This attached quote feels particularly revealing about a worldview at Google. Basically: "invasions of privacy and mass data collection are fine, so long as they’re dressed up as ‘useful’ to the consumer."
https://www.bloomberg.com/news/features/2019-12-11/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in
“I read quite a bit of material online. I save ābookmarksā of all of it on my personal website, sometimes with some additional notes and sometimes even with more explicit annotations. One of the things I feel like Iām missing from my browser, browser extensions, and/or social feed reader is a social layer overlay that could indicate that people in my social network(s) have read or interacted directly with that page (presuming they make that data openly available.)”
“You may have seen this story in various forms over the weekend, starting with a big Wall Street Journal article (paywall likely) claiming that Genius caught Google “red handed” in copying lyrics from its site.”
There’s a separate issue here worth noting as well: all of this demonstrates just how idiotic the whole “licensing of lyrics” business is — considering that what everyone here is admitting is that even when they license lyrics, they’re making it up much of the time. Specifically, what people are noting is that they license lyrics from the publishers, but the publishers themselves rarely even have or know the lyrics they’re licensing, so lyrics sites try to figure them out themselves and “create” the lyrics file which may or may not be accurate.
But… if the publishers don’t even know they lyrics they’re licensing, then what the fuck are they licensing in the first place? The right to try to decipher the lyrics that they supposedly hold a copyright on? Really?
š¤·āā
I signed up to Proton Mail today, as the first step in a push to de-Googlefy* myself, amongst other “silo quits” I’m hoping to do this year. Email is a very minor part of my online life, but it’s part of the foundations, so it makes sense to move this first.
So begins the long process of switching over various accounts to use the new address. I’m not planning on switching everything – for example, I’ll not use it for anything social media related. A couple of important accounts have already switched, and apart from a fewā¦ odditiesā¦ as apps updated their cached details, these switches have gone smoothly enough.
* It won’t be a complete removal, unfortunatelyā¦ for a bunch of disperate but important reasons I’ll need to keep the account open for the time being. Hopefully next year I can cut free entirely.
“This, in a nutshell, is DuckDuckGoās proposition: ‘The big tech companies are taking advantage of you by selling your data. We wonāt.’ In effect, itās an anti-sales sales pitch. DuckDuckGo is perhaps the most prominent in a number of small but rapidly growing firms attempting to make it bigāāāor at least sustainableāāāby putting their customersā privacy and security first.”
So after the preamble, which should give you a frame of reference to what I’m aiming to do in this mini-series of posts about improving my online privacy and security, this short post will talk about the first steps I’m taking to tighten everything up. As this is all at the very beginning of my learning journey, all of these might change in the future. If they do, I will update the post and add a comment below.
In this post I look at two of the fundamentals of privacy on the web: the web browser and search engine. I’m mainly looking at the desktop for now, rather than mobile, mainly because it’s simpler to focus on one thing while I wrap my head around this stuff!
I’ve been using Chrome for years, after it usurped Firefox as the “fast, alternative” browser for Windows. These days, Chrome has become seriously bloated – it’s routinely consuming multiple gigabytes of RAM on my desktop. It may be (usually) fast despite of that, but it slows the rest of the computer. What’s more, it’s so deeply wired into Google’s ecosystem that it’s arguably as much a data hoover for Google as it is a browser.
So I was in the market for a new browser to begin with, and I was looking into alternatives like Chromium or Opera. But once I started diving into things a bit more, pretty much every recommendation for privacy-minded software recommended good-old Firefox, so that’s what I’ve gone with. I followed the configuration guide at PrivacyTools.io, as well as:
Most of the extensions I had installed in Chrome were privacy-minded anyway, so were equally applicable to Firefox. Some additions came recommended. At the moment I am using the following:
The situation on mobile (in my case, iOS) is a bit less clear. For now I’m not using the Chrome iOS app, reverting to Safari with the addition of a content blocker.
