I recently migrated to Fastmail, and I was pleasantly surprised by how easy it was. Fastmail automatically imports your emails from Gmail, and it took me so little time that I kicked myself for not doing it before.
> Calendar: iCloud
For those of us who don't use both OS X and iOS, this isn't feasible. Fortunately, though, Fastmail also provides a calendar service. It synchronizes with Google Calendar in case you still need to use Google (e.g. for work), and it was also a seamless switch.
As for a client, I was very surprised by this, but I've actually found that the latest version of Mozilla Lightning[0] is the best calendar interface. Fastmail's is okay, but still in beta (it's less than a year old). Setting up Lightning to sync with Fastmail's calendar took just a minute, and I actually like the interface more than I liked Google Calendar's[1].
Thunderbird is an okay mail client (not a terrible interface, but not a great one), but even if you don't use Thunderbird for mail, I would recommend trying out Lightning for calendaring.
[1] It's okay for viewing events in the week view, but there are a lot of UI quirks and bugs that catch up with you after daily use - this one is the most pernicious, but there are a number that are simply annoying as well: http://arstechnica.com/security/2014/01/how-google-calendar-... [2]
[2] Since I know people will ask - I consider this a UI issue because it's fairly easy to imagine a minor UI improvement that would indicate this unexpected result of Quick Add (and others) before clicking "Add" without sacrificing this functionality in case it is desired.
Not sure how to reconcile that with the seemingly mandatory PRISM invocations, the post was almost stomachable up until the Apple cameo especially with the recent privacy headlines. At Least recommend something that isn't a huge downgrade in functionality, an OSM client or something.
I'm sure that Apple adding DDG to Safari is the reason for this thinly veiled reciprocity.
Privacy or not these are people selling their wares and they are willing to be sleazy about it, this is not unlike the bullshit post about the fake cell antennas and the magical ROM that detected them that is making the rounds, it's disheartening.
I find it most interesting that he doesn't use some map provider using OpenStreetMap data because that's what embedded in the DuckDuckGo search results: https://duckduckgo.com/?q=amsterdam
> I'm sure that Apple adding DDG to Safari is the reason for this thinly veiled reciprocity.
It seems unlikely that anyone other than Gabe could be sure of his intentions. At any rate, I assume he also uses Apple Maps for directions... if you know of any good non-Google/Apple competitors for that I would be very interested to hear about them.
I updated the post to clarify I use OSM via DuckDuckGo for places. On mobile, I use iOS over Android and for turn-by-turn directions I've found Apple maps to be the best alternative to Google maps. That's the long and the short of it. No conspiracy.
If you use Google maps on iOS, the location information can be used to track what stores you visit for ad tracking purposes. Does Apple Maps do anything like this? Apple makes most of its money from product sales rather than advertising.
>But Google can also constantly track the location of iPhone users by way of Google apps for iOS, Apple’s mobile operating system. IOS is just behind Android in U.S. market share with 38.3 percent of users, per eMarketer. Nearly 17 percent of the American populace uses an iOS smartphone.
>When an iPhone user stops using an app, it continues running “in the background.” The user might not realize it, but the app continues working, much in the same way tabs function on a Web browser.
>Google’s namesake iOS app — commonly referred to as Google mobile search — continues collecting a user’s location information when it runs in the background. This information is then used to determine if that user visited a store and whether that store visit can be attributed to a search conducted in the app. Store visits can also be tracked via Google’s other iOS apps that use location services. If iOS users open their Chrome, Gmail or Google Maps app in a store, their location can be deemed a store visit
How they use the data is independent from whether they collect it. Both products log that data. Is the usage of that data to display more relevant ads really such a terrible thing that you would use an inferior product?
It has CalDAV, CardDAV, and files support. There's even a rudimentary (though scary) online editor with support for openoffice. I use two-factor with owncloud, and happily share files, too. And... it supports an encrypted backend!.
Now, if you're happy to host your own mail, you can also look at adding RoundCube.
This can solve the Calendar/Contacts/Email/Filesharing main case. Works across Windws/Mac/Linux, even mobile... which in my case is Android. It's not amazing, but it's pretty fantastic.
owncloud has two-factor support via Google Authenticator, I'm happy enough there. I use Authy to sync the tokens between my devices.
Full caveat though: I never have a single device with both my tokens, and synced password database - just in case memory dumps of phones/tablets become valid. So, I dump my password database to my tablet, whereas I sync my authy tokens between two phones.
Just clone it, install the dependencies via composer and you’re good to go. It’s just an IMAP client at the moment, but multi-account and when the IMAP server is on the same origin as ownCloud it’s quite fast. Feedback very welcome!
Another happy owncloud user here, though the funny thing is what I want it for is specifically NOT syncing - in fact, I don't like that it even tries to sync folders. I mostly want a media player/NAS/photo gallery/mail server (though I might just install a mail server separate from owncloud; I'd still want a webmail interface though).
Just as a thought, what I ended up using for media services is Tonido. There are different ways of implementing it, but mine works as a module directly on my NAS. It's a great media server, the only downside is there's a subscription for some of the bonus features. By default it wants to proxy via their server and wants to do so unencrypted, but you can purchase a license that allows you to disable the proxy feature and encrypt with self-signed certs for $100 per year. Other than that, it has an Android/iPhone app so you can stream music/movies to anywhere you want (provided your mobile connection is up to snuff).
ownCloud contributor here: Just wanted to say major thanks for such a great project! Keep it up and let us know if you need anything from ownCloud – we’re in #owncloud-dev on IRC :)
While it's not trivial it's not that hard to spin up a mail server on a VPS (which can run smtp, imap and/or webmail). For that matter you can run it off a static internet connection or even a dynamic IP from your home or office PC. (Running linux or Mac OSX never done it with windows although I'm sure you can).
Do you have anything in particular you'd like to offer to back that up? Have you ever done this? (I do and have done since the mid 90's on various equipment and I'm no Eric Raymond exactly either). We're not talking about running the mail server on a commercial ISP or a company with 20,000 employees. Just running a mail server to take care of your own mail.
There's a difference between running a mail server for incoming mail, and one for outgoing mail. I use my local Comcast SMTP servers for outgoing on the (so far 100% correct) theory that nobody can afford to blanket blacklist those. Incoming you don't have to worry about getting blacklisted.
You have to worry about spam, but, well... that's sort of a constant nowadays. My current solution is to use Thunderbird to filter everything on my primary machine and it's Good Enough. If you want webmail YMMV, though.
Honestly, if you're just one or two mailboxes, it's not that big a deal to maintain. And I've been Joe-jobbed, so it's not like I haven't been exposed to some fury. Still not that big a deal.
"You can then get shotgunned by spam filters, too"
Have you had that problem and weren't able to get by it? I've had IP changes over the years and while it's taken a small bit of work to get the new IP accepted (in some places most places don't seem to care) I'd say it's hardly a show stopper. Of course all the email deliverability people selling products and services in that market want to make you believe you'd be a fool to roll your own.
Of course if you get a VPS with some IP address that someone used to spam sure you have a problem. The idea is to do your homework and not have any of the obvious problems. (You can run the IP by the blackholes to see most issues.)
Also (not a comment directed at you by the way) I love the way a forum such as HN where people spend all sorts of time doing things just for fun seems to have a problem with the "work" involved in doing something that actually has value or might take a bit of work in order to solve a problem that they have.
The downvotes seem to indicate a reaction such as "wow what a stupid idea why would you run your own mail server hey you can just use fastmail that's what we all use".
Another Fastmail endorsement--they really are fantastic. I confess to still using Gmail for some things but it's mostly just because I've been too lazy to switch over all of my accounts. Fastmail is truly a better service.
As for calendar, I've heard good things about https://fruux.com/ although I haven't tried that myself yet. (And apparently Fastmail does calendar too--again, haven't tried.)
I have trained it with tens of thousands of emails, but it keeps letting obvious stuff through. On the other hand, I have had zero problems with false positives, which used to be a huge problem back when I was using Gmail.
Coming from Google Apps and currently using Fastmail: It's not as good as Gmail. I still get spams in my Inbox but they are not really a deal breaker. I've been using Fastmail for over 3 months and I'm rather happy about it (just paid for a yearly subscription). I'd suggest you to try it out with a 3 month subscription. You can always switch back; it's just a couple MX records after all.
