So I kind of want to get out of the Gmail ecosystem, and have been eyeing Proton as a good replacement, but I can't help but to think that nearly all of Proton's selling points and marketing points are all smoke and mirrors.

And I don't know, maybe I'm looking at this entirely the wrong way, I am just really struggling to see the appeal of Proton.

First, I'll start with my "threat model".

In general I want to be more anonymous online and slip under the radar better.

I'm not planning on doing anything clandestine, but with the direction the US is going, I'd rather not be an easy target if I want to be active in activism spaces if you catch my drift.

And I'm also interested in staying off of databrokers radars, or obfuscate myself to prevent coherent tracking.

With that being said, it seems that even with a proton email if someone wanted to find my identity they could, data brokers or governments alike, even if I pay for my subscription with cash.

And not that I'm really worried about that, but to me that negates like the entirety of Proton's marketing gimmick.

And I'm failing to see what functional benefit Proton has when it comes to privacy outside of just being "aesthetically private".

Here are some of my concerns, please feel free to correct me if I'm completely offbase with any of the logic below, but this is just my initial thoughts, and I'd love to hear some feedback and/or be corrected or provided more context.

1. Why does the encryption of the message body matter if the envelope and address are is still exposed? If a government or data broker can get the sender/receiver info, timestamps, and my IP, they have a map of my life. Isn't the "private content" just a distraction from the real leak? Like other than not having my emails used to train AI or data being sold to data brokers, I can't find a functional improvement or benefit to my daily life to use Proton outside of thinking "Yeah, fuck The Man" every time I log in. Like I am more worried about governments and data brokers knowing who I'm sending/receiving things from than I am about the content of those messages being exposed since I'm not going to be monologuing evil plans over email, and I really don't care if the databroker tracking me knows that I bought a case of liquid death root beer 4 times in one month since they get that information from Amazon or whatever website anyways.

2. Everyone talks about "Swiss protection," but isn't that just a speed bump? If the U.S. government goes to Switzerland with an MLAT request, Proton has to comply. And even if I've payed with cash, they can still be compelled to log the IP logins and hand over the alias emails and primary mailbox used by that account and the metadata. So if I sign up for something using an alias, they can take that alias and file an MLAT request with Switzerland to get my main email, the metadata for my entire inbox(just not the body content) and the other aliases tied to that account, and then do a search for any services using those emails to find my identity. They could technically use an alias email I've made, send an information request to Switzerland/Proton, get back a list of aliases and email metadata, find that I used an alias to sign up to a pizza delivery service, then subpoena that pizza delivery service for my name, phone number, and address, at that point what's the point? Is the point just to make it harder for them? I'm not planning on doing anything that could get them to want to subpoena my emails ANYWAYS, but what's the point of making it harder for them outside of again, just thinking to myself "haha fuck you" every time I send an email?

3. Even if I use an alias, if the site I use the alias on gets tied to my online data/identity, then my privacy is broken, right? Like lets say I want to sign up for a new site called godotshaders.com, I use a proton alias to sign up. This site then collects that data, my IP, my cookie data, browser user agent string data, and that I'm logged into some account with my other non-proton email, etc, that gets tied to my browsing data they're collecting, and suddenly they've linked that alias email to my advertising profile and other browsing. Rinse & repeat. Now all the aliases are tied to me. I don't see how these emails help with online advertising tracking.

4. I have tons of accounts I use, my bitwarden login count sits at around 850 logins, but I probably only regularly use a small fraction of those. But if I end up changing my email on a lot of those accounts to the proton email, even a proton alias, all that does for data brokers is potentially tie every one of those new alias emails to me. And at that point there is no difference in my data broker information just that I have 850 different alias emails. But my data is still tied to those accounts. So AGAIN, what's the point of this? Do I need to sign up for everything from scratch in order to maybe have privacy?

I forgot my driver's license today but had my phone with me. I remembered seeing stories that google and apple both allow these (for some states) in the digital wallet.

