Changing e-mail and cleaning up my Internet presence
I'm trying to clean up my internet presence and move away from at least Facebook and Google. I've come a long way with deleting my Facebook and it's now basically an empty shell for messaging. I've installed Signal and will start the grooming process with my friends and family now. If you have some solid arguments for the change regular ol' folks can understand please share them with me because as we all know "privacy" just isn't enough.
Next phase is the big one...Google or basically G-mail.
1. Is there any way to get an complete overview of where you've used your e-mail for a service online?
2. What e-mail would you recommend?
2a. I'm OK with paying a bit for overall quality, security and equally important UX!
2b. I don't use any other relevant Google products like Drive etc. It's just regular e-mail and sign in credentials for other services I basically need
3. I use a Mac, iPhone and iCloud. Is iCloud a problem? IF this needs to change it HAS to be an "easy" switch and not like setting up a server for myself. Because it won't happen and I'm not skilled enough.
I would very much appreciate your input :)
EDIT: Thank you all for your thorough comments!
I'm not sure if there's any easy way. When migrating from Gmail, what I did was this: every time I logged into an online service, I'd go and update the email address. And same thing whenever I get another email in my Gmail inbox: I update that, too. Eventually, the Gmail inbox gets quieter and quieter. I still get push notifications for it on my phone, but they're rare. And each time, they should become rarer still.
I use Fastmail because it was highly recommended on HackerNews at the time for good ux, app, customer service.
But they're located in Australia, which has some anti-encryption laws now? Anyway, I'm with them still because of inertia.As far as I know, Apple's business model does not (yet) include selling user data. A good portion of their positive reputation is built on this, so I'm not sure that will change anytime in the near future. Personally, I would recommend you focus on your current de-Google phase before trying to figure out replacements for other stuff.
To the point and great responses. Thanks!
Yeah I was afraid this was the answer. But even it there was some other way you might as well start off with this little by little.
I'm a little torn between Fastmail and ProtonMail. Fastmail seems like better UX but based in Australia
might be a problem in the longer run. Proton seems more secure on that front but not as nice to use.
I was hoping that was the case and I will be focusing on the de-Googling.
I use Protonmail and I don't have any issues with it, though I'm not a sec guy so I don't really know if there's anything I should be knowing beyond "it's secure, encrypted, and does email" lol
cc: @elcuello
To add onto these points:
I also did this same process when I left Gmail. If you don't use a password manager, this is a great time to start. One of the best features of a password manager that nobody ever talks about is that they don't just save passwords but act as a personal account repository for the hundreds of online logins we all have. As you change your email over in each account, also add each account to your password manager. This will save you tons of time later. A lot of people recommend Bitwarden, and it's good (and open source) but I ultimately landed on 1Password which has far better UX (IMO) and better management for family accounts.
I also use Fastmail and love it. Great web interface, everything works smoothly, and importing from Gmail was surprisingly easy. People recommend encrypted emails like ProtonMail but something to be aware of is that you can't easily use them with e-mail apps (e.g. Thunderbird, K-9 Mail) without jumping additional hurdles. One of the tradeoffs of their security.
That's great advice and I've been putting off getting a password manager for far too long. I think my girlfriends bad experience with how it fucked up her phone (she couldn't log in to several apps suddenly after the switch) has scared me a little.
Fastmail really seems like the way for me although second party e-mail apps aren't really an issue for me. As long as the native app is good.
Something you may not be thinking about is your exit strategy should you wish to someday migrate from your current email provider (maybe to another, or maybe to something self-hosted, for example). A neutral client makes those transitions easier.
That said, I still just use the Fastmail app; I only ever boot up Thunderbird when I want to see all my inboxes from both Fastmail and Gmail.
This is a common misconception that gets spread around a lot, but that law has absolutely zero effect on Fastmail. Fastmail isn't an encrypted email service, so they already have all of your email unencrypted (and need to, to be able to support features like searching). They don't need to add a backdoor, because they already have full access.
More info in this blog post, specifically under the "The AABill doesn’t change your privacy or data security with Fastmail" section: https://fastmail.blog/2018/12/21/advocating-for-privacy-aabill-australia/
Neat. Thanks for the read; I've crossed the relevant bit out and will cease spreading the misinformation.