The biggest issue with the above setup is it removes a few conveniences: remembering pinned tabs between browser sessions; having to login to websites every time you visit; having to retrace your steps to find a page in the future, if you don’t bookmark it at the timeā¦ that sort of thing. I might do a little tuning on this, relaxing the settings a little, but overall I think this might be one of those things that I need to live with.
Apart from a brief flirtation with DuckDuckGo a few years back, I’ve always used Google as my search engine. It’s constantly been the most reliable, fastest, and all-round best at what it does.
Even so, I’ve never been 100% happy with the fact that Google collects just about every data point they can, that it’s all wrapped up in your Google account, linked to everything you do in their other services, and made available for advertisement targetting (amongst who knows how many other things). As someone who’s had a Gmail account since they were invite only, I know Google has a fucktonne of data on me already; the genie is well and truly out of the bottle in that regard.
That doesn’t mean I can’t stop giving them more data. Sure, they’ll get the odd bit here and there when I use YouTube, or the odd email that hits my old, pretty much unused Gmail account, but that’s really it – if I change my search engine to somewhere else.
The obvious thing to do would be to revert back to DuckDuckGo, as I already have experience of it, and it’s accurate enoughā¦ but I wanted to try something different for the moment, while I’m still in the learning phase of this little project.
I tried all the recommendations at PrivacyTools.io. Searx generally gave me terrible results, but is an interesting idea; Qwant gave me some decent web results, but the included News results were mostly irrelevant, and I couldn’t find a way to turn these off. StartPage had been recommended in other places too, and overall was the best performing of the bunch – possibly not surprising, as it’s effectively a proxy for Google search, so seems like a win-win in this case. For now, I’ve set it as the default search engine in Firefox.
For searches on my iPhone, I’ve set the default search engine to DuckDuckGo, as it’s the best of those available.
So after the saga which was getting rid of a legacy Google Apps service on my “main” Google Account, I had to create a new one. I thought it worth sharing the experience of this, to round out the story.
At first I setup the account with my primary email, with no need for a GMail account. This was straightforward enough, and I was able to setup 2-factor authentication, Chrome browser sync, and re-setup some of the mobile applications.
I had to re-verify my account via a SMS code for a number of services, even after setting up 2FA, which is no big deal really, but you’d think once would be enough.
After a couple of hours, I decided I wanted to make use of Google Now. To get the most out of it I would need to use GMail. No big deal, I can setup some forwarding and aliases to integrate this with Fastmail1. Finding a usable address was the hard part. I must have spent a good 30-40 minutes coming up with and trying addresses only to find they were already taken. A “username90872@gmail.com” address would have worked, because I was setting up forwarding, but who actually wants an address like that? Completing theĀ GMail setup brought a message that while my primary email on the account had now changed, I would still be able to login with the email address I had signed up with.
The Google mobile apps have a nice feature where, if you’re logged into one of them, it recognises your details and you can quickly login to the others. These all worked a treat, except the GMail account. The GMail app picked up that I was logged in to other apps with to my account fine, but trying to login kept coming back with an error. In the end I had to “login as someone else” and login with the GMail address + password instead of the other email address I was using as my login. A minor annoyance, and one which might catch some less technical people out.
YouTube was normal enough, but wanted me to choose between posting as myself, or creating a new Google+ page to post as. I don’t post to YouTube, and I wanted to keep my account as simple/clean as possible, so I went with myself even though I had a slight unease about it. If I did ever start a “channel” I’d probably want to call it something else, but that’s a problem for another day.
I feel a little better about my account situation now. Overall, Google’s account system is a deep rabbit warren of inconsistant WTF-ery, but once you make headway and get some of the key services setup, you should be more or less set.
Earlier on I was trying to find a way to “downgrade” a Google Apps account to a personal account. Well, I found a way. Kinda. Ok, not really – I slipped up and deleted my Google account.