Before doing this, I thought I would ask people here to weigh in on whether it is a good idea. Is it considered secure? Is it going to cause me more privacy issues than a physical card in my wallet?

This is also related to recent discussions about online age verification.

This is a related Tildes post from last year: Google Wallet adds age verification and more government ID support

as a grapheneOS user, I obviously care about my privacy, hence why the iPhone will not be my main driver, the grapheneOS device will continue to be.

but I might be getting a free iPhone soon and I have an idea of what I would use it for (Podcasts as Apple Podcast is the best cross-platform podcast app I have come across) but am not sure what else I would be comfortable using it for as I don't know what actions are safe without having Apple gather that much data or telemetry on me.

I know that I won't be using iCloud on it. I have no need for Apple's data storage. Nor do I see myself ever using the App Store, except for installing a VPN app. I might install Signal on it but not anytime soon (not least of which cause Signal does not yet support multiple smartphone usages for the same device). I definitely won't use iMessage as I don't believe in using a messaging service that is limited to a specific ecosystem.

I will note that I wont install a SIM on it. It will be using Wi-Fi for the foreseeable future.

Given these things, i am not sure if there is anything i should be on the look-out for in terms of privacy concerns with the usages I have outlined above

Edit:

Based on the answers to my post, I am getting the sense I didn't explain my current situation, which fair enough.

I have audio and video podcasts I consume, for my audio podcasts that I tend to listen to while commuting and exercising, AntennaPod proved a God send for this, to the extent that I wanted to support the app financially until I saw that they said their costs are already covered and it made me appreciate them even more for their honesty.

However, I have a free iPad I got by accident (not worth going into here) and I prefer to consume my video podcasts on a bigger screen than my google pixel. I don't trust Google with tablet development after a bad experience with another tablet I had from them so that was out. so I decided to just use the free iPad and was delighted to find their Podcasts app also supports videos.

However, I wanted 1 service that I can use on a phone and tablet. AntennaPod does not have any iPad apps. I saw this page and the 2 alternatives seemed to be Pocket Casts and Podverse. I tried Podverse but the iPad app would not even launch for me, it crashed every time so I said goodbye to that.

reading into pocket casts, it seems they do collect some data and they do have the option opt-out of that but that could very well change, which means I'd be in a situation where I could be paying for a product while also having my data collected and I disagree with that business model.

So, Apple Podcasts is probably collecting some data on me but I figured all it knows is what podcasts I listen to, which isn't terribly useful (I hope) considering I have subscribed to podcasts from a feed I generate myself.

And I happened to already have an old iPhone lying around at home so I decided to switch to using that for my audio Podcasts and use my iPad for video podcasts and its sometimes glitchy since I would call the Apple Podcasts synchronization experience (between devices) half-baked at most but I can make it work for my use case. So I am already using a separate iPhone just for podcasts and I might be in the position where I get a new iPhone which would replace the current iPhone but not sure what new threats to be aware of privacy-wise. I would be upgrading from an iPhone SE first gen to whatever new version I am getting.

(I wasn't sure if I should post this in ~talk or ~tech. I went with ~talk because I feel like I'm about to spend a whole lot of this post rambling. Also, be warned: This is a long post.)

A summary of this post: My personal decision to try to preserve my own online privacy, the chaotic equilibrium that is me attempting to make sense of my feelings towards AI and the current zeitgeist, and the tiny concessions I've had to make in navigating all of this makes me feel, at best, tired, and at worst, a crazy person. I am tired of the direction the internet is going, I am tired of the endless discourse about AI, and my chronic tiredness is all marinating together into a tired admixture of tired chicken soup.

First of all, hi everyone. I don't post here as often as I maybe would like to. Randomly chiming in with a big ol' post like this a bit daunting. Participating in an online community isn't a muscle I flex very often nowadays, which is actually relevant to what I'm about to talk about.