I went through every saved password in Firefox and opened the associated site and changed over my email address. Only took me a few hours to move over the accounts I cared about.
Emphatically this. Your email address is an important part of your life, and if at all possible it should be something you own. Who you employ to route and store the messages can change, but the identity remains your own.
I'm so glad I managed to buy
<first_name><last_name>.com
last year. It's fun writing it down on forms.The dream is to get
<last_name>.com
. It's been registered but unused since 1995. They have whois guard as well so I can't easily pester the owner with an offer.I use tutanota and I hate that I have to use their slow client, but it was the only secure option I saw that also offered my own domain... Just checked, fastmail/Protonmail are about 50 bucks per year - compared to tutanotas 1 euro per month
I'm currently in the process of moving from Gmail to an email on my own domain. I'm using Zoho for mail hosting.
My domain is registered at Cloudflare, and since Zoho's free mail-hosting tier is generous, I get the control of owning a domain + the security of a professionally-managed mail server for $8/yr (the cost of the domain).
I also enjoy that there's no lock-in. If Zoho changes for the worse, I can move my email wherever I'd like.
Cloudflare Registrar looks so compelling. Shame they don't support my tld (.moe); maybe someday..
One thing I’d been thinking of for years, but never put into practice is having a junk mail/not important domain (e.g. a .party) and setting up a catch-all account.
Every site gets its own address. If they sell it, I know and can block it and use another (tildes@whatever.party vs tildes2@whatever.party)
This has given me complete control over spam. You’ll notice that spammers will email info@ and a few others — blacklist those as you see them.
As for google itself, I still use sheets for a lot of things that are public — so I made a new account for that (I used a hex value — short and available.)
I also kept my Facebook account active and set to only get email notifications for messages (rare) and event invites (useful.) These are set to automatically forward to my good email.
De-Googling seems daunting at first, but I quickly realized that I only used Google for a handful of services like email, calendar, contacts, and Drive. For most, these are all incredibly easy to replace.
Quick edit: I went with Zoho. It’s cheap and seems good enough for me.
I've been doing this for almost two decades.
Tips
Benefits
Drawbacks
What I learned
The catch-all is only for sites, not humans. Just to clarify (I think you're on the same page, but just to be sure,) I'm not actually creating these accounts -- you could send an email to %randomhash%@whatever.party and I'd get it.
Humans still get fl@firstlast.com.
@Kirisame noted fastmail's wildcard subdomains -- which is pretty neat.
Pretty much.
Friends and family get my actual email address. I only get spam from one of them. Thanks Shaun.
Most sites get a very spammy gmail address that I occasionally check.
I used to use the catchall for all sites and signups... but once you have donated to the DNC there is no opting out of all the new candidates that want your money.
I use the catch all for companies I actually want emails from. But when I call them, it gets weird. Imagine the Wells Fargo support guy when he wants to confirm my email is... uhhh.... wellsfargo@e.domain.com?
ha. I did an RMA on a monitor and took longer than it should have to explain that my email address was asus@blah.com. The agent went between 'but that's our email address' and 'how can this possibly be your email address?'
Us technical folks are living the good life with email. I was helping a friend with a bluetooth keyboard for her iPad and saw that her Mail app had 19k unread emails...
What do you mean by "catch-all account" and blacklisting? I have a vague idea that it's meant to be used to combat spam, but how or why is currently beyond me.
The practice is to set up your mail such that mail sent to multiple addresses automatically go a single account. On Gmail, this is built-in; I believe, if you have the address kirisame@gmail.com, then all mail routed to kirisame+XXXX@gmail.com (kirisame+tildes@gmail.com, kirisame+paypal@gmail.com, etc) are all routed to my inbox at kirisame@gmail.com (I don't actually have this email address).
If you use Fastmail, they offer something very similar.
If you have kirisame@domain.tld, you can set it up such that kirisame@XXXX.domain.tld (kirisame@tildes.domain.tld, kirisame@paypal.domain.tld, etc) are all routed to one inbox. All this, so you can see that kirisame@sketchysite.domain.tld, which you provided when you signed up for SketchySite four years ago, is starting to receive spam mail; they may have sold the address to some spammers. Unfortunate, but you can just block mail incoming to @sketchysite.domain.tld and move on.