I was a bit naive about what removing a Google Apps subscription entailed. In the absence of any clear documentation, I assumed hoped it would remove the baggage of Google Apps, leaving me with a normal Google personal account (especially as the account predated Apps). It didn’t actually removeĀ Google Appsā¦ but it did remove my access to pretty much every useful Google service. I was locked out of Drive/Docs, Browser Syncā¦ everything I use on a regular basis.
It turns out, that if you want to delete Google Apps, cancelling your subscription is only a partial measure. Whereas in most services “cancel subscription” means “I’m done, so remove all my stuff and let me go” if you want to cancel Apps then you have to cancel, and then do the non-obvious step of explicitly deleting your domain from the service.
At this point, myĀ choice was: buy a new subscription to Apps, putting me back to square one – only paying for it, or completely delete everything to do with the Apps account. So deletion it was.
Eventually I tracked down where in the mess that is the Apps admin area I could find the delete domain button, held my breath, and clicked.
Milliseconds later I was dumped out of Google Apps, and everything was gone. Everything. Ā Even the stuff you’d forgot about, like your Google+ profile, oAuth logins to other sites or logins on other devices, and accounts you forgot were merged, i.e. my YouTube account and subscriptions.Ā My iPhone complained, WordPress complained, Feedly complained, Chrome complained, and so did many, many more! Years of settings, data, and integrations, gone in a button click.
Immediately I had a wave of regret, but also a slight sense of a weight being lifted. I no longer had to worry about the schizophrenic nature of my old account. If I wanted to try a new Google service, I didn’t have to wait for it to be Apps-enabled. Yes, a whole bunch of data was gone, but in a way, that wasĀ good. I would be starting over from scratch, without all the cruft that had accumulated over the many years.
So I guess it’s not that bad, really. Just a little inconvenient in the short-term.Ā I’ve created a new account, relinked any complaining devices, and generallyĀ started rebuilding.
But please, Google, make the whole Apps/Account integration more user-friendly!
I like to think of myself as generally a smart person. I have my weaknesses, but I’m usually pretty good at figuring something out – particularly if it’s tech related. Problem solving is generally one of my strong points.
So why, oh why, can I not figure out how to “downgrade” or migrate a Google Apps account to a “normal” Google account?
For background, I have a legacy Google Apps account, from when I used to run my own-domain email account through the service. I switched to Fastmail a couple of years ago, but by this point the Apps account was my “main” Google account – the one I was logged into all the time and thus had my data attached to.
I wanted to get rid of the Apps part of the account, as it causes some weird issues now and again, doesn’t work with all Google services, and I don’t use it for the intended purpose any more.
But it’s increasingly looking like this might not be possible. I can think of a number of enterprise-y reasons why not, but I can also think of a few use cases where it should be possible to at least allow it. I’ll keep hunting for now.
For someone who’s primarily a developer/support person, I spend a lot of time setting up and configuring – or fixing – servers. I guess this came from an eagerness to learn and I got tarred with the “Linux/Server” Guy brushes at some point!
My interest in Operations has had an uptick again recently, so I’ve been doing a bit of reading of late. This morning, while waiting on news about some work-related activities I’ve come across a couple of interesting articles:
My First 5 Minutes On A Server; Or, Essential Security for Linux ServersĀ by Brian Kennedy is a fantastic little quick-start for securing a Linux server. It’s not everything you need to do, but as noted in the article, it sets the foundations for a secure server which is easy to keep secure. Do these steps first, then go about securing any additional services you need to run.
One thing I’ve been wondering about, is setting up my own email system, rather than run on Google Apps. As convenient as the Google platform is, I do sometimes think I’m trusting them with a bit too much of my information. Recent revelations about the NSA/GCHQ, PRISM, and whatever-comes-next, from Edward Snowden haven’t done much to allay those worries.