Lately for a long fucking time now I've just been tired of the direction in which the internet, specifically the "corporate web", has been heading. This all started when I first joined Tildes; around that time was when the big Reddit API fiasco happened, leaving a bad taste in my mouth, and it was not long after when AI started to become A Big Thing. If you had asked me why these things had left a bad taste in my mouth back then, I wouldn't have been able to respond with anything articulate, just "big tech bad".

In the three years that have passed, I've developed enough of an opinion and have gone through enough soul searching to give a more concrete answer to why I don't like how things are going:

• Everybody wants my data, and I'd rather not give it to them
• I am tired of finding figurative AI hairs in my figurative sandwich
• Every company wants infinite growth at the expense of everything that made that company good, if it was ever good
• It's really hard to find a third space on the internet these days
• Almost nobody I know cares about any of this

Among privacy-conscious folks and small internet communities like Tildes, none of the above are particularly novel thoughts. And yet I think about all of this frequently enough that I felt the need to post a topic here for discussion. In this post, I'm going to get on my little soapbox, recount how I got to this mind space, and attempt to explain why I find all of this both endlessly tiring and constantly present in my mind.

Everybody wants my data, and I'd rather not give it to them (and almost nobody I know cares about any of this)

In the past few years I've taken the steps realistic for me in order to protect my online privacy. Why? Well, I hate being advertised to. I hate the idea of surveillance-as-a-service. I'm fortunate enough to be able to just pay for, or configure/self-host, things that do the thing they're supposed to do without knowing that I'm a 512 year old nonbinary alien from like, Nova Arrakis Prime the 2nd, Esq. or something (I am not that old, that is not how I identify, and I'm obviously not from there). I just don't buy the idea that everybody on the internet is a consumer who needs to accept this compromise in order to participate. Again, this might not be novel for a lot of you reading.

For me this has involved switching away from Gmail as an email provider, ditching Windows for Linux everywhere, cancelling my YouTube Premium subscription, deleting Facebook/most Meta stuff, browsing behind a VPN, etc. Some things I'm working on going further on; some things, like deleting Instagram, I don't want to do because that platform is how I connect with a lot of my friends. Essentially I've done what's realistic for me.

All of this has worked out fine for me. My quality of life has not measurably changed as a result, other than maybe the fact that it's slightly inconvenient to open up a new browser session and log in to my otherwise-abandoned Google account just to interact with a random Google Sheet someone sent me.

The first bit of mental friction stems from discussions I've had with my partner on this topic. She's also privacy-minded, and so isn't against the idea of taking very similar actions. But she's not in a place where she can just do so as easily as I did, either because it's massively inconvenient for her (all of her data is holed up in Google services), would require a very large mindset/workflow shift (She is not technical enough to switch to Linux without a ton of friction, for example), or would damage her relationships (It's completely unrealistic to get everybody she knows to switch to Signal tomorrow - hell, she doesn't even want to do it herself to message me). I want to be very clear that none of this is inherently bad or a stain on her character or whatnot. My point is that privacy looks different for everybody, especially over time.

Extrapolate that friction out to people who aren't as close to me though, and it feels somewhat like dying by a thousand cuts. Not in the sense of mental anguish, just general fatigue. Over 50% of my communication with my good friends takes the form of them sending me memes on Instagram. I react and reply because I'm not just going to ghost them because of muh privacy. But there's that like 1% of my brain that goes "yeah I wish you wouldn't do that". I have not bothered to ask them to stop, because I don't (yet) care to proselytize to them in the name of privacy at the risk of shutting down what is effectively one of their love languages.

The thing is, they either aren't aware of the degree of data collection going on on every major internet platform, or they don't care. I do not believe myself in the slightest to be superior to them because of this. I don't fault them for either, and I, again, don't care to intervene because I don't want to be the person that gatekeeps the entire internet from them in the name of rebelling against big corpo.

So yes, I would say the majority of my friends are not as opinionated on this as I am. Because of this, I sometimes feel I'm a little crazy whenever I propose to my partner the idea of self-hosting our own file storage, or when I happen to say "Yeah, I try not to use Google Maps really. Why? Oh, I just don't want them to know where I've been". But then I talk with those of my friends who share this mindset, or browse online communities which do, and I feel normal again. And then I bounce between these circles, and I feel, I dunno, weird.