Oh btw, fastmail also has CalDav (Calendar only; no Tasks) and It's been working well for me too.
I moved my calendar from iCloud to Fastmail and have been plenty happy with it. I'm finding it to be a bit snappier in updating as well, but nothing to really back that up than my own anecdotal experience.
Another vote for FastMail calendar. Give it a shot.
I find that it integrates really well with Gmail. I've had experience before where invites from different email providers don't play well, but FastMail sending invite to Gmail works just fine.
I'm using Fruux for calendars, contacts and reminders. Very happy with it. Zero downtime since I started using it (at least one year ago, probably more).
Edit: Fruux implements CalDAV, but there are disappointingly few apps that support it. I'm stuck with Apple's Reminders. The only decent CalDAV client, 2Do, does not implement CalDAV/WebDAV correctly (they don't support "207 Multistatus"), and will not work with Fruux. When I contacted them, they expressed no interest in fixing the problem.
That's all fine and dandy - however most of the time when I'm working as a consultant, I'm created an email account on the company's domain. Typically hosted on, you guessed it, Google Apps.
For some people leaving Google is literally not an option, and that's a shame.
OK, there's some value in diversifying instead of using one provider for everything but mostly he just swapped Apple, Fastmail, or Clicky in place of Google. They can still track him, read his email, know his calendar... The benefit here is marginal.
And how do those companies stack up against Google when it comes to security? It's one thing to protect the data against snooping by the provider, it's anoter to protect it from everyone else. Google is pretty solid, often on the cutting edge (PFS, certificate pinning).
The difference between data privacy now, and data privacy 10 or 20 years ago has little to do with how many people have access to it, or how secure it is. It mostly has to do with who can analyze it.
An example: where you walk in public is public information, but for most of human history, no one has had the capability to keep a database of that information and query it retroactively. Your location information is therefore less private now than it was before, because that information used to be impossible to reference meaningfully.
The same concept goes for email, calendars, contact graphs, etc. Using providers that don't have, or consciously avoid the capability to aggregate, analyze, and query it improves your privacy. Google is not one of those providers.
Apple's business model doesn't rely on storing personal information, they get their money from devices and apps and services made for those devices sold through their store.
They are the one company that has the ability to really push for user privacy, it's a route Google cannot follow - it would hurt their core business (advertising) too much.
They are the one company that has the ability to really push for user privacy, it's a route Google cannot follow - it would hurt their core business (advertising) too much.
On the other hand, Google needs their users to trust them. If they walk away from Google services, Google loses.
If Apple on the other hand, loses an iCloud customer, their lock-in is reduced, but probably the user will continue to use their Apple devices.
In the end, paid services are probably the best for users who want privacy, etc. Losing trust immediately results in a loss of income. But since the user is paying, they don't have to use and link user data for advertisement or sell the data to third parties.
> On the other hand, Google needs their users to trust them. If they walk away from Google services, Google loses.
Google has dominance in search, webmail, maps, and a very strong mobile presence with Android.
Even if you don't trust Google, it's hard to avoid using their services - they're so good, they have few competitors worthy of note (e.g. Apple Maps or Bing).
Ok, say someone has a complete database of my location sampled at 10 minute intervals over the past few years. What could they do with that information that would be harmful to me?
Seriously? Now I know everyone with whom you associate. I know everything you like to do. I know how fast you drive. Because you "associated" with several serious felons (you were in the same bar/diner/club as them several times), I can make a case for conspiracy. I have you in the same area as several serious crimes. Perhaps the data source (phone?) isn't exact all the time (it never is), so I have you as being at some places you weren't at. The scene of crimes? I know everyplace you've been for years, so forget running.
Have you been speeding in the past few years? A lot? Have you done anything private? Seen doctors/specialists about private medical issues? Have you had an abusive spouse or stalker in your life? I bet they'd love the data.
Do you seriously believe that's how conspiracy cases work? "They were in the same restaurant several times, they must be involved in a criminal conspiracy". I guess every waiter, cook, hostess is also indicted for conspiracy as well, if that's all the evidence they need.
Google doesn't issue speeding tickets. If the government were to issue a ticket for every single instance of speeding and even 1% of them contested it, the system would be so clogged with paperwork that it would grind to a complete halt.
Personally, no I haven't been to the doctor. People go to doctors, though. That's not a big secret. Are you personally on the lookout for every single person who visits a doctor so you can...make fun of them, I guess? Do you imagine other people are?
An abusive spouse/stalker already knows where you live. If they're that motivated and want to find you, they'll wait outside your house. Hiding the information is not a solution to that problem, those people need to be arrested and incarcerated.
> Do you seriously believe that's how conspiracy cases work? "They were in the same restaurant several times, they must be involved in a criminal conspiracy". I guess every waiter, cook, hostess is also indicted for conspiracy as well, if that's all the evidence they need.
I think you need to read up on the 'domestic terrorism' cases in the USA and how NSA investigations actually proceed. One fun instance was Clapper giving presentations on a network of possible terrorists all linked together. The link was a pizza place.
And 100% of the evidence was that they met at the same pizza place? There were no other indications? In that case does it flag every single group of high school friends who regularly get pizza after school, or every group of co-workers who hit up the same happy hour a couple times a week?
Sadly, that's not outside the realm of possibility, but that information alone is practically worthless in determining if someone is a terrorist. "Regularly meets with the same people in the same restaurant" describes almost the entire young, single adult population.
> And 100% of the evidence was that they met at the same pizza place? There were no other indications?
It was enough for the guys supposedly in charge of protecting us to waste a lot of time staring at graphs. And the 'threat matrix' is full of even more shit than that; I refer you to "Secret without Reason and Costly without Accomplishment: Questioning the National Security Agency’s Metadata Program", Mueller & Stewart 2014 http://politicalscience.osu.edu/faculty/jmueller/NSAshane3.p... for that and other sorry details of 'the war on terror'. Seeing the sausage made is never pretty.
> In that case does it flag every single group of high school friends who regularly get pizza after school, or every group of co-workers who hit up the same happy hour a couple times a week?
No, I'm sure some racial and religious profiling was part of the special top-secret sauce which selected that particular pizza joint...
I agree that's a problem. I don't think the issue is that this database exists. I think the issue is that there are people conducting a witch hunt in the first place. If they are that bad at finding terrorists, they'll misuse whatever information is available to them. The solution is to not give people the power to conduct secret investigations and trials etc. in the first place.
It's a bad argument for banning things but it is a perfectly correct argument for pointing out the the real cost of something. Cars kill people. We should not pretend that cars are safe, we should make a rational decision and come to the conclusion that the cost is worth the freedom of transportation.
You'r argument would be a valid analogy if I were suggesting that we make it illegal to tell anyone your location (or any other "private" information). I am only pointing out that privacy is valuable and we should count the cost if and when we give it up.
Interesting thought. If McCarthy could have subpoena'd Google, he'd have been able to prove that they were all commies and then people wouldn't be unfairly smearing his name today.
1) The computer never lies and the false positive rate is 0%. So if you walked past a shop that sells weed grow lights enough times, you'll be on a list and some night at 2am they'll smash open your door, shoot your dog, and throw a grenade into your babies crib. This is "OK" because it usually only happens to poor minorities and the computer never lies and there is no such thing as a false positive. Even just street crime is an issue.
2) Times change. Being on a list as living as a Jew in Germany in 1923 not a huge problem. In 1943 being on that old list is not so good. Walk past a mosque on a daily basis in '90 no big deal, in '10 maybe not so good when they look at the historical records to Keep Us Safe From Terror (tm). Its almost unpredictable who we'll be punishing / torturing in a couple decades. Probably not reasonably well off white men, but everyone else is either nervous or ignorantly not nervous.
Build a very complete profile of you, sell that data to advertisers. Maybe tell insurance companies that you frequently do high risk activities. Sell the information that you were at the beach when you took a sick day. This list could go on and on.
Another thing: Imagine someone would get HD video of your room while you slept in it. I can't imagine what use it would be but I absolutely would not like to be filmed like that.
> Build a very complete profile of you, sell that data to advertisers.
Why would advertisters spend money for a profile of you? Answer: they don't. This market just doesn't exist. It's fabricated. It's a fantasy to pretend your trivial existence is worth big bucks. It isn't.
