckerberg buying up that Hawaiian island.

Not only is it unfair but when the rich are just getting richer them having privacy while no one else does just allows for so many more ways for the poor to get screwed.

I don't think I quite understand your argument, could you please elaborate a bit? I have always been under the assumption that fame grows linearly with wealth and the more famous someone is the less privacy they hold. Is that inaccurate? I could tell you that Warren Buffet is 1.78 m tall and that I know where he was born but I honestly know nothing about the minimum-wage-working Bob Smith.
If you were to find the most personal details of this Mr. Smith it would be far easier to do that. You could sit outside his house whole day long and observe his every move, dumpster dive into his trash and get documents, even bribe a certain official and get more info out of him/ her. I don't think any of that will be possible in the case of Warren Buffet.
That will be very difficult to do with Warren Buffet because he assumes that people will already be trying to do that. Mr. Smith, on the other hand, knows that he is low profile enough to be ignored among the masses. I fail to see why anyone would spend the time stalking someone who is not wealthy; the return value of finding information on Mr. Smith is not worth the trouble.

If anything, Ad companies would more aggressively target the wealthy because they have more money to spend.

I'm glad you mentioned this- something that perplexed me a lot this year about the uproar on privacy is how people expect to have the ability to upload unlimited amount of personal images and videos for free, make internet call for free and somehow don't expect these companies to make money. And privacy is currency unfortunately- if we were in a perfect society everything will be open sourced and like signal all tech companies will be publicly funded- but it's not. We fail to see value in these companies and what they do and instead demonize them. Hopefully someone can let me see what I'm missing.
You probably should install something like LineageOS to replace stock Android and avoid installing any Google apps/services if you want to be Google-free... (use f-droid or Yalp to find apps). Because if you replace all Google products with alternatives but have a Google service running on your phone 24/7, what's the point?
Absolutely. Last year Google was tracking the location of Android devices that used its push messaging service (so basically all of them) even when privacy features were turned on. Installing a Google-free custom rom is the only solution to prevent this. I have been using LineageOS without Gapps for the past month, and it's worked superbly.

https://www.theguardian.com/technology/2017/nov/22/google-tr...

One problem that I found with Lineage without GApps (using microG) was that GPS was done for. I couldn't use any map application for navigation, nor book a cab using Uber (their web interface kept denying my payment methods), etc. There were times when I was at a tough spot with friends and family -- trying to book a cab but couldn't. Again, using Uber is sending a tracking signal but it's either that or paying 2x the amount to a local cab.

So google play services is the necessary evil that I have to keep using even after switching to Lineage. I'm back to using them again, but PlayStore and PlayServices are the only two google apps that I have currently. I try getting most of my apps from FDroid -- my filter for "good" apps is mostly how active the repo is, not great but it works.

I've moved my mail over to Fastmail, and looking alternatives to Google Drive (Backblaze B2 is one that I'm thinking of). The problem with all of these non-google alternatives is although they're only slightly inconvenient for me, they're almost impossible for my family to use (B2 for example doesn't have an app).

What about just getting Google Maps on Yalp? It's definitely there. Can Google still track your location if it's downloaded here?
I installed etar, but I fail to see how this is a replacement for Google calendar. It is a nice app with seemingly identical functionality that still reads and works with my Google calendar feed and seemingly nothing else. If Google still hosts my calendar, then this app isn't providing anything of value privacy wise. Am I missing something here? I've been looking for a Google calendar replacement that respects privacy for years. I hear rumors proton mail might get one at some point... but I'm not holding my breath.
(comment deleted)
Alternative to Google Photos?
I've been doing most of those things for years. Just never got into Google services.
A rule of thumb is that the more you pay for online services, the more pleasant, more privacy-respecting, and better support you have in the services you use. I use email hosts, file hosts, git hosts, and video hosts that are quite expensive, but the cost is totally worth it when you get used to the quality of service and product you get. There is very little reason for a company to sell your data when they make $200/yr from you. Even a slight rumor based on a misinterpretation of their privacy policy could lose them thousands of customers and thus 6 figures, and unlike the free services that couldn't care less if they lost thousands, they try very hard to keep their privacy policies honest and clear. It's just an application of the saying "you get what you pay for."
It would be interesting to check those out - who are the providers?
I don't want to feel like an advertisement, but here are some "expensive" services that make me feel that I'm using their product instead of being their product. The following are some services I'm proud to pay their amount for.

https://www.fastmail.com/ for email

https://vimeo.com/ for 4K HD video uploads

https://www.backblaze.com/ for backup

https://www.rackspace.com/cloud/files for sharing files and photos to people

https://www.shopify.com/ for processing payments for my company

https://www.linode.com/ for frontend hosting

https://www.heroku.com/ for app hosting

I don't use online services for calendars, project management, to-do lists, etc. so I can't help there.