But Google Apps isĀ convenient. It wraps my mail, calander, contacts, and many other things into a nice package that is available everywhere and syncs across platform, with Push notifications, search, and other modern conveniences… but never the less, I’ve been thinking about how I could move away from the “Do-No-Evil” Empire, which is why Drew Crawford’s excellent, in-depth article “NSA-proof your e-mail in 2 hours” was a great find. I might spin up an instance on my dormant Joyent account and give it a try on one of my spare domains, so I can evaluate the process and benefits before deciding on moving my primary mail domain.
Other topics which have crossed my path this weekend are system configuration, maintenance, and automation using tools such as Chef and Puppet. The idea of taking a known-good environment and replicating it with just a few commands is definitely appealing – particularly when it comes to tasks such as setting up development/test environments! I haven’t gone too far into these topics yet, but I’m hoping to find the time in the next few weeks to go through some of the articles I’ve found.
That cool little “Coder for Raspberry Pi” project from Google which I linked to earlier doesn’t just run on Raspberry Pi. You can run it on any old Linux PC (Mac works too, but the instructions are slightly different).
I set it up in less than 2 minutes using these commands (note that I’m running Debian Sid):
sudo useradd -M pi sudo apt-get install redis-server cd ~/projects git clone https://github.com/googlecreativelab/coder.git cd coder/coder-base npm install npm start
Node.js is also a requirement, so if you don’t have that, you’ll need to install that at step 2 as well.
Once everything is up and running, point your browser at https://localhost:8081/. You’ll need to specify a password the first time you run Coder, after which you’ll be able to try the environment out. It’s pretty neat, and the sample clone of Asteroids is quite addictive!
This sounds like it could be pretty cool. I’m going to take a look at it over the weekend, as it might be a good way to get my son into coding for the web.
I’ve spent some time this weekend making doing some much-needed housekeeping here, in order to keep it tidy and in a healthy state.
I’ve always found good blogging is more than just adding post after post. It takes a bit of effort behind the scenes; tending to the older content, keeping the “static” pages fresh, and removing any crud that’s accumulated in the sidebars. Keep these things in order, while feeding in good content, and your blog will grow. At least, that’s my theory. Things are slightly different on this particular blog, because it’s a personal blog, not a topic blog – so growth isn’t a primary concern. Hence the title: it can grow and be healthy, but I don’t expect it to be big.
With all that said, what have I been up to?
I decided the new(ish) Twenty Thirteen WordPress theme just didn’t work for me or how I see this site. It was nice and colourful, and good to have as a change, but it wasn’t really “me.” Instead, I’ve switched back to the “Standard” theme (which has been “retired” it seems), with a few tweaks. It’s more structured, and described as a “meticulously designed, hand-crafted theme.” I like things to have a bit of craftsmanship to them, and within that show an element of “control”; Twenty Thirteen felt just a little too chaotic for my tastes. I may still adjust some small parts, but mostly I’m happy with things now.
For a while now I’ve maintained a sidebar list of other places you can find me: social media, profiles on various sites, etc. I’ve tidied this up to remove services I no longer use, or don’t use frequently enough for you to bother with. The Ā four sites in the sidebar now represent the other places you can find me, thatĀ I care about. Apart from Google+… not many people really care about that one, and I’m no different (maybe one day). Google+ is there to maintain my authorship information in Google.
Last year I would cross-post a lot of my Instagram shots over here. Then I deleted my Instagram account, and all those photo posts started showing as broken images. I’ve finally got round to clearing them out. I may have missed one or two, so if you spot one, please let me know!
Over the last couple of years I got it into my head that my blog had to present a “professional” image. An employer (or potential employer) might read it and decide not to hire me based on something I posted. As a result I fragmented my personality across the web, using a different site or service to post content in tailor-made silos. This site was just for technical posts which would show my expertise and how “professional” I am.
It was a stupid idea. It was stressful to maintain, and not as enjoyable. As a result, each site would languish for months without any update, and anything I did post was as much out of guilt as anything. I’ve given up trying to manage these sites, or “reboot” them. From now, this site represents the one “true” me. If an employer isn’t going to hire me over, say, one of the hobbies I’ve written about on my blog, then chances are they’re not somewhere I’d be happy to work at.