Advertisers do not want your information. They want your money. Google uses your information to try and match you up with relevant advertisers. This is how ad networks work, a form of online dating basically. Your information does not go to the advertiser. Your information on its own is not worth anything.
> Maybe tell insurance companies that you frequently do high risk activities. Sell the information that you were at the beach when you took a sick day. This list could go on and on.
Who would spend money on this and how the hell would that market ever come into existence, much less in secret, such that everyone does freak the hell out?
Do you think Google sends employees out to secret hotel rooms with members of random stores to swap dirty secrets about you or something? Remember, advertisers are places you go to buy things. Not evil supervillans.
So you're saying you're ok with me knowing everywhere you've been for the past few years?
I'm going to assume then that you don't visit strip clubs, bars, 'adult book' stores, the house of your drug dealer, the house of your secret lover, a proctologists office, an OBGYN, an abortion clinic, or a million other places. You may not visit these places, but many others do, and having that information publicly available could be devastating to families, careers, entire lives.
On the other end of the spectrum, say you happen to be in the general vicinity of multiple burglaries at the time these crimes are believed to have happened. You're arrested and have to prove your own innocence.
Or maybe someone who wants to do you harm looks at your data for patterns, and goes to the right place at the right time to rob, extort, harass, rape, even murder you.
In general, I think having your location information public is a terrifying prospect.
You don't even have to have been there at all. Once an entity holds all your personal information like that, they can just say "Oh you were here, here, here and here at these times" even if it was not true. Who would doubt them? After all they have all the information right? RIGHT?
If the government has devolved to the point that we have to worry about them framing people unjustly, we have FAR, FAR bigger problems than a database of location information. Hiding the information in that scenario is, at best, a temporary band aid. The appropriate fix is limiting the power of the government and requiring strict and transparent conditions on when and why someone can be arrested.
I'm sorry, I just don't follow this slippery slope argument. We have lots of examples of the government abusing their use of online information. For the haves, we have the still-minor indignities of the no-fly list and targeting certain political stripes for IRS audits. For the have-nots, it is terrorism fusion data centers, predatory civil forfeiture and, jeez, a lot of the criminal justice system. So that world does exist now.
Many of these excesses have been driven by "limiting the size of government" by defunding local governments and relying on private information brokers (license plate readers, etc), rather than passing better laws.
> We have lots of examples of the government abusing their use of online information.
That isn't what he said. He said that if the government is going to forge information, then the availability of location information is not necessary nor useful for that task.
The things you've mentioned are all generally Bad Things and things that we should be fighting to stop. Fighting to obscure your location information and even protect your privacy in general doesn't stop any of the things you mentioned if you believe the government is acting in bad faith.
I think it is naive to think that a bad actor who intends you harm will be stopped or even slowed down by the fact that there isn't a log of every location you've visited.
A threat to your safety or your freedom needs to be dealt with directly by eliminating it, not hiding from it. If you're envisioning a bad actor with the resources to compile and analyze a comprehensive log of your location, the simple fact that you use service A instead of service B is not going to do a thing to stop them if they're out to get you. You have far bigger problems on your hands.
"Potential threat" is an unbounded set. If you're going to guard against every potential threat you will not be able to spend your time doing anything else.
I asked because I was curious about what sorts of unique threats are presented by, for example, a database of location data. So far I haven't seen any that aren't already present via far simpler means.
If you have a cell phone, it is constantly pinging nearby cell towers. If it has wifi, it is pinging nearby wireless networks. That information is out there, waiting to be collected. If you want to go without the benefits of a cell phone to avoid whatever threat is posed by somebody knowing where you were at some point in time, go for it. I think it's a waste of time.
I think there has been some confusion here. When I said that "The point is not that the world will end if we give away our location data, only that doing so has a non-zero cost" what I meant was that the point is not that the world will end if we give away our location data, only that doing so has a non-zero cost.
Cell phones are like cars, they are very useful but also have their downsides (cell phones reduce privacy, cars kill people). I have a cell phone and a car because I made a decision that the cost was worth the benefit. I did not need to delude myself into thinking there was no cost nor did I need to pretend that the cost was inevitable.
The threat of a comprehensive database of everywhere I've been is extremely minimal. There's not much someone can do with that that they couldn't do without it. If some whackjob want to wait for me to turn the corner so he can hit me with a sock full of nickels or something, he's not going to get a database of everywhere I've been over the past two years and hang around the coffee shop that I have an 84% chance of visiting on the third Thursday of odd numbered months. He's just going to look up my address and wait in the bushes outside.
The government has so devolved -- they're using (most likely illegal) nsa spy tools and stolen data to arrest drug dealers, then lying to everyone involved about how they "stumbled" across the information, or so-called "parallel construction" [1]. While all the tools whine about slippery slope fallacies, the fact of the matter is we're already sliding down.
The undated documents show that federal agents are trained to "recreate" the
investigative trail to effectively cover up where the information
originated, a practice that some experts say violates a defendant's
Constitutional right to a fair trial. If defendants don't know how an
investigation began, they cannot know to ask to review potential sources of
exculpatory evidence - information that could reveal entrapment, mistakes or
biased witnesses. [2]
Although these cases rarely involve national security issues, documents
reviewed by Reuters show that law enforcement agents have been directed to
conceal how such investigations truly begin - not only from defense lawyers
but also sometimes from prosecutors and judges. [3]
One thing that people do is just say "the government" like it is a single entity. It is not one entity. It is made up of hundreds of thousands of individuals.
You know that guy that used to scare your wife/daughter with his stalking? Well he just happens to have a government job and may be in a position to abuse the knowledge that he has access to for personal gains.
strip clubs, bars, 'adult book' stores - these are all perfectly legal and innocuous activities. Who cares?
the house of your drug dealer - being in someone's house in circumstantial at best. By your logic they would also have to arrest the drug dealer's mailman, maid, meter reader, etc.
burglaries - again, circumstantial.
Someone who wants to do me harm doesn't need a database full of comprehensive location information. They'd only have to find out where I live and wait for me there.
Without intending to invoke Godwin's Law, I think what happened in WWII is a good lesson in dangers of overexposing your private life. Before WWII, Germany used "tax deductions" to entice people to reveal their religion to the government. Data which was later used to identify Jews during wartime.
Nobody is saying you need to unplug your machine from the internet, but just that because something doesn't impact you today, might not be true tomorrow. If you decide to run for office in 10 years, for example, you can bet your location data will become relevant (and it's not that far-fetched that the other party will try to obtain that data - reference the IRS email scandal).
The point is to minimize the aggregation of your data, to limit the impact it will have on your life once it leaks. After all, you never know who will get a hold of all your data once a company goes out of business (fir example).
The problem in WWII was not that the government had a list of who all the Jews were. The problem was that there was a government that wanted to kill all the Jews. If the latter is true, they'll find out the information they want one way or another. Hiding a list does not solve the problem, which is that you have elected genocidal maniacs to your government.
Your line of thinking hinges on an optimistic view: "As long as X doesn't happen, we're fine". But what will you do when X does happen? You'll be completely unprepared for it.
I prefer to take the "hope for the best, prepare for the worst" approach: if something bad were to happen, I would have a better chance of not being impacted.
No, my line of thinking is more like "If X happens, we're fucked regardless of whether we have privacy or not, so we need to focus on not letting X happen"
If an insane genocidal dictatorship comes to power, you will be impacted, unless you're on the side of the dictators.
I'll bet you top dollar that's not what Jennifer Lawrence is thinking right now. She's not thinking "It was inevitable that someone will get my photos from iCloud". Instead, she's thinking "I should have never put my photos on iCloud in the first place".
Hence the point of this thread: don't expose more information than you need to.
This is probably going to be unpopular, but how exactly has Jennifer Lawrence come to harm from the leaked photos? So people will see the photos and...what? Fantasize about her while masturbating? I'm pretty sure that was happening already.
There's no doubt some embarrassment, but that's more a result of the fact that we've all decided that people need to be embarrassed about being seen naked. In a hypothetical privacy-free world where everyone has access to nude photos of everyone else, nude photos have no power over anyone.
