I bought the
listnux.com domain name in December 2018, with the idea of creating list posts about Linux, Unix, open source, coding and more. After much procrastination, I am ready to kick off this blog, with a list on our basic human right to privacy and how it is daily compromised in this digital age. Human rights, for me, is a concept tightly related with my interest in open source, FLOSS software and Linux/Unix.
People much, much smarter and much better informed than me, have written about how the society of the 21st century has become completely Orwellian and we have volunteered all our data to the "Big Brother". Ironically, I discovered a good number of these smarter than me people on Twitter. Before reading some of their thoughts, I was almost convinced that I am the paranoid one.
So, why would I add my voice to the void? Cause their voices are not heard enough. Cause their concerns do not worry casual technology consumers, like me and you, as much as they should. Privacy is not only for activists, journalists, and criminals. Privacy is not only for those who have something to "hide". Hell, having something to hide has become suspicious, when it is an absolutely normal thing and a basic human right. Nobody is entitled to know my medical history, income and what I talk about with my friends. Info about me that is not illegal, suspicious, immoral, etc, but it is simply personal.
Anyway, let me kick off this blog with my very first list:
Biggest offenders of our right to privacy:
|Instagram, WhatsApp, Facebook Messenger|
|Are Twitter, LinkedIn, etc, safe to use?|
One of the biggest offenders is the Google-owned Android operating system for smartphones. Android is so pervasive, that the majority of phone users have created a Google account in order to enjoy the features of their phones. Android has control of your phone contacts, location, makes you browse through Chrome browser, makes a record of your phone number (easy to combine with your email, location, apps you like, people in your contact list, etc).
What's a good alternative?
- Many say iPhone is a better alternative, more privacy-focused. Given that I have never used an iPhone, I live in a country where the cost of an iPhone is quite close to an average monthly salary and that I am not happy to trust any mega-corporations with my data, I wouldn't take this road.
- The LineageOS Android Distribution can offer a completely de-googled smartphone experience. Again, I have not used it, so I don't really have an opinion, but it seems like a great idea.
- The Librem 5 phones from Purism, again with a pretty prohibiting price tag, are an actual effort to design both hardware and software with privacy, convenience and security in mind.
- The upcoming PinePhone, internally codenamed Don't be Evil, is another very interesting project, that will hopefully release an end product by the end of the year, with an affordable price. Development kits are already available, after contacting the Pine64 team.
- For those who are not willing to flush their phone with the LineageOS or wait for more privacy friendly phones to be released: You can avoid the Google Play store, by using instead FOSS (Free and Open Source Software) apps from F-Droid. If you absolutely need apps from the Google Play store, you can also find them in the Yalp store, which downloads the executable files (apk files) of apps directly from the Google store, for you (get the Yalp store from here)
- Buy a phone that, you know, makes phonecalls? Not every device needs to be "smart".
Ah, Facebook. After all the privacy scandals of the last years, it feels silly to even state that Facebook is an enemy to our privacy. Facebook is an enemy to privacy and personal data. Everyone should already know that. Right?
Apparently, not really. Facebook not only is still very popular, but even users who decide to quit Facebook itself, are not always aware that other social networks or messaging apps that they are using, are still owned by Facebook and their data is still property of Facebook (see below for details on Instagram and WhatsApp).
Many Facebook users have invested in making their personal platform in Facebook for over 10 years, and they find it difficult to move. Also, the average user might not be aware of all of the privacy breaches, trading of personal data, using your Facebook friends for advertisement, etc. Many are not aware that almost every page that has a "Like this" button, sends your browsing data back to Facebook, even if you are not logged in, or if you don't have an account.
But, more importantly, users might not be aware of more privacy-friendly alternatives to Facebook, that help you keep in touch with your friends and exchange photos or opinions.
Some alternatives to Facebook
- Friendica is a decentralised (or "federated") social network that resembles a lot to Facebook, and offers many similar features, such as profiles, photo sharing, events and posts.