GP mentioned buying a domain and just setting up a catch-all account; if you, for example, get a domain on NameCheap, you can configure it such that all emails inbound on @whatever.party (tildes@whatever.party, paypal@whatever.party) are forwarded to a specific email address. Maybe you'd have them all routed to accountstuff@domain.tld, so you don't have to see all this stuff on your primary inbox at thatfanficguy@domain.tld .
Personally, I use Fastmail's domain-prefixing thing.
The subdomain trick is fancy. I wouldn't bother with name+blah@domain.com, since most spammers / sites just strip off the +blah anyway.
@ThatFanficGuy -- every email that goes to @whatever.party comes to the same inbox like Kirisame said. :)
On convincing people to use Signal - you could make the argument that it combines sms and instant messaging into one app and if/when Google makes an API available for RCS, that as well, so where before they needed WhatsApp and an SMS app, they'll only need Signal now. And that messages can be accessed from the tablet and web apps.
Could also say it's quicker and that you can get send/read receipts without being charged for them.
That's actually some great points. You could actually make the point that it would merge iPhone and android users in threads with messages from both users.
I also use Fastmail, on my own domain. I've really liked it so far. As far as encrypted goes, I think this article was linked here (if not, it was on HN and probably other places) and it explains why email encryption is kind of a red herring.
I also echo others re: password manager and account migration. I use KeePassXC because it's open-source and cross-platform (if you're on Windows, I'd recommend KeePass).
I use a paid email service that I got from a former internet provider. I used iiNet as my internet provider forever. When I moved in with my housemate a few years back, he wanted to use a different internet provider. However, for the grand total of $25/year, I was able to maintain my iiNet email service.
I've got it hooked up to Outlook software on my computer, because I hate web-based interfaces for emails. I've never seen a webmail interface that I like.
As for a free service, I also use mail.com for some purposes. Admittedly, the main attraction is the wide choice of domain names. For example, my housemate and I created a shared email account using "housemail.com" to receive our utility bills.
Good luck with that. People aren't going to sign up to an unfamiliar messaging service just because that one eccentric tech guy they know is obsessed about privacy. As long as the majority of their contacts are using Facebook, they'll keep using Facebook. And they're unlikely to remember to open Signal as well.
The best argument for using a messaging service is that the people you know are using it - which means Facebook wins over most other services.
Be prepared to hear nothing but silence on Signal.
As the privacy concious tech guy in my social circle, I feel this pain. Out group settled on Hangouts for group chat since we all have Gmail. Most only use Hangouts for said chat, and every attempt to switch to some self-hosted service has flopped, even though the process is 'click link, create account, download app if desired.'
I'm not even the only one trying to claw my way back to privacy. Fighting inertia is hard, even amongst those who are waking up to our lack of privacy.
I'm even a bit of a hypocrite... I'm stuck in Google ecosystem hard. I was hoping to hit some low hanging fruit, but alas. Hopefully Mycroft and Almond projects work out. Voice assistants are the single biggest pain points for getting out, and probably the most important.
Every time I get an email update from Mycroft, I feel myself grow a little more pessimistic that I'll ever see my Mark II. (Same goes with the only other crowd-funder I've continued to, the EOMA68 computer card.) I suppose crafting a consumer-friendly voice assistant device is quite difficult.
Signal is slowly but surely gaining traction. When I first installed it, the app was a ghost-town. Nobody used it, and, to be fair, it was kinda clunky and not very well-known. Now I actually have a handful of contacts that use it, and I've started to see installs from non- or less-techy friends and co-workers. The app developers have done a lot recently to improve its feature set and quality of life, and I think it's becoming less known as "that privacy app that no one uses" and more as simply "a good private messaging app".
The best "sell" I have for it is when one of my friends wants to send me a picture or video (or vice versa). I don't have any other messenger besides SMS/MMS, which compresses pictures pretty badly and video downright terribly, so the pitch "you can send me/I can send you the full resolution version through Signal" has worked several times. After installing the app, they tend to like it and keep it on their phone.