Not having data which would incriminate you to a party which will misuse it is something of a pyrrhic victory, but I still see your point. It would be preferable to have no parties which would misuse this data, but if such a party does exist then you would be better off remaining anonymous. As with all risk analysis, there's no clear answer. Deciding whether or not using a service which tracks such data is a consideration of the convenience gained, sensitivity of the data, propensity of the parties in play to respect the privacy of this data, potential for future incrimination, etc.
This supposes that burglars work by picking out a person, then waiting until they're not home to go rob their house. Instead, burglars search through a neighborhood to find houses where nobody is home, then break in and steal things. It's the other way around.
Regardless, if you're an average adult in the US, "weekdays between 9 and 5" is a fairly reasonable assumption of when you won't be home. No giant database needed.
You are asking your question from a position of luck (that you, in particular, can afford to be an open book) and mostly at the wrong level. It's not about how it will affect you, it's about how it will affect him/her, and us.
Improving your privacy helps people who have legitimate things to hide avoid unwarranted suspicion, and it also makes our society better.
Secrets are sometimes bad, but are far more often good -- allowing us to have functional foreign relations, strong individual rights, and the ability to communicate freely about ideas central to our republic. No good will ever come of the ability to Google: "people unlikely to toe the line".
I phrased the question in terms of me, but you have no idea who I am or what I might have to hide, so please imagine it in the general sense of what any given person might have to fear from a database of their location information.
> What could they do with that information that would be harmful to me?
Harmful to someone, and it's different for different people at different times. Also, a piece of information that may be benign today could be harmful tomorrow with a change in the political environment.
Maybe you visited a specialist, or were on the same floor as a specialist, and got extra attention from your health insurance as a result.
Maybe you were standing near someone being investigated, making you a person of interest and therefor subject to prosecutorial bullying.
Maybe you're trying to overthrow a government and would like to do it in safety for as long as possible.
If you visited the specialist, your health insurance would already know because they'd be paying the bill. Now, I'm not an expert on medical billing, but I can't imagine how "being on the same floor" as a specialist could result in any sort of invoice. I'm not sure what you mean by "extra attention". Why would the insurance company use that information? Surely any given specialist is around hundreds of people every day he or she isn't treating, so that particular data point has no use in predicting who is going to receive care from that specialist.
Standing near someone - same argument as above.
In the rare case that you are actively involved in overthrowing a corrupt government, then yes, it is important to keep yourself hidden from that government. But privacy in general does nothing to prevent the corrupt government from coming to power in the first place. If anything we need less privacy - for the government.
People don't "just like" things for no reason. I think it's worth examining why we like privacy and what needs it fulfills, and what other ways we might be able to fulfill those needs. It seems to me that digital information is just too easy to distribute for us to have any hope of containing it. We are better off assuming any available information is going to be made public and finding the best way to proceed from there.
Call me paranoid, but my biggest concern is that things I do that are acceptable today may become illegal or persecution-worthy in the future. I recently read a story about a mother who was executed for her religious beliefs. The attackers knew she had been visiting a country with a different majority faith and used that information to single her out.
That kind of thing could never happen in the West... right? I hate to bring in Nazi Germany, but imagine how much more effective they could have been at rounding up people if they had access to Google's tracking data.
Full Disclosure: I am not actively avoiding any tracking, but I think about possible abuses a lot.
Does Clicky let site viewers also view the traffic? I don't mind such information as much so long as everyone knows that they can see it when they want.
As he said, degrees matter. By which I guess he means differences of degree.
The two companies involved (Google, Apple) have a fundamental difference in their business model. One involves you and your private data as the product; the other does not.
If what you care about is privacy, I really don't think iOS is appreciably better than Android. (Not marginally or theoretically - I mean practically).
If you're looking to be as private as possible[0], you should either use a custom ROM of Android with Privacy Guard and with Google services disabled (or use something like Replicant or FirefoxOS, if you're comfortable straying from the two dominant mobile OSes).
[0] As private as possible while still carrying around a tracking device 24/7, mind you (cell phones constantly report your location to your carriers, who are not at all modest with this data)
Yes. Google+, by default, likes to grab all pictures taken with the device camera (and most stupidly will then say they're ready to be shared - because every photo is for sharing . . . )
The worst is Google Play Services though. It's basically a way for Google to get your location data, and to generate massive global maps of WiFi networks, rather like what got them in trouble with the streetmap cars. Anyone doubting how important this is to them needs to check their reaction when Motorola wanted to use Skyhook on a device instead:
http://www.theverge.com/2011/05/12/google-android-skyhook-la...
You mean the box is ticked in a terms and conditions screen when you first turn the device on and that counts as opting in. It's on by default. Most people don't realise what it's doing until either the uploader drinks all their battery (which mercifully they seem to have fixed) or they have loads of photos pop up when they sign in to Gmail on a desktop.
The sign in process for Android devices has become ever more convoluted and incomprehensible. People, understandably, complain about the Facebook app, but Google are actually far worse.
Apple makes little to no money by invading your privacy. They've already made money once you bought their hardware. Which is why they will be a much better champion of your privacy.
However, companies like Google and Facebook make almost 100% of their revenue by knowing every detail they possibly can about your life. That's why they try to commoditize hardware and place all the value in your personal information.
Facebook doesn't commoditise hardware - but otherwise you're right. However, for hundreds of millions of people buying their first smartphones iProducts isn't even a viable option, while a sub $100 Android phone is. And those devices will be their gateway to the internet. So maybe something good will come out of it too
And I guess you can opt out of the Google tracking ecosystem even on "Android" hardware
It's obviously not smart to rely on one company that heavily, but I can see his reasoning behind using Apple products. I too am not using any Google services if I can help it but if I had to make a choice between giving my data to Google or Apple, I'd choose Apple. Not because I trust Apple more than I trust Google, but because I trust their source of income. Apple's business is to sell you hardware, while Google's business is to gather information about you so it can show you ads.
What Apple earns from iAds is chump change compare to Google's ad revenue. I don't deny iAds exists, but read my comment carefully. That's not their main source of income. Google's almost whole business is to sell ads. Apple can survive without selling ads, Google can not.
I just told you the difference. What is it that you don't understand?
Google's whole business revolves around showing you targeted ads. Apple's business is to sell you iDevices. Apple will not target you to the point where it's invasive and creepy (although I'd argue even the smallest amount of tracking is invasive, but I've been trying to look at this from Gabriel Weinberg's point of view) because Apple can not do anything to harm its main source of income. Google's job is to track you and they legally (and sometimes illegaly) do everything they can to be successful in their business. They can not hurt their main source of income by being invasive, because being invasive is their business.
For the record, I'm not saying Apple is any better than Google or vice versa. As I said, I've been trying to play the devil's advocate.
The point is, Apple does track you AND charges a premium. Google doesn't do both.
If you look at EFFF, Google has had your back longer with lobbywork before the EFF report came out ( https://www.eff.org/who-has-your-back-2013 ) as soon as that got popular last year, all of them upgraded their lobbywork (Apple)
Yes, now they all have 5 stars, but the EFF report first came out in 2011 without them knowing ( https://www.eff.org/who-has-your-back-2011 )... But there was a lot of hype about it last year, so they had to improve their "score-card".
Also, I doubt Apple would do something like Google's word gymnastics with the everchanging and murky ad profiling policy for student emails in the "free" Google Apps for Education.
Personally, I have a VPS where I keep my own mail server, webmail, ownCloud instance (calendar, address book, file storage, etc), IRC bouncer... All courtesy of Sovereign (https://github.com/al3x/sovereign)
Very interesting resource, thanks for posting ; even if not for the playbook itself, the collection of tools is interesting.
Having your own server is definetely a good solution, it just needs experience and comes at a certain price, even if it stays reasonnable. But most people just don't want to be bothered with maintaining the box (hosting payment, security updates, domain name renewal, SSL ceritificate renewal and so on).
However, it is a fantastic way of learning by yourself!
Well, if you use the supported Debian 7 pointing Ansible to your box is all that's needed.
Since I decided to go with Ubuntu 14.04 (unofficially supported), it took a little longer and I had to submit a couple of patches to make it work there. The "hardest" part was figuring out how to set-up the DKIM and SPF records in my registrar's DNS control panel (namecheap).
