This morning I was asked to find an archived email with photos of some scientific equipment. I searched "Powerlab," the name of one of the instruments, in gmail, and the email came right up. Great! But then I noticed that the word "powerlab" never appeared in the text of the email. I tried searching "ML206", an arbitrary character string from one of the photos in the email, and again, the email appeared in the search, without the search phrase highlighted in the search result, as it normally would be. I tried different phrases from jpgs in emails; not all yielded search results but some did.

I'm not happy about this. I accept some compromises to privacy when using Gmail, but sending text as an image can be a way of specifically avoiding information being harvested. All I ask for is a way to turn it off.

Can anyone replicate this? Did anyone already know about this?

This is more focused towards those that use custom domains for their email. My current plan is up at Zoho for my team in a month, and even though I've used them for the past few years its been hit-or-miss (especially when using third-party apps or programs).

Who do you use? Who do you not trust? Who would you never go back to?

Sidenote: I hope this might eventually kick off a ~privacy group, one day.

Had an interesting conversation with my colleagues this morning. We were pretty split whether phones listen to us for advertising or not.

On one hand, we anecdotally see Google news and ad suggestions based on what we say. We know our mics are on at all times for voice assistant and music detection. But we also read online talking about how there is no evidence about the phones recording us. It's hard to trust anything nowadays.

I try to be privacy focused. I don't use social media, I use Firefox with adblock and tracker protection, with duck duck go as my search engine. I also pay for proton vpn. My question is, when should I use it? I use it when I'm on open networks on my phone, but that's about it. Do you guys run it 24/7 on your computer?

I have self-hosted my email for many years, but am finally encountering some straws that may be breaking the camel's back. A few email providers are now rejecting my server's mail, Microsoft in particular (@hotmail, @outlook). (In case you're wondering, I already set up SPF, DKIM, DMARC, etc. and none of that is the issue.) Self-hosting was fine, and the technical admin work was never really an issue. I'm just tired of the external factors that are beyond my control, like belonging to an IP range that is scored badly by some random blocklist company.

So, I'm now shopping for a good email provider. Privacy and security are important to me, and I am more than willing to pay for email, so all the usual "free" email providers are out of the question. (Update) Also, client access (IMAP, SMTP) is a must.

For now, I am eyeing

• Fastmail Standard plan @ 5 USD / mo
• Proton Unlimited plan @ 10 USD / mo

Proton is looking to be my choice among those two, as I like the replyable email aliases feature. 16 times the storage doesn't hurt, either.

Any other recommendations in the same vein as these two, and in the same price range?

I've always been a bit of a privacy enthousiast. Have had everything blocked that Google and by extension YouTube wants to scrape off you. This means I've also blocked my view history.

Recently YouTube started giving out a warning on the homepage that you have blocked your view history, that you can change it in your privacy settings and that it helps them serve you better content. What it also means is that your homepage is just one big popup to guilt trip you into sharing your data. The homepage won't show any suggested content anymore.

While it is in their interest to do so and since they are a company wanting to make money it is understandable. Nevertheless it seems harsh from going to see content that you might like to only seeing a big warning sign right now.

What are you experiences with this?

Almost every content provider online tries to access some of your personal info, whether it's to keep itself afloat, improve functionality, or create profits. In 2014, Google made [89.4%] (https://revenuesandprofits.com/how-google-makes-money/) of its profits from advertising, all of which attempts to target users with their interests (though Google does allow this to be disabled).

What do you do to try and protect yourself from data collection? What software, programs, or browser extensions do you trust to protect you, and not just also monitor your activities?

If you don't do any of this, why not? To what extent do you think companies should be allowed to use your data?

In light of the seemingly increasing rate of data breaches and privacy violations in general, I've decided to take some steps further regarding my online presence.

Among other things, I decided to switch all my online accounts to custom domain email addresses, so I grabbed two domain names (with WhoisGuard enabled): one for use with stuff related to my real identity (think @firstlast.com), and the other for all else (think @randomword.com). Then, I changed the email address of each one of my existing online accounts, taking advantage of the catch-all feature. To make things short, it goes like this:

Accounts not related to my real identity:

• tildes.net.187462@randomword.com -> tildes.net
• reddit.com.178334@randomword.com -> reddit.com
• ...