I will still use some services for specific needs: Twitter for things too short to fit here, and quick conversations; Facebook or Flickr for sharing photos of the kids with family or close friends, etc. Anything else should end up here. I’ve already imported the content of some other blogs into the archives, and I’m picking through an export of my old Tumblr, to see if there’s anything there worth adding (not likely!).
Directly related to what I’ve written above, it struck me when I was reading through the old posts I recovered from previous incarnations of this blog, was howĀ personal I used to get on here. That has been missing for a few years now, and as a result, a lot of the personality and “voice” has gone. Somewhere along the line I became overly private and cautious about what I was posting, and I honestly don’t know or understand why any more. It can’t just have been the employer reason mentioned above. Did I think I would be seen as some sort of narcissist? This is something I will try to address going forward. I’m also thinking about addressing it going back too. There are large gaps in this blogs chronology which could easily be filled with retrospective and back-dated entries about what was going on at the time. Some of it could even be quite useful for myself, as a way to reflect.
I’m not 100% certain though. While it could end up OK, I don’t want to post something inaccurate because my memories of the events have been tinged or faded by time. Especially where there’s other people involved. It’s OK to make a mistake about something just about me, but it’s not OK when it could impact or upset someone else.
I have made a baby-step of a start though. I have added some photo galleries to the site. Most were taken in the last year, but I’ll be going back and picking out other suitable subjects/events to post up. Galleries are backdated to the event/date they were taken, to distinguish “old” ones from any I post in the future. There will be a mix of subjects, from holidays, random photo-shoots, modelling projects… whatever really!
Going through this exercise ties-in to some thoughts I’ve been having recently about my “digital identity,” who controls it, and what it means. These thoughts inn turn, have spun out of me stepping away from Facebook for a while. I’m trying to shape these thoughts into something fully-formed so I can share them on here.
TLDR; I’ve switched from an iPhone 5 to a Google Nexus 4.
OK, so I’m behind on the times a bit. The Google Nexus 4 has been out for several months, and I’d paid it no heed. I’ve been chugging along with my bought-at-launch iPhone 5 in that time, and barely paid the Nexus any thought. I read the reviews, and concluded it was a great Android phone, but I had no wish to rush out and buy one.
Then something strange happened.
I’m not sure why, but I got disenchanted with my iPhone. I never had that with my 4S, or 3G/3GS, despite the 5 being – in every way – better than all of them. Once that feeling settled in all the little niggles started to grate1. The easily chipped and scratched aluminium casing (as gorgeous as it is to look at); the way the sharper edges of the back felt in my hand; the random network-stack drop-outs; the hoops you sometimes need to jump through to share files/data from one app to the next; the keyboard that seemed to miss random presses, and still took me longer to type on than I could on my 4S (where I could at times type whole messages without looking at the screen).
I caught myself checking out other phones in the stores. Clearly it was time for the iPhone and I to “take a break”.
I looked at Windows Phones, but decided there wasn’t enough there to make it last. Blackberry? Err, no. That left Android.
I have a history with Android. I bought the HTC Desire HD on pre-order, as it had been loudly proclaimed “King of the Hill” at the time. Before it was even in my hands its crown usurped by (I think) the Galaxy S. We had some fun times, but I could never get along with the Sense UI. I rooted and flashed the phone, trying ROM after ROM. The experience was akin to installing Linux on an early Centrino laptop (anyone who tried it, back in c.2002-2003 will know what I mean) – where a feature worked, it worked very well… but only if you could live with theĀ unsupportedĀ stuff. In the end, as much as I enjoyed parts of Android, I ended back in the warm embrace of iPhone.