Other than that, I don't really have to babysit the thing: I get a weekly logrotate report by email and rarely, if ever, SSH into the box to check that everything works. From time to time I re-run the Ansible script to ensure everything is in proper order but, still, I almost never have to spend more than 10 minutes a fortnight.
> On top of the browser I use these add-ons to reduce tracking further; also, note that private browsing mode and the do not track setting will not stop you from being tracked.
Google's/Facebook's/Twitter's JS scripts are literally on every site. Fingerprinting allows them to increase their ROI since it builds more precise profiles on you. The advertising industry is happy and the government is happy. So forget about them not fingerprinting you.
I switched to fastmail and duckduckgo in lieu of google products a little over a year ago for some of the same reasons. I tried to switch to safari from chrome, and that experiment lasted about 3 months before I got annoyed by how safari handles multiple tabs.
But, as far as most of the criticisms posted here, they're really unfounded. If you want to be a purist about privacy, you really have to just quit using technology. It's not realistic. Yes, you can be an idealist and try to run your own email server, etc. but it's really about balancing tradeoffs. I also use Apple maps and iCloud and dropbox and Evernote and... many other services we should give just as much scrutiny to as Google.
I don't see my choices as being about riding a high-horse, it's about a diversified portfolio of services that helps me avoid total lock-in. The day that google heavily oversteps with the G+ product strategy or twitter completely goes to shit, I've got a series of alternative services that can pick up the slack.
My thing isn't that I don't trust any one particular Google product. It's that I don't feel safe putting all of my eggs into one basket. A year ago, Google was my phone, my search engine, my email, video hosting, my DNS, my IM service (GTalk when it was still a thing), and cloud storage system. That's a lot of personal stuff all tied together under one account. So I split things up. I hosted some stuff where I could (email and online storage) and used different services/products where I couldn't. But I also continue to use Google for my search engine.
I don't really see it as a question of if Google will screw up with people's data, it's a question of when.
By the time when, Google will be our overlords. Running the world with no one to be able to resist their ironclad rule. Because they know you, they know where your most loved live, what you need most to live, what your habits are, what medications you need.
Doesn't that sound bit too pessimistic? Of course it does. You already trusted Google, why trust another company and risk your data?
What if, from the 10 companies you trust your data with, 2 of the go rogue and use your data against you? OR what if they get hacked, and lose everything? That's what I fear more than giving too much data to Google. I'd rather trust one super reliable guy (Google), than trusting 5 (Self hosting) maybe trust-able, 3 shady guys, and 2 unreliable guys. But that's just me, I make sure all my accounts have 2 step auth.
This. Right now I'm also more comfortable with Apple having my info, because their business is built on providing me with a premium product & charging me for it. Google is built on monetizing my data and selling me better ads.
>>But, as far as most of the criticisms posted here, they're really unfounded. If you want to be a purist about privacy, you really have to just quit using technology. It's not realistic.
Exactly. It's not realistic because it's a strawman, and a disingenuous one at that.
No one really wants to be a "purist" about privacy. Indeed, the only way to live a 100% private life is to have a cabin on some uncharted island and never leave it.
Rational people, on the other hand, realize that there are certain privacy costs to living in modern society. They simply want to make informed decisions about which benefits to trade off those costs for.
What the author advises against is giving all your information to one company, i.e. Google. This holds especially true since said company's core business is serving you advertisements and generally controlling your Internet experience (using the "personal filter bubble" described in the article) using the information it has about you. Instead, he is suggesting that people spread their information across multiple service providers so that no single one of them can compile it to get a wholesome picture of who you are. The point is not to avoid giving your personal information (although the less you have to give, the better). The point is to avoid putting all of it in the hands of one company.
I'm not sure if switching to Safari is a huge jump ahead, because both are closed source software. You could switch to Chromium and get Chrome without the tracking, or use Firefox instead.
Because Apple's free services are a value add to increase their device sales off which they make a ton of money, while Google's free services are typically monetized with targeted advertising based on a profile built off your private data, so they tend to collect and retain a lot of it.
except google collecting data doesn't mean google shares that data with advertisers. its a common misconception of how the ad model works.
moreover google has one of the best records of security for a consumer facing company. your data is more safe with google than apple - no question about that.
In the face of nefarious agencies and companies that track, I don't think there's a 'best' option to switch to, per se, only a harder (to be tracked) option. Tracking, in my belief, still goes on, in one way or another.
So what are we left with? Trying as hard as possible to use online services for work (assuming that's your bread and butter) and to be in the real world for leisure, etc. Not always possible, and less possible as the years go on, but a lot better than thinking one (popular) online service will be a safe haven from another.
I, too, am very unhappy with Google. They're obviously intentionally trying to get people to get used to giving up privacy. From the moronic system Android has, to the tricky dialogs Chrome puts up, they don't like the anti-tracking sentiment.
But... DuckDuckGo just doesn't compete on search results. I changed to it as my default search engine, but I ended up going to Google most of the time.
And switching away from Android... I tried to move to Windows 8 / Phone, but the ecosystem is a joke. Desktop apps don't work well on their small tablet form factor, and the Metro apps are laughably terrible. Microsoft can't even prevent total scams, like $9 fake Netflix and HBO. And they ignore reports about them.
Apple spies on you as much as google, without a doubt. They're just not as open about it. After all, why wouldn't they do it when it helps them build "better" products that make them more money.
I'm sure people will leap out to argue with me when I say yes, but: yes.
I don't say this out of a belief that Apple is pure and Google is evil, and certainly not out of a belief that Apple shows a deep understanding of security (boy, howdy, do they not show a deep understanding of security). I say it out of my understanding of their business models. Basically, Apple makes money from you because you give them money. Google makes money from you by analyzing the data you send through their services.
"If you're not the customer, you're the product" is too glib by half -- both Google and Apple want to make good products that you want to use, and it's certainly in Google's interest to keep their users (i.e., you) happy. They're arguably much better at online services than Apple is. But Google has a vested interest in "reading" your mail, tracking your searches, and so on. Apple not only lacks that interest, it's arguably a competitive advantage for them to not keep any more information about you than they absolutely have to. They've spelled out in the recent past just what they keep, and it's largely "what they absolutely have to." Apple's corporate culture genuinely seems to be supportive of privacy, albeit tempered with profit-driven pragmatism.
This is not an argument that Apple is full of good and wonderful people (I believe the ad copy should be "magical and revolutionary") and that Google is full of terrible people who hate their users. Not at all. And Apple has had a few high-profile privacy biffs where they were collecting information they shouldn't have been, which leads some people to be highly suspicious of them. I get that -- but we're often handing even more data over to Google routinely because that's what they require. That's their corporate culture: their mission is to organize the world's data, and fulfilling that mission requires them to have access to the world's data. All of it.
And, last but not least, none of this is particularly relevant to government snooping except to the degree that the less information is stored on a server that isn't under your control the less information there is to be compromised. (At least compromised via that particular vector.) If you're deeply worried about that you shouldn't be using either Apple or Google.
306 comments
[ 3.7 ms ] story [ 248 ms ] threadI recently migrated to Fastmail, and I was pleasantly surprised by how easy it was. Fastmail automatically imports your emails from Gmail, and it took me so little time that I kicked myself for not doing it before.
> Calendar: iCloud
For those of us who don't use both OS X and iOS, this isn't feasible. Fortunately, though, Fastmail also provides a calendar service. It synchronizes with Google Calendar in case you still need to use Google (e.g. for work), and it was also a seamless switch.
As for a client, I was very surprised by this, but I've actually found that the latest version of Mozilla Lightning[0] is the best calendar interface. Fastmail's is okay, but still in beta (it's less than a year old). Setting up Lightning to sync with Fastmail's calendar took just a minute, and I actually like the interface more than I liked Google Calendar's[1].
Thunderbird is an okay mail client (not a terrible interface, but not a great one), but even if you don't use Thunderbird for mail, I would recommend trying out Lightning for calendaring.
[0] https://en.wikipedia.org/wiki/Lightning_%28software%29
[1] It's okay for viewing events in the week view, but there are a lot of UI quirks and bugs that catch up with you after daily use - this one is the most pernicious, but there are a number that are simply annoying as well: http://arstechnica.com/security/2014/01/how-google-calendar-... [2]
[2] Since I know people will ask - I consider this a UI issue because it's fairly easy to imagine a minor UI improvement that would indicate this unexpected result of Quick Add (and others) before clicking "Add" without sacrificing this functionality in case it is desired.