Accounts related to my real identity:

• amazon.com.113908@firstlast.com -> amazon.com
• bankofamerica.com.175512@firstlast.com -> bankofamerica.com
• ...

As you might have guessed, the 6 digits ending the local part of email addresses are meant to be randomly generated, in order to mitigate easy guesses by spammers due to catch-all (though I've also created a specific sieve filter to mark incoming emails with "unknown" recipient as spam).

Before you ask, I don't intend to start a discussion about threat modelling here. I just want—as anyone who is not a complete tech-illiterate—to have a reasonable weapon against spam caused by recurrent data breaches, so that if an email address is leaked, I can toss it and replace it with a new one without much effort.

Also, I value owning my email addresses, in the sense that if I decide to change email provider in the future, I won't have to change my addresses too as a consequence. For communicating with real humans (e.g., my doctor), I could use a non catch-all address like first@firstlast.com.

I wonder what do you think of this approach... Is it overkill? Do you see any major concern from a privacy or security standpoint? Are you doing something similar and are happy with it? I would very much like to hear your experiences with email, especially about the approach you settled with.

The reason why is to make more accounts for reddit, YouTube (one for entertainment and Portuguese content each) news sites where signing up is an alternative to pass a paywall and other sites with comment sections. ^{Bad euphemism bro.} Also some sense of "praxis" in order to gain privacy.

Edit: And also getting anxious at the idea of remembering all my passwords, and putting them in a note in my old phone, which I am not bringing into my new phone and want to use this to delete.

According to these two articles, I can save my old passwords I had before and maybe even still make new ones after, and put them in a folder behind one true (master) password, which is the one you will truly care about, and they will be saved in a way in which the managing company won't know your password?

There's also figuring out which provider to use (and probably a similar post for alt-mail providers.) This is overwhelmingly for mobile (Android). No real space constraints for apps, only price, because I'm not working age.

It's obviously bad when "real" data like full names and credit card info leaks, but most data companies collect is probably email address and some anonymous things like which buttons and when the user clicked.

Nevertheless, such data collection, tracking and telemetry is considered quite bad among power users. I don't support those practices either. But I'm struggling to consolidate my arguments agaist data collection. The one I'm confident about is effects on performance and battery life on mobile devices, but why else it's bad I'm not sure.

What are your arguments? Why is it bad when a company X knows what anonymous user Y did and made money on that info? What's the good response to anyone who asks why I'm doing the "privacy things"?

Here is what just happened to me:
Firefox installed two addons - fxmonitor@mozilla.org.xpi and telemetry-coverage-bug1487578@mozilla.org into my browser silently, even though I've explicitly turned all the telemetry off.
This have happened before, and Mozilla apologized for it, however it seems that they learned nothing and are willing to do so again.
There goes the last scrap of my trust into Firefox. I suggest you check your browsers too.

I'm trying to clean up my internet presence and move away from at least Facebook and Google. I've come a long way with deleting my Facebook and it's now basically an empty shell for messaging. I've installed Signal and will start the grooming process with my friends and family now. If you have some solid arguments for the change regular ol' folks can understand please share them with me because as we all know "privacy" just isn't enough.

Next phase is the big one...Google or basically G-mail.

1. Is there any way to get an complete overview of where you've used your e-mail for a service online?

2. What e-mail would you recommend?
2a. I'm OK with paying a bit for overall quality, security and equally important UX!
2b. I don't use any other relevant Google products like Drive etc. It's just regular e-mail and sign in credentials for other services I basically need

3. I use a Mac, iPhone and iCloud. Is iCloud a problem? IF this needs to change it HAS to be an "easy" switch and not like setting up a server for myself. Because it won't happen and I'm not skilled enough.

I would very much appreciate your input :)

EDIT: Thank you all for your thorough comments!