This is all fine and well, but to be honest, I like how Google integrates all the different products. I get a better experience when search is customized to what is in my email, especially when I search for flight info and it tells me about flights I already have booked, or better yet, flights my in-laws are on that they forwarded to me and I'm now tracking to go pick them up.

Sometimes the ads it gives me are so relevant I actually click on them and I'm glad I did!

I just have a better experience where I'm constantly delighted by Google anticipating what I want because it knows so much about me.

I should be paranoid, I know, but I just like the convenience so much.

Well, most people are boring and don't rock the boat.

Things can get tricky if they pop up (thorough bad luck or as a consequence of their actions) on the radar of someone that wants to make their life miserable or if they bother someone with power.

Otherwise I assume you're well off financially by now, so getting screwed on insurance should be a non-issue. Discrimination is likewise a non-issue.

In general money helps and being a US citizen, straight, not muslim, healthy, male etc also helps.

While all these things help, I still think it's true that for 99.9% of people, nothing really bad will happen because of info that Google collects. I mean, as terrible as "getting on the radar of someone that wants to make [your] life miserable" is, it's a relatively rare occurrence, and I doubt that Google is really making it that much worse (if at all).

Disclaimer - would be happy to be proved wrong if you want to provide contrary evidence...

Android has over 2 billion users. 0.01% of that is still 2 million humans.
Disadvantages as a consequence of being spied on by the "googles" of the world are difficult to prove, because of information asymmetry:

* were you denied entry in a country because the agent had a bad day or because of something you wrote on twitter?

* did your insurance rates increase because of a market adjustment, or because of something your car mechanic or car manufacturer shared with the insurer?

* were you denied that job because they found a better candidate or because they found some thought crimes on your social media?

* were you stopped by the police for a random check or because the cameras matched your face to suspicios online purchases?

* did you lose your global entry access because you're a threat to national security or because you accidentally ordered a fake bag on Amazon that you never even received?

* were you passed for promotion because you're not good enough or because your employer found out through LinkedIn that you were looking for another job last year?

In a world increasingly controlled by algorithms and data, you won't even know when you are being harmed.

Am I really the only person who creates and uses new accounts for every online site/service every few months? Different email addresses (on my own domain) too or mailinator for the sign ups, using tor on occasion in case they want to note the country/IP I'm signing up from.
I've noticed that lot of websites nowadays don't allow mailinator. What do you use then?
Look, I semi-agree in the abstract. It is difficult to prove in the individual case. In the aggregate, it's not impossible to prove, if still a bit hard - this is what economics/sociology research does, and a lot of governments have statistics/open access/FOIA/etc. So we can know how often these things happen.

Specifically to the things you list - again, I don't have statistics here, but based on my gut feeling - most of them barely affect anyone. Do you really think a large amount of people are barred entry into a country because they wrote something on Twitter? I'd imagine this almost never happens, at least today.

And btw, I kind of disagree with at least some of your items, like "were you passed for promotion because you're not good enough or because your employer found out through LinkedIn that you were looking for another job last year?". This is not what we were talking about, a case in which "Google" spies on you. This is your employer "spying" on you through your (supposedly public-enough) actions on social media. Changing the place you are looking for a job for from LinkedIn to "NewLinkedIn" won't make any difference for something like this, and is not the fault or responsibility of the company.

The negative consequences will never affect most people, just those that have bad luck or have upset someone in power. Kinda like how only some journalists commit suicide by shooting themselves 5 times in the head in Russia.

It's impossible for us to know what's happening, baring various leaks. Given the last decade my gut feeling is that if it's not happening, someone's at least thinking about how to implement it.

Re LinkedIn: I didn't mean good old social network stalking. There's nothing stopping LinkedIn from offering this as a sevice to companies. They already allow recruiters and paying members more privileges.

Stockholm syndrome... :)