Not sure how to reconcile that with the seemingly mandatory PRISM invocations, the post was almost stomachable up until the Apple cameo especially with the recent privacy headlines. At Least recommend something that isn't a huge downgrade in functionality, an OSM client or something.
I'm sure that Apple adding DDG to Safari is the reason for this thinly veiled reciprocity.
Privacy or not these are people selling their wares and they are willing to be sleazy about it, this is not unlike the bullshit post about the fake cell antennas and the magical ROM that detected them that is making the rounds, it's disheartening.
It seems unlikely that anyone other than Gabe could be sure of his intentions. At any rate, I assume he also uses Apple Maps for directions... if you know of any good non-Google/Apple competitors for that I would be very interested to hear about them.
http://here.com
Excellent maps and navigation in my experience.
Do you know/can you recommend any other OSM providers? Here.com is one of the best I've come across, but I'm wondering if there are any others.
http://here.com/35.7115098,139.7902388,13,0,0,normal.day
The largest city in the world apparently has about five streets (and note that even the extremely tiny amount that gets shown is actually wrong)! ><
Here maps certainly has its fans, but it's clear they have a long way to go before they're a real alternative to Google maps...
I would expect Navteq had stayed away on some strategic basis and Nokia just kept doing that (I guess Nokia was never a huge brand in Japan).
I've tested a few searches and things that are definitely in OSM don't show up.
http://digiday.com/platforms/google-tracking/
>But Google can also constantly track the location of iPhone users by way of Google apps for iOS, Apple’s mobile operating system. IOS is just behind Android in U.S. market share with 38.3 percent of users, per eMarketer. Nearly 17 percent of the American populace uses an iOS smartphone.
>When an iPhone user stops using an app, it continues running “in the background.” The user might not realize it, but the app continues working, much in the same way tabs function on a Web browser.
>Google’s namesake iOS app — commonly referred to as Google mobile search — continues collecting a user’s location information when it runs in the background. This information is then used to determine if that user visited a store and whether that store visit can be attributed to a search conducted in the app. Store visits can also be tracked via Google’s other iOS apps that use location services. If iOS users open their Chrome, Gmail or Google Maps app in a store, their location can be deemed a store visit
owncloud, owncloud, owncloud!
It has CalDAV, CardDAV, and files support. There's even a rudimentary (though scary) online editor with support for openoffice. I use two-factor with owncloud, and happily share files, too. And... it supports an encrypted backend!.
Now, if you're happy to host your own mail, you can also look at adding RoundCube.
This can solve the Calendar/Contacts/Email/Filesharing main case. Works across Windws/Mac/Linux, even mobile... which in my case is Android. It's not amazing, but it's pretty fantastic.
What are you using for the two-factor?
Full caveat though: I never have a single device with both my tokens, and synced password database - just in case memory dumps of phones/tablets become valid. So, I dump my password database to my tablet, whereas I sync my authy tokens between two phones.
Just clone it, install the dependencies via composer and you’re good to go. It’s just an IMAP client at the moment, but multi-account and when the IMAP server is on the same origin as ownCloud it’s quite fast. Feedback very welcome!
A few ones to check:
* http://roundcube.net/
* http://rainloop.net
* https://www.mailpile.is/
Disclosure: I'm a major contributor.
* Search engine: http://www.seeks-project.info/, https://github.com/asciimoo/searx
* Maps: https://github.com/MapBBCode/share.mapbbcode.org/, https://github.com/Project-OSRM/osrm-backend/ (routing, hard to setup)
* Mail: https://roundcube.net, http://rainloop.net, https://www.mailpile.is/ (the hard part is getting the mail server right)
* Media: https://github.com/sebsauvage/minigalnano (FTP/SSH upload only), http://mediagoblin.org/
See something missing?
Do you have anything in particular you'd like to offer to back that up? Have you ever done this? (I do and have done since the mid 90's on various equipment and I'm no Eric Raymond exactly either). We're not talking about running the mail server on a commercial ISP or a company with 20,000 employees. Just running a mail server to take care of your own mail.
You have to worry about spam, but, well... that's sort of a constant nowadays. My current solution is to use Thunderbird to filter everything on my primary machine and it's Good Enough. If you want webmail YMMV, though.
Honestly, if you're just one or two mailboxes, it's not that big a deal to maintain. And I've been Joe-jobbed, so it's not like I haven't been exposed to some fury. Still not that big a deal.
Have you had that problem and weren't able to get by it? I've had IP changes over the years and while it's taken a small bit of work to get the new IP accepted (in some places most places don't seem to care) I'd say it's hardly a show stopper. Of course all the email deliverability people selling products and services in that market want to make you believe you'd be a fool to roll your own.
Of course if you get a VPS with some IP address that someone used to spam sure you have a problem. The idea is to do your homework and not have any of the obvious problems. (You can run the IP by the blackholes to see most issues.)
Also (not a comment directed at you by the way) I love the way a forum such as HN where people spend all sorts of time doing things just for fun seems to have a problem with the "work" involved in doing something that actually has value or might take a bit of work in order to solve a problem that they have.
The downvotes seem to indicate a reaction such as "wow what a stupid idea why would you run your own mail server hey you can just use fastmail that's what we all use".
As for calendar, I've heard good things about https://fruux.com/ although I haven't tried that myself yet. (And apparently Fastmail does calendar too--again, haven't tried.)
I have trained it with tens of thousands of emails, but it keeps letting obvious stuff through. On the other hand, I have had zero problems with false positives, which used to be a huge problem back when I was using Gmail.
[1] https://www.fastmail.fm/help/technical/spamchecks.html
Oh btw, fastmail also has CalDav (Calendar only; no Tasks) and It's been working well for me too.
I find that it integrates really well with Gmail. I've had experience before where invites from different email providers don't play well, but FastMail sending invite to Gmail works just fine.
Edit: Fruux implements CalDAV, but there are disappointingly few apps that support it. I'm stuck with Apple's Reminders. The only decent CalDAV client, 2Do, does not implement CalDAV/WebDAV correctly (they don't support "207 Multistatus"), and will not work with Fruux. When I contacted them, they expressed no interest in fixing the problem.
For some people leaving Google is literally not an option, and that's a shame.
http://googleenterprise.blogspot.co.uk/2014/04/protecting-st...
And how do those companies stack up against Google when it comes to security? It's one thing to protect the data against snooping by the provider, it's anoter to protect it from everyone else. Google is pretty solid, often on the cutting edge (PFS, certificate pinning).
An example: where you walk in public is public information, but for most of human history, no one has had the capability to keep a database of that information and query it retroactively. Your location information is therefore less private now than it was before, because that information used to be impossible to reference meaningfully.
The same concept goes for email, calendars, contact graphs, etc. Using providers that don't have, or consciously avoid the capability to aggregate, analyze, and query it improves your privacy. Google is not one of those providers.
They are the one company that has the ability to really push for user privacy, it's a route Google cannot follow - it would hurt their core business (advertising) too much.
On the other hand, Google needs their users to trust them. If they walk away from Google services, Google loses.
If Apple on the other hand, loses an iCloud customer, their lock-in is reduced, but probably the user will continue to use their Apple devices.
In the end, paid services are probably the best for users who want privacy, etc. Losing trust immediately results in a loss of income. But since the user is paying, they don't have to use and link user data for advertisement or sell the data to third parties.
Google has dominance in search, webmail, maps, and a very strong mobile presence with Android.
Even if you don't trust Google, it's hard to avoid using their services - they're so good, they have few competitors worthy of note (e.g. Apple Maps or Bing).
Have you been speeding in the past few years? A lot? Have you done anything private? Seen doctors/specialists about private medical issues? Have you had an abusive spouse or stalker in your life? I bet they'd love the data.
Google doesn't issue speeding tickets. If the government were to issue a ticket for every single instance of speeding and even 1% of them contested it, the system would be so clogged with paperwork that it would grind to a complete halt.
Personally, no I haven't been to the doctor. People go to doctors, though. That's not a big secret. Are you personally on the lookout for every single person who visits a doctor so you can...make fun of them, I guess? Do you imagine other people are?