- Diaspora* project is another federated social network, that similarly to Facebook, allows the creation of profiles, photo sharing, etc. Additionally, it makes uses of hashtags, mentions, re-shares and more.
- GNU social is a microblogging service, more similar to Twitter, also decentralised.
- Mastodon is also more similar to Twitter, also decentralised.
A quick note about federation/decentralised networks
Federated social networks are services that are distributed across various providers. Most federated networks allow communications between users of the same network on different servers, but also between different networks. Thus creating a large, decentralised network, known as the Fediverse. For example, if you have a Friendica account, you can connect with your friends who use Mastodon, or Diaspora, without either of you needing to create a new account to another network.
As mentioned in the Facebook section above, many people have stopped using Facebook. However, they still use Instagram, and the WhatsApp and Messenger messaging apps. What's wrong with this? Instagram, WhatsApp and Messensger all belong to Facebook. The same company is behind them all, the same people collect the same data, and they can cross-reference your browsing habits even better, by having you using more than one application owned by the same company.
What's more, Facebook plans to integrate all its messaging services, to make it easier to share data across all three platforms, collect more complete user profiles and better target users with advertisements.
What's an alternative to Instagram?
- PixelFed has a very similar interface to Instagram, and it is a part of the Fediverse, allowing you to follow people on Mastodon, Friendica and more networks.
- Textile is an open source project that, for the moment, requires joining a waiting list for an invite to use. While it is not a part of the Fediverse, it is also decentralised and privacy-oriented.
Some messaging app alternatives to WhatsApp, Messenger, etc.
- Signal is a popular messaging, video and voice call app, that has a strong reputation for privacy.
- Telegram is another privacy-oriented messaging app, that offers, among other features, group chats for up to 200000 users.
- Viber, while PRISM Break specifically recommends to avoid it, it is a quite popular app that offers end-to-end encryption and claims to be strongly privacy-oriented (in fact, due to Viber's big popularity in Greece, I personally use it almost exclusively for messaging).
Together with Facebook, Google is the other big privacy offender and it is a company that has swiftly taken over the web and managed to be in the position to make the rules for others to follow. By acquiring smaller, promising startups such as Android Inc (mentioned above), YouTube (see below) and by aggressively pushing the use of Chrome browser (see below) early on, as bundled with Windows freeware programs, aggressive advertising on the Google search page, etc, it has become the biggest player on the web today.
GMail was an innovative email service, with huge storage, slick interface, minimalistic look and abilities to sort your emails by tags, folders, etc. It soon became integrated with other Google services, such as Google docs, and, eventually, became one of the many products operating under a single Google account. Google Maps, Google Voice, Google Hangouts, GMail, Google search, Youtube, even the ever-popular Chrome browser and the Android operating system collected basically all your web activity under one, unified account.
De-google-ifying our lives has become a very difficult task for many, who are reliant on the many, no doubt outstanding services offered by Google, and are free, convenient and pervasive. As such, we allow, for our convenience, Google to have full databases with our communications, searches, locations, games we play, and more.
Some alternatives to GMail
It is beyond the scope of this article to compile an exhaustive list of all alternatives to Google services. Especially since there are already excellent collections of ethical alternatives to all sort of services, that we can find on switching social or PRISM Break or privacytools.io. Instead, I will list a few privacy-oriented email services that are worth to give a try.
- ProtonMail is a service that I personally use and cannot recommend enough. Based in Switcherland, a country with historically strict laws around privacy, they offer an ad-free email service, with end-to-end encryption for emails and an open source email client. The basic account is free, but the paid tier offers much more options, such as mails to your own domain, and you will be supporting an excellent service.
- Tutanota is another privacy-focused email service, that also offers a free basic account and paid options for more features.
- Posteo is an email service by a team who strongly emphasises privacy, security and green energy. Their very affordable service offers no ads, 2GB storage and encryption options.