Interlude: The AI bubble and my pride as a software engineer

Frankly, I don't know how to feel about AI. This is compounded by the fact that I am a software engineer both by trade and as a hobby.

As a cultural phenomenon, I am pretty sick of it. I cannot stand AI-generated ads, AI-generated media, AI-generated writing, AI-generated whatever. I also cannot stand ads about AI-generated ads, AI-generated media, AI-generated writing, or AI-generated whatever. The last time I was spoonfed information about a topic to a remotely comparable degree was back when crypto/NFTs were the monster of the week. This round of industry hype has felt orders of magnitude more prevalent and exhausting.

As a software development tool, it's... fine. I was pretty against AI-assisted coding at first, but after having learned how to properly utilize it (whatever "properly" means), I've found it pretty helpful as of late. I'll usually hand-write the code and patterns I want the LLM to use, tell it "ok, now do this everywhere", approve/reject its output, and it gets a lot right with an acceptable amount of post-fact correction from me. It's also been useful as a learning tool: These past few months I've been working on a project that involves data mining/parsing a proprietary encryption/encoding format for a reasonably popular video game. I was not comfortable working with binary formats to this extent before, but after several back and forths with Claude and an earnest effort to understand just what the fuck it was writing to my codebase, I feel somewhat more knowledgeable now.

The tension I've had to balance given my above stance: I work at an AI startup.

Everyone around me is AI-pilled out the wazoo. This isn't meant to be an insult. They're all great people whom I get along great with, and I like my company/don't hate our vision enough to jump ship (inhales copium). It's just that I constantly have to deal with stuff like:

• Vibecoded PRs, which I have the wherewithal to push back on when appropriate, but in so doing must balance maintainability vs. urgency (and all that other pragmatism crap that comes with being a software engineer)
• AI-flavored communications - I do a mean ChatGPT impression. "That's an excellent observation. The tension you're feeling isn't imagined. It's real. If you want, I can break down the reasons why people tend to pour the cereal before the milk—just say the word."
• Building the meta-inference layer through a combination of carefully curated ground truths, a robust evaluation pipeline, and a multi-step, quantized agent selection algorithm that's resilient to both external disturbances and continuous platform evolution (this is basically a real sentence I had to read in an engineering strategy document someone put out)

And so, similar to the privacy dilemma I spoke about earlier, I find myself constantly doing mental gymnastics while working here. I am one of a few cynics in a room full of zealots (Again, I'm not trying to paint myself as some pariah here - I'm in this situation by choice, I'm just trying to note the juxtaposition). It would be easier if I just flat out hated the idea of AI to its core - I could just leave and choose not to engage with AI anything - but no, I use it, and I find it useful. In fact I enjoy applying software engineering principles to AI, because it's an interesting set of problems to wrangle.

Again, death by a thousand cuts. Firstly, I hate the prevalence of AI in mainstream culture, and I hate how it's being pushed as a panacea in my industry. Secondly, I don't hate AI as a tool. Thirdly, I'm surrounded by the first thing. Fourth: I have to explain my job to my friends and family. Doing so usually results in them asking me surface-level questions about AI (which I don't mind entertaining), them relaying how AI is god/the devil because it made them look like a Disney character (which I am tired of dealing with), or them asking me what my opinion on AI is (if I were to give them the whole story, it would be this entire post, so I just go "eh, it's fine").

My point with this section: I feel I am constantly doing mental gymnastics to justify the attitude I have towards AI. My stance is somewhat neutral. I read a blog post absolutely glazing it, I roll my eyes. I read a blog post absolutely trashing it, I roll my eyes. I think about AI, I roll my eyes. It's all just so tiring.

And also, as is evident by now, I have an Opinion about all of this. Am I crazy? Wouldn't it be a lot easier if I could just roll over and accept AI for what it is?