An abusive spouse/stalker already knows where you live. If they're that motivated and want to find you, they'll wait outside your house. Hiding the information is not a solution to that problem, those people need to be arrested and incarcerated.
I think you need to read up on the 'domestic terrorism' cases in the USA and how NSA investigations actually proceed. One fun instance was Clapper giving presentations on a network of possible terrorists all linked together. The link was a pizza place.
Sadly, that's not outside the realm of possibility, but that information alone is practically worthless in determining if someone is a terrorist. "Regularly meets with the same people in the same restaurant" describes almost the entire young, single adult population.
It was enough for the guys supposedly in charge of protecting us to waste a lot of time staring at graphs. And the 'threat matrix' is full of even more shit than that; I refer you to "Secret without Reason and Costly without Accomplishment: Questioning the National Security Agency’s Metadata Program", Mueller & Stewart 2014 http://politicalscience.osu.edu/faculty/jmueller/NSAshane3.p... for that and other sorry details of 'the war on terror'. Seeing the sausage made is never pretty.
> In that case does it flag every single group of high school friends who regularly get pizza after school, or every group of co-workers who hit up the same happy hour a couple times a week?
No, I'm sure some racial and religious profiling was part of the special top-secret sauce which selected that particular pizza joint...
Should we stop people from using cars, because vehicles are used by drunk drivers?
You'r argument would be a valid analogy if I were suggesting that we make it illegal to tell anyone your location (or any other "private" information). I am only pointing out that privacy is valuable and we should count the cost if and when we give it up.
1) The computer never lies and the false positive rate is 0%. So if you walked past a shop that sells weed grow lights enough times, you'll be on a list and some night at 2am they'll smash open your door, shoot your dog, and throw a grenade into your babies crib. This is "OK" because it usually only happens to poor minorities and the computer never lies and there is no such thing as a false positive. Even just street crime is an issue.
2) Times change. Being on a list as living as a Jew in Germany in 1923 not a huge problem. In 1943 being on that old list is not so good. Walk past a mosque on a daily basis in '90 no big deal, in '10 maybe not so good when they look at the historical records to Keep Us Safe From Terror (tm). Its almost unpredictable who we'll be punishing / torturing in a couple decades. Probably not reasonably well off white men, but everyone else is either nervous or ignorantly not nervous.
Another thing: Imagine someone would get HD video of your room while you slept in it. I can't imagine what use it would be but I absolutely would not like to be filmed like that.
Why would advertisters spend money for a profile of you? Answer: they don't. This market just doesn't exist. It's fabricated. It's a fantasy to pretend your trivial existence is worth big bucks. It isn't.
Advertisers do not want your information. They want your money. Google uses your information to try and match you up with relevant advertisers. This is how ad networks work, a form of online dating basically. Your information does not go to the advertiser. Your information on its own is not worth anything.
> Maybe tell insurance companies that you frequently do high risk activities. Sell the information that you were at the beach when you took a sick day. This list could go on and on.
Who would spend money on this and how the hell would that market ever come into existence, much less in secret, such that everyone does freak the hell out?
Do you think Google sends employees out to secret hotel rooms with members of random stores to swap dirty secrets about you or something? Remember, advertisers are places you go to buy things. Not evil supervillans.
I'm going to assume then that you don't visit strip clubs, bars, 'adult book' stores, the house of your drug dealer, the house of your secret lover, a proctologists office, an OBGYN, an abortion clinic, or a million other places. You may not visit these places, but many others do, and having that information publicly available could be devastating to families, careers, entire lives.
On the other end of the spectrum, say you happen to be in the general vicinity of multiple burglaries at the time these crimes are believed to have happened. You're arrested and have to prove your own innocence.
Or maybe someone who wants to do you harm looks at your data for patterns, and goes to the right place at the right time to rob, extort, harass, rape, even murder you.
In general, I think having your location information public is a terrifying prospect.
Perfect way to set up someone you don't like.
Many of these excesses have been driven by "limiting the size of government" by defunding local governments and relying on private information brokers (license plate readers, etc), rather than passing better laws.
That isn't what he said. He said that if the government is going to forge information, then the availability of location information is not necessary nor useful for that task.
I asked because I was curious about what sorts of unique threats are presented by, for example, a database of location data. So far I haven't seen any that aren't already present via far simpler means.
The point is not that the world will end if we give away our location data, only that doing so has a non-zero cost.
Cell phones are like cars, they are very useful but also have their downsides (cell phones reduce privacy, cars kill people). I have a cell phone and a car because I made a decision that the cost was worth the benefit. I did not need to delude myself into thinking there was no cost nor did I need to pretend that the cost was inevitable.
[2] http://www.huffingtonpost.com/2013/08/05/dea-surveillance-co...
[3] http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE...
You know that guy that used to scare your wife/daughter with his stalking? Well he just happens to have a government job and may be in a position to abuse the knowledge that he has access to for personal gains.
the house of your drug dealer - being in someone's house in circumstantial at best. By your logic they would also have to arrest the drug dealer's mailman, maid, meter reader, etc.
burglaries - again, circumstantial.
Someone who wants to do me harm doesn't need a database full of comprehensive location information. They'd only have to find out where I live and wait for me there.
Nobody is saying you need to unplug your machine from the internet, but just that because something doesn't impact you today, might not be true tomorrow. If you decide to run for office in 10 years, for example, you can bet your location data will become relevant (and it's not that far-fetched that the other party will try to obtain that data - reference the IRS email scandal).
The point is to minimize the aggregation of your data, to limit the impact it will have on your life once it leaks. After all, you never know who will get a hold of all your data once a company goes out of business (fir example).
I prefer to take the "hope for the best, prepare for the worst" approach: if something bad were to happen, I would have a better chance of not being impacted.
If an insane genocidal dictatorship comes to power, you will be impacted, unless you're on the side of the dictators.
Hence the point of this thread: don't expose more information than you need to.
Edit: just as I typed this, the top story details the perils of data theft, exactly the point I'm trying to get across here: https://www.nikcub.com/posts/notes-on-the-celebrity-data-the...
There's no doubt some embarrassment, but that's more a result of the fact that we've all decided that people need to be embarrassed about being seen naked. In a hypothetical privacy-free world where everyone has access to nude photos of everyone else, nude photos have no power over anyone.
Regardless, if you're an average adult in the US, "weekdays between 9 and 5" is a fairly reasonable assumption of when you won't be home. No giant database needed.
https://duckduckgo.com/?q=privacy+nothing+to+hide
You are asking your question from a position of luck (that you, in particular, can afford to be an open book) and mostly at the wrong level. It's not about how it will affect you, it's about how it will affect him/her, and us.
Improving your privacy helps people who have legitimate things to hide avoid unwarranted suspicion, and it also makes our society better.
Secrets are sometimes bad, but are far more often good -- allowing us to have functional foreign relations, strong individual rights, and the ability to communicate freely about ideas central to our republic. No good will ever come of the ability to Google: "people unlikely to toe the line".
Harmful to someone, and it's different for different people at different times. Also, a piece of information that may be benign today could be harmful tomorrow with a change in the political environment.
Maybe you visited a specialist, or were on the same floor as a specialist, and got extra attention from your health insurance as a result.
Maybe you were standing near someone being investigated, making you a person of interest and therefor subject to prosecutorial bullying.
Maybe you're trying to overthrow a government and would like to do it in safety for as long as possible.
Maybe you just like your privacy.
Standing near someone - same argument as above.
In the rare case that you are actively involved in overthrowing a corrupt government, then yes, it is important to keep yourself hidden from that government. But privacy in general does nothing to prevent the corrupt government from coming to power in the first place. If anything we need less privacy - for the government.
People don't "just like" things for no reason. I think it's worth examining why we like privacy and what needs it fulfills, and what other ways we might be able to fulfill those needs. It seems to me that digital information is just too easy to distribute for us to have any hope of containing it. We are better off assuming any available information is going to be made public and finding the best way to proceed from there.
That kind of thing could never happen in the West... right? I hate to bring in Nazi Germany, but imagine how much more effective they could have been at rounding up people if they had access to Google's tracking data.