I had a friend who wanted me to switch to WhatsApp to send me some pictures. (this was a long time ago, before WhatsApp was well known, before Facebook bought it). I resisted for a bit, then gave in. He sent me some pictures & messages. I sent him some pictures & messages. And that was it. Future correspondence was done via plain old SMS. A while later, I uninstalled Whatsapp, having never used it with anyone else. What good is a message app that you don't send or receive messages on? :)
The contacts that have done this have actually kept it installed, and we now communicate through Signal rather than SMS. Some seem like they're doing it just to appease me, but several others have liked the app enough after using it to genuinely want to keep it installed and use it with others. It also helps that a few people from our friend group already have it, so when they onboard they have other contacts there besides me as well. Similar to your situation: if they got on and there was no one else they probably wouldn't stick around, but with enough of a cohort they have more reason to stay.
It's the network effect at play. The first adopters are the hardest sells, but as more people hop on everyone else has more reason to both join and stay. Signal is also now good enough that I think that most people have a positive experience with it, which wasn't always the case.
I've been trying to clean up my internet presence too! I have a 10+ year old Reddit account that SnoopSnoo and RedditInvestigator built eerily accurate profiles of over time; my bad for trickling out details over the course of the years, I suppose, but I spent upwards of an hour editing & deleting every comment I was able to before Reddit curiously just cut me off from making any further adjustments (it just said I had no posts/comments, despite me knowing they existed).
Anyways, when I de-Facebooked, I just decided to not say why I was leaving and just left outright (after getting mail addresses from people I wanted to stay in touch with via postcards). That was over a year ago, and I think people've been pretty understanding since then.
I don't have much input on the email front. I went with ProtonMail after gutting out my Gmail account. I pretty much wiped out my entire inbox except for emails from friends and family. Unsubscribed from every newsletter I wasn't reading anyway, and used my password manager to switch over my important accounts to ProtonMail, which has left me seeing just how little I actually use (non-work) email in my day-to-day life.
I use paid subscriptions to Fastmail, ProtonMail, and Google (Gsuite), at the moment.
Fastmail has worked reasonably well, and I have been using it as my main email provider. It's just a traditional email provider, and it supports standards reasonably well. As others point out, it's an Australian company, and has servers located in the US. This can be a problem in some circumstances, and I know some organizations that are not willing to consider using them as a result; I'm similarly somewhat uncomfortable having my data outside of GDPR's jurisdiction.
I've been evaluating ProtonMail for the last month or so, and have not generally had a great experience with it. It seems heavily built around trying to convince you to get others on their service, and only superficially supports PGP outside of it. The IMAP/SMTP bridge doesn't support PGP at all: you can use their clients, or you can get all PGP stripped from all your emails as punishment. It also seems, very unsettlingly, to have no source available, though it appears that a few years ago they said they would release the source within six months. The pricing structure has some problematic aspects, as well: for example, if you have many domain aliases, you pay an extra fee per alias per month, whereas almost all other providers do this for free, and there doesn't seem to be any cost incurred by the provider for this.
I have a free Tutanota account. I would not use it seriously, because it seems to have serious problems with lock-in: for example, the suggestion for data export and backup is to shift-select all your emails manually. The only advantage it would have would be for communicating with other people on Tutanota, or secure communications via their link-and-password features.
Also: in the last few weeks, I've set up a personal mail server to evaluate that option, and to resolve some organizational email problems I've been having. It has actually worked surprisingly better than I expected. A few years ago, this was essentially impossible, because you would be completely spam-filtered, no matter what you did. Now, however, it seems like even major providers may be trusting SPF+DKIM+DMARC more.
On Signal: for years, I had Signal installed and absolutely no one to use it with. Then, within the last year, my partner started using it (and now communicates with far more people on it than I do), my mother started using it to communicate with me, and now my sister as well. It seems to have become reliable and easy enough to use recently, and to have attracted enough popular attention, that many people are actually starting to use it: I've gradually seeing more people from my contacts show up when I open it. For my mother, I think she appreciates it because it reliably does what it does (video/voice/text) without annoying frills or dark patterns: it won't push the new-service-of-the-week on you, or insist on trying to show up everywhere on your phone, or start spamming notifications if you don't use it enough, and so on... that it is run by a non-profit not really interesting in selling things to you can be a useful point, when compared to free services by for-profits that need to try to make money off of you somehow.