Turbo capitalism has fucked up how I navigate internet communities (and almost nobody I know cares about any of this)

The most recent development that's caused me to think about the topics presented in this post is Discord's recent rollout of its identity verification system. There has been plenty of discourse on this topic as of late, so I won't go on about too long about it here.

I view this motion by Discord as the next step in the enshittification of that platform. Given my views I've shared on surveillance capitalism as well as AI's effects on the industry and the garbage shoveled into the world by its most annoying proponents, you won't be surprised that my reaction to this news is negative, and I am currently deciding on whether or not to divest myself from Discord completely.

This decision is a small dilemma for me. On the one hand, muh privacy. On the other hand, I am part of a server centered around that one video game for which I'm working on that side project, and leaving the platform means severely reducing my participation in that community, because there's no way in hell they're moving that server off Discord. I don't know which way I'm going to go. This is also the same dilemma that occurred when I decided to partially divest myself from Meta and the like: Do I care about my relationships with my friends/family more than I care about muh privacy? (Yes).

(I feel like I'm finally getting to the point of my own post here...)

I'm very tired of the fact that these small dilemmas and points of contention have been popping up for me fairly consistently over the past few years. If we all just held hands and prayed I'd have it my way, I wouldn't have to choose between being an outsider in X community and *~\muh privacy~*, and I'd be 6'3" and jacked. But the way the corporate web is developing towards the endless rat race of turbo enshittification, I feel the rate at which I'm going to have to make these kinds of choices is going to be as consistent as it is now, or it's going to go up. Probably until I die.

Epilogue: The side project I was working on

I mentioned I was working on a video game side project. I feel it encapsulates the gripes I describe within this post pretty well, because it contains the following elements:

• Parsing binary data of a proprietary encoding/encryption format (I previously didn't know shit about how to do this, so I used AI to help me do it/learn more about the topic)
• A website which acts as a game database/search tool for in-game entities (I wanted to contribute to a community I'm currently deciding whether or not to somewhat isolate myself from)
• A Discord bot as an alternative method of interacting with the application/a way to submit drop table information, all of which must be crowd-sourced (Discord Bad. I figured I'd just stand up an authenticated REST API and let others do a Discord integration if they want, but still, I wish I wasn't about to force myself to cut this out of my roadmap.)

If you managed to read through all of that, thanks. I've been writing for like an hour, and I feel my ramblings have become more nonsensical than usual.

A summary of this post (copied from the beginning): My personal decision to try to preserve my own online privacy, the chaotic equilibrium that is me attempting to make sense of my feelings towards AI and the current zeitgeist, and the tiny concessions I've had to make in navigating all of this makes me feel, at best, tired, and at worst, a crazy person. I am tired of the direction the internet is going, I am tired of the endless discourse about AI, and my chronic tiredness is all marinating together into a tired admixture of tired chicken soup.

(Not sure this should be under ~finance, but not sure where else to post?)

I've been de-googling and going more privacy-based for most anything I can lately, and I always love when my company gifts me a $100 Visa gift card for Christmas.
I find myself paying for a lot more of the booze in our lives (usually one shot at going out, and before additionally replenishing a few dollars on my TouchTunes account because I've only used gift cards on it) because now nothing's tracking my sinful habits. :)
Honestly, I mostly would like to use this card to do online things with apps I honestly don't want to be attached to (specifically Discord, and I'd like to recharge TouchTunes, but... that's more of a secondary option).

That being said, I'd like to get some sort of non-"traceable" type of card (that is, physical and not requiring an account or app), and I'd prefer to keep as much of my "investment" as I can (purchase charges, fees, or whatnot). I would like a rechargeable option, but I feel that would be too pinpoint-y. I could just go to my local store (in the US) and buy cards with cash, but while I have no problem with that, I'm also not that paranoid and I am a little lazy heh.

I asked my DDG search, and AI has highlighted "toasty choice" (at toastycard dot com) which looks sketch AF, probably because it appears you need an app. Maybe I'm paranoid, but it just looks too sketch for me.