Full Disclosure: I am not actively avoiding any tracking, but I think about possible abuses a lot.
thanks but no thanks
0 - http://skimfeed.com/
each story is an aggregation of multiple sources
I guess there isn't much you can do with this, but is changing from Android to iOS really big enough difference?
The two companies involved (Google, Apple) have a fundamental difference in their business model. One involves you and your private data as the product; the other does not.
If you're looking to be as private as possible[0], you should either use a custom ROM of Android with Privacy Guard and with Google services disabled (or use something like Replicant or FirefoxOS, if you're comfortable straying from the two dominant mobile OSes).
[0] As private as possible while still carrying around a tracking device 24/7, mind you (cell phones constantly report your location to your carriers, who are not at all modest with this data)
The worst is Google Play Services though. It's basically a way for Google to get your location data, and to generate massive global maps of WiFi networks, rather like what got them in trouble with the streetmap cars. Anyone doubting how important this is to them needs to check their reaction when Motorola wanted to use Skyhook on a device instead: http://www.theverge.com/2011/05/12/google-android-skyhook-la...
Google+ photos auto-upload is opt-in.
The sign in process for Android devices has become ever more convoluted and incomprehensible. People, understandably, complain about the Facebook app, but Google are actually far worse.
Photo backup on Google+ is off by default, you have to enter the settings part and switch it on
Maps: ... / Apple for directions on mobile
Phone OS: iOS
Calendar: iCloud
And then talks about data not given to one company.
Really, is it just a strange joke?
>I don't like to be tracked.
>Phone OS: iOS, etc
But now I think it is serious, if not highly deluded.
Apple makes little to no money by invading your privacy. They've already made money once you bought their hardware. Which is why they will be a much better champion of your privacy.
However, companies like Google and Facebook make almost 100% of their revenue by knowing every detail they possibly can about your life. That's why they try to commoditize hardware and place all the value in your personal information.
And I guess you can opt out of the Google tracking ecosystem even on "Android" hardware
They certainly do. And since I cannot audit any of their upper layer code for any of their products, I cannot have any faith that they don't.
At least with Android, I can get my own spin on AOSP like Paranoid Android.
By the way, I think iAds pertains to Apple, not to Google.
What is the real difference? One is better at doing it than the other?
Google's whole business revolves around showing you targeted ads. Apple's business is to sell you iDevices. Apple will not target you to the point where it's invasive and creepy (although I'd argue even the smallest amount of tracking is invasive, but I've been trying to look at this from Gabriel Weinberg's point of view) because Apple can not do anything to harm its main source of income. Google's job is to track you and they legally (and sometimes illegaly) do everything they can to be successful in their business. They can not hurt their main source of income by being invasive, because being invasive is their business.
For the record, I'm not saying Apple is any better than Google or vice versa. As I said, I've been trying to play the devil's advocate.
If you look at EFFF, Google has had your back longer with lobbywork before the EFF report came out ( https://www.eff.org/who-has-your-back-2013 ) as soon as that got popular last year, all of them upgraded their lobbywork (Apple)
Yes, now they all have 5 stars, but the EFF report first came out in 2011 without them knowing ( https://www.eff.org/who-has-your-back-2011 )... But there was a lot of hype about it last year, so they had to improve their "score-card".
It sure took Apple long enough though :)
http://www.edweek.org/ew/articles/2014/03/13/26google.h33.ht...
Having your own server is definetely a good solution, it just needs experience and comes at a certain price, even if it stays reasonnable. But most people just don't want to be bothered with maintaining the box (hosting payment, security updates, domain name renewal, SSL ceritificate renewal and so on).
However, it is a fantastic way of learning by yourself!
(Almost) nobody can escape the tracking, as long as fingerprinting remains possible: https://panopticlick.eff.org/
Google's/Facebook's/Twitter's JS scripts are literally on every site. Fingerprinting allows them to increase their ROI since it builds more precise profiles on you. The advertising industry is happy and the government is happy. So forget about them not fingerprinting you.
And suddenly the best information they can get is your HTTP accept string.
But, as far as most of the criticisms posted here, they're really unfounded. If you want to be a purist about privacy, you really have to just quit using technology. It's not realistic. Yes, you can be an idealist and try to run your own email server, etc. but it's really about balancing tradeoffs. I also use Apple maps and iCloud and dropbox and Evernote and... many other services we should give just as much scrutiny to as Google.
I don't see my choices as being about riding a high-horse, it's about a diversified portfolio of services that helps me avoid total lock-in. The day that google heavily oversteps with the G+ product strategy or twitter completely goes to shit, I've got a series of alternative services that can pick up the slack.
I don't really see it as a question of if Google will screw up with people's data, it's a question of when.
Doesn't that sound bit too pessimistic? Of course it does. You already trusted Google, why trust another company and risk your data?
What if, from the 10 companies you trust your data with, 2 of the go rogue and use your data against you? OR what if they get hacked, and lose everything? That's what I fear more than giving too much data to Google. I'd rather trust one super reliable guy (Google), than trusting 5 (Self hosting) maybe trust-able, 3 shady guys, and 2 unreliable guys. But that's just me, I make sure all my accounts have 2 step auth.
Exactly. It's not realistic because it's a strawman, and a disingenuous one at that.
No one really wants to be a "purist" about privacy. Indeed, the only way to live a 100% private life is to have a cabin on some uncharted island and never leave it.
Rational people, on the other hand, realize that there are certain privacy costs to living in modern society. They simply want to make informed decisions about which benefits to trade off those costs for.
What the author advises against is giving all your information to one company, i.e. Google. This holds especially true since said company's core business is serving you advertisements and generally controlling your Internet experience (using the "personal filter bubble" described in the article) using the information it has about you. Instead, he is suggesting that people spread their information across multiple service providers so that no single one of them can compile it to get a wholesome picture of who you are. The point is not to avoid giving your personal information (although the less you have to give, the better). The point is to avoid putting all of it in the hands of one company.
Benefits over Vimeo: FOSS, deployable on your own servers, pro-privacy, also supports audio and images.
I helped make it, so take this with a grain of salt.
moreover google has one of the best records of security for a consumer facing company. your data is more safe with google than apple - no question about that.
So what are we left with? Trying as hard as possible to use online services for work (assuming that's your bread and butter) and to be in the real world for leisure, etc. Not always possible, and less possible as the years go on, but a lot better than thinking one (popular) online service will be a safe haven from another.
But... DuckDuckGo just doesn't compete on search results. I changed to it as my default search engine, but I ended up going to Google most of the time.
And switching away from Android... I tried to move to Windows 8 / Phone, but the ecosystem is a joke. Desktop apps don't work well on their small tablet form factor, and the Metro apps are laughably terrible. Microsoft can't even prevent total scams, like $9 fake Netflix and HBO. And they ignore reports about them.
I don't say this out of a belief that Apple is pure and Google is evil, and certainly not out of a belief that Apple shows a deep understanding of security (boy, howdy, do they not show a deep understanding of security). I say it out of my understanding of their business models. Basically, Apple makes money from you because you give them money. Google makes money from you by analyzing the data you send through their services.
"If you're not the customer, you're the product" is too glib by half -- both Google and Apple want to make good products that you want to use, and it's certainly in Google's interest to keep their users (i.e., you) happy. They're arguably much better at online services than Apple is. But Google has a vested interest in "reading" your mail, tracking your searches, and so on. Apple not only lacks that interest, it's arguably a competitive advantage for them to not keep any more information about you than they absolutely have to. They've spelled out in the recent past just what they keep, and it's largely "what they absolutely have to." Apple's corporate culture genuinely seems to be supportive of privacy, albeit tempered with profit-driven pragmatism.
This is not an argument that Apple is full of good and wonderful people (I believe the ad copy should be "magical and revolutionary") and that Google is full of terrible people who hate their users. Not at all. And Apple has had a few high-profile privacy biffs where they were collecting information they shouldn't have been, which leads some people to be highly suspicious of them. I get that -- but we're often handing even more data over to Google routinely because that's what they require. That's their corporate culture: their mission is to organize the world's data, and fulfilling that mission requires them to have access to the world's data. All of it.
And, last but not least, none of this is particularly relevant to government snooping except to the degree that the less information is stored on a server that isn't under your control the less information there is to be compromised. (At least compromised via that particular vector.) If you're deeply worried about that you shouldn't be using either Apple or Google.