- Runbox is another service I use (in fact this blog's email is powered by Runbox), and I signed up mainly because it is a more affordable option than ProtonMail for multiple email aliases. Like Posteo, it emphasises its use of green power. They offer encryption while emails are transferred, though mails are not encrypted while stored on Runbox's servers.
You know where this goes. YouTube. Owned by Google. To upload a video, comment on a video, subscribe to a channel, you need a Google account. Yet another crucial piece of your personal data is aggregated, analysed, and used for advertisements to specifically target you, knowing your music tastes and the kind of videos you prefer.
Are they any good alternatives to YouTube?
That I know of, not any great one. Here are some options worth considering:
- Invidious is an open source front-end to YouTube. It is just that: a front-end. It allows you to watch YouTube videos and subscribe to channels, with no Google account, no ads and automatically proxies your connection to YouTube and Googlevideo, so that Google cannot fingerprint your usage.
- PeerTube is a federated video hosting network, without ads and tracking, that allows you to upload and share videos.
- MediaGoblin is a part of the GNU project and offers the necessary software to run your own instance, or you can register to an existing instance.
- More of an imgur alternative, put.re allows storage of video and image files with direct link, no ads and server side encryption. I have used it a bit in the past year; however lately I seem not to be able to upload any video, so I cannot recommend it for now.
I will not repeat myself. Everything mentioned above about surveillance by Google, applies to the usage of the Chrome browser. Chrome sends data back to Google, and its derivatives do as well. The open-source Chromium browser still has some dependency on Google services and does many background requests to the Google servers. Here are some Chromium built-in features that Microsoft turned off or replaced for their new, Chromium-based Edge browser.
Now, obviously Microsoft will replace many of these services with their own, but it is telling to see so many connections to Google servers shipped with Chromium. Other Chromium-based browsers, such as Vivaldi try to connect to Google public DNS or send background requests to Google services.
Now, there are some projects trying to "ungoogle Chromium", such as ungoogled-chromium, but, seriously, why use Chromium at all? There are some excellent browsers that do not call back home to Google.
Firefox + extensions
Firefox browser should need no introduction. It has existed for years before Chrome, and has been the main alternative to Internet Explorer for a few years.
Firefox is a fast, extensible browser, with many built-in privacy features and a plethora of add-ons that can enhance your privacy.
Suggested Firefox add-ons
- An ad-blocker, such as uBlock Origin. Alternatively, Adblock Plus gets some bad rap, as it allows "acceptable ads" by default. I actually use Adblock Plus, personally, and, since I consider no ads acceptable, I turn the option off.
- An extension to block cross-site requests, such as RequestPolicy Continued or uMatrix. For even more control of what scripts run in your browser, you can try NoScript - it blocks all scripts by default and you can selectively allow them to run on sites you trust.
- Firefox Multi-Account Containers, to isolate cookies on the current tab. As an interesting companion addon, Temporary Containers allows you to open new tabs in disposable containers.
Seamonkey is a suite that includes a browser, an email client, a feed reader, IRC chat and a WYSIWYG (what you see is what you get) HTML editor. It supports almost all the old Firefox add-ons, that worked in Firefox versions up to 56.0, when Firefox changed the add-ons structure to web extensions. You can use Seamonkey with Adblock Plus, RequestPolicy and NoScript and have a fairly private browsing experience.
Seamonkey is really not popular. However, I have been using it for a few years, since I hated the Australis theme with the tabs on top. It is still installed on my desktop and I open it from time to time as an alternative browser.
The Tor project offers anonymity by default. It directs traffic through a worldwide network of relays run by volunteers and it is an effective way to conceal your location.
Short answer: no. Twitter, LinkedIn (owned by Microsoft), Pinterest, Vimeo, Outlook, Yahoo Mail, Amazon, eBay, etc, most of the most popular webservices that we use daily, track us aggressively and collect our data, to either serve us targeted ads, or to sell to data brokers.
As this article was already becoming way too long, I decided to focus on what I consider the two biggest offenders (Google and Facebook) and their products, and to the services that are the most popular and pervasive in everyday use.