So, I would like to hear folks' thoughts on this. Do you have a spot you'd recommend to purchase "gift" cards online, or a local spot (as I mentioned, US companies would be required), and any strings attached you'd highlight that may be avoidable?

Previously, I wondered what model car I should buy if I wanted to maintain my privacy. Thanks to everyone who chimed in, especially @kari, @qot, and @Narry. Although I astound myself to be typing this, I may just have found an option in a Cadillac Lyriq.

Earlier this year, the FTC banned GM from selling driver data to consumer reporting agencies and GM ended their egregious program. This and privacy laws in my state give me some small hope of avoiding the worst data collection practices. But, if I buy this car, I would want greater certainly that can only be had by physical intervention. Local audio/security aftermarket installers have nothing for me. Would anyone have a resource or ideas?

Could you recommend a make of vehicle whose spy tech is easy to disable? This is the highest hurdle and single most important factor in my search for a car, so my other preferences and needs fall far second. I would like an electric vehicle or hybrid model with no less cargo room than a Prius, and not larger than a mid-sized station wagon, with a track record of low repairs. Correct me if I'm misinformed, but applying those criteria seems premature until I can identify something I can make private.

I have only ever bought used cars, and have lived the same story many times: I will construct elaborate spreadsheets, research models until I could host a video walk-through of trouble spots to watch for, then will shop and cavil until I make a purchase I'm proud of. Sure, it ends up 25% over my initial budget, but I pat myself on the back for a full 18 months afterwards. Nice work, careful consumer. But it's then the repairs begin, and soon I'm spending $3-4,000 a year maintaining my certified reliable used car.

So, I am searching for a newer used car or a new car whose telematics can be disabled. I have read through discussion boards, but weary quickly at the comments defending the cozy convenience of the corporate surveillance net or chiding people like me for even trying. I don't care. If lacking or disabling spy features means I can't use my car as a phone, that sounds like a win to me. I know a little about cars and have alright technical know-how. Most importantly, I am resolute. I will not drive a car that listens to me or transmits video of my travels. Has anyone had success here?

A few months ago, my credit card number was used in a few unauthorized transactions. The charges were reversed, and I got a new card, so overall, no big deal. But I am curious as to how the thief actually got their hands on my information.

Are there any lookup tools for leaked credit cards, similar to Have I Been Pwned, that might tell me how my credit card number was exposed? Since my card has already been cancelled, I don't even mind typing the number into a somewhat sketchy site.

I didn't watch the whole video and I'm not familiar with the channel so I don't want to make this a link post, but here's the source: The Lunduke Journal

I watched up to the point where the author explains how Microsoft tends to turn on all the privacy invading settings every time they push an update (not surprising). I guess if I had to use Microsoft products, I'd try to disable automatic updates and just do them twice a year in one go, while also turning off the settings I want off. Would it be practically feasible? I don't know. Having to go to those lengths to use some software just seems ridiculous.

I'm getting a little bit worried these days about the tracking features in chrome and was looking into Zen Browser. Does anyone here use it? Any thoughts?
Also looking for any simple non tracking browser alternatives!

I have held out for years from getting a loyalty/membership card from supermarkets as I hate the tracking that they do. But here in the UK so many prices are now locked behind it in most supermarkets, it feels like I’m just giving them so much extra money it’s getting ridiculous. I end up spending more money to shop where they don’t do this, but most of the major players are now adding these member only prices it’s hard to keep the status quo.
For other privacy minded people, how do you manage this?

I'm streaming Firefox to watch Riverdale, so I opened up Chrome to browse while I wait for them to join. Youtube has ads on it, and I realized I can't grab uBlock or anything (meaningfully) privacy focused. So, I wanna try out one of the cool new browsers, what do people use and recommend?

I'm on Windows and a proper techie, so give me anything that's a bit strange and off the wall as well! The only one I tried out recently was Comet, but it needs more time to bake, total waste of time IME. I remember using IceWeasel for some reason lol