For a long time I was one of those people who just said "screw it, Google know almost everything anyway, so why should I try to hide anything from them".
But that was a different me. These days my thinking is a bit different, and I have slowly (ever so slowly) been prying myself away from Google in an attempt to have some level of privacy on the internet and beyond.
Some Google services I have found alternatives, like Search and Chrome. These days I use DuckDuckGo for searches, and Brave Browser (note that this is my referral link and I will earn a little something if you do install and use the browser for at least a month from this link)
If you know Brave you can skip this paragraph, but for those who don't know it, Brave is a fairly new browser very similar to Chrome, which is tackling Google (and other companies who disrespect your privacy) directly on two fronts. First they actively block the modern infrastructure of tracking on websites and the targeted ads that come from this tracking - the only ads they allow you to see by default are those that do not track you and are served by the website you are actually visiting. Second, they are revolutionizing the ad services model (if you opt in to it) by paying users with cryptocurrency for viewing ads on their own network.
I still use Chrome, but only as a secondary browser for the rare Ukrainian websites I visit so I have automatic translations.
Some services I am still looking for alternatives, like Google Translate, Analytics (which is a large part of the problematic anti-privacy infrastructure of the internet Brave is attempting to disrupt) and Authenticator. I look every once in a while, but still have not found a good enough replacement.
In the case of Google Analytics I have actively chosen to not add any analytics to my portfolio website in my attempts to respect the privacy of my visitors, and in the absence of an appropriately privacy-respecting alternative that is also free. I have considered instead that one day I may implement my own minimalistic in-site analytics, which would also be open source so people could see exactly what data I collect (none of which would be identifying in any way) if they so wanted.
For Google Authenticator I know it has some security issues (although these are hopefully minimized by my attention to not installing untrusted and unvetted applications on my phone), but most of the competition also have issues of their own too.
Then there are some services I am on the fence about like Google Drive, Maps, and a few others.
Of all the cloud storage options I have used or researched Google Drive is one of the cheapest and best, and I wonder if me wanting to move away is just my current bias against Google or if there is a real reason to do it.
For Maps I have location services enabled on my phone, and I like having the data about where I have been and how long I was there - I used to use this for billing purposes for my last job in Australia. Here in Kyiv it helps me know how far I have walked (not that I am walking much during the quarantine) and where I saw some interesting thing in case I let myself get semi-lost and see something cool.
But I know their data can be wrong sometimes too - my Google Maps Timeline update email this morning tells me I have travelled 42% of the way around the world this year, which is complete shit since I flew from Ukraine to Australia and back again in February and March - which is a minimum of 75% of the Earth's circumference based on direct distance (and the flights are certainly not direct).
But there is also a major privacy concern allowing Google to have all that information on my location.
Then last night I had a reminder of why Google is great too, which is what prompted me to write this post.
Just before 10pm last night I received an email to both my main Gmail account, my linked recovery account (not on Gmail), and an on-screen warning on my phone, that someone was trying to log in to my Gmail from Malaysia, and that they had blocked the attempt.
Within two minutes I had changed my password, and within 10 minutes I had re-enabled the few services I do allow access to my Gmail such as my email client.
How did the offender get my email and password?
Probably they were trying one of my passwords that have been exposed in hacks over the years. If you haven't yet I recommend everyone to check out have I been pwned and check your email address(es) against their database of known hacked data.
I know I went through the list last year and ensured I changed passwords on the couple of hacked sites I still use, but I did not consider that maybe back in my less security-savvy days I had reused a password, so I didn't think to change my Gmail password. But now it is done.
This is the kind of thing that makes me question my occasional considerations for dropping Gmail. If I do change to eg. Protonmail as I have been considering, will they block login attempts from someone in a country I've never even visited?
Obviously I am much more security-conscious these days which goes a long way, but we are all still just human and can make mistakes. I don't mind paying a bit of money in exchange for not paying with my privacy, but there are also some benefits to Google's integrated services that need serious consideration!
(Also posted to my personal blog)