Anyway, as I was saying, Android seemedĀ the obvious choice, but which phone? I immediately gave up anyĀ notion of trying to get a phone that would be top of the specs pile for more than a few weeks2. I also ruled out those ridiculous “Phablets” like the Galaxy Note 2. The recent HTC phones look brilliant, but they’re still packing Sense. Sony’s Xperia line look distinct, but seemed to come with another GUI skin and a load of unneeded apps. Samsung… well I’ve never had a good experience with Samsung’s phone build quality, and they have the TouchWiz skin3… lets just say I ruled them out quickly. There’s the also-rans, but I was keen to get a phone that would get at least a few regular OS updates in its time.
I think I’d initially dismissed the Nexus because there was nowhere locally I could find one to try it out. Eventually I found somewhere with a display model, but I still couldn’t test it because the security system used by the store blocked most of the screen. In the end (after a couple of weeks mulling it over) I went ahead and ordered one through the Play store anyway4. A little over 24h later and the phone arrived.
First impressions were good. The unboxing experience was nice, and theĀ first switch-on and setup was very fast. Within a few minutes my phone was syncing all of my Google services. If you use Google apps, then the experience is very, very smooth – everything “just works”. Contacts, Calendars, GMail, Google+, Picassa, YouTube, Music… all setup with just one login during start-up. I had some data issues with contacts and calendars, due to the way I had my iPhone setup, but that’s the subject of another post.
Of all the apps I regularly used on my iPhone (a decreasing amount recently), the only one I haven’t don’t have is Everpix, but I can keep using that one on my iPad Mini. Everything else either had an Android version – even my banking apps5 – or a suitably good equivalent (Falcon Pro instead of Tweetbot, for example).
Android itself has come a long, long way since I last used it. Jelly Bean is amazingly well polished, and the experience is very smooth. Coming from an iPhone, things do take a while to adjust to. I’ve found myself missing notifications on the lock screen, and application badges as indicators of which app just beeped at me. This is something I’ll get used to I guess.
If I can get round to it I’ll post a more comprehensive look at the Nexus 4, but for now I’ve not had it long enough to form more than first impressions. What I will definitely write-up is some of the experiences of moving my data from iOS/iCloud into Android/Google.
Things said about the iPod Mini:
Things said about the iPad Mini in the 24 hours since it was announced:
Even though I doubt I’ll be buying one in the short-term, make no mistake – I think the iPad Mini will sell in droves, just like the iPod Mini went on to.
I confidently believe it will outsell the Google Nexus 7, and probably also the Kindle Fire (the biggest competition in my mind) this Christmas, despite the much higher price. Apple has shown consumers will pay that extra “tax” for the overall experience. Not only that, Joe/Jane Consumer can now see the name brandĀ iPad on sale below Ā£300 for the first time. That’s a really big deal for anyone not trapped in the Tech Bubble.
There is one thing on the internet that is ā without a doubt ā causing more buzz than anything else at the moment. No, not the new Harry Potter film (worth going to see, by the way). Iām talking aboutĀ Gmail.
For weeks since it was announced, the blogosphere has been buzzing about it. Some have snorted in derision, some have placed it high upon a pedestal. Gmail isnāt even fully open to the public yet ā it requires an āinviteā.
These invites are highly desirable, so it would seem. All over the place, Iāve seen various contests to win an invite. SomeĀ ask you to come up with something funny.Ā Others just want a linkĀ (so can I have my invite now? šĀ Ā ). The slightest mention of having a spare invite prompts a deluge of people you donāt even know asking for it. Googling forĀ āGmail InvitesāĀ returns page after page of people pimping this strang type of gold dust.
I guess itās this process of invitation only accounts that are making everyone want Gmail so badly. To be in an āexclusive clubā is quite a draw for some.
If itās not that though, what is the draw? Is Gmail any good? Iāve put out the feelers (ooh-er) for an invite, so Iām hoping to be able to find out for myself, but maybe someone could enlighten me?
Isnāt just another web-based email service?
