Report Blog Entry
In this entry, we will look at some big tech services such as email, word processing, and password managers, and how to move away from the prying eyes of the corporate oligarchs even further.
Some of these sections may pertain more to general opsec, but are very important in this topic because degoogling is first and foremost about security and privacy, which is fundamental to good opsec. Tech corpos will not keep you safe and secure, ever. So do not trust them to do so.
At some point, I may do blogs on specific topics and do deep dives, so just look at this as like an overview.
Email is still a very relevant part of the internet, most online services require an email to interact with the service in any meaningful way. Most users will typically have 1-3 email addresses for just about everything, meaning that their email contains almost all of their data and is tied to sensitive things like banking info and other critical PII. This is precisely why it is important to lock that shit down as hard as you can.
I do not know if they still do this, but gmail was at one point scanning your inbox to sell/use the data for god-knows what. This is an incredible breach of privacy that just once again, shows how far google is willing to go for profit and data collection.
The first step is ditching gmail as much as possible. Some of you may still require it for work. For me, I have a work gmail that is ONLY ever touched for work purposes. For everything else, I use other more private and secure services.
Unless you intend to run a large software distribution platform, or you are facing state-level threats, then the best service I can recommend is Proton. The free plan is good enough for very basic email use, and if you only require the email service, it is very cheap. There are other email services such as:
Guerillamail - Anonymous random emails, best for short-term use
Tuta Mail - I have not used tuta mail, but I have heard good things
Mailbox.org - A solid business oriented email service that is privacy conscious
Now, you should avoid giving every website or service your actual email. This is the quickest way to end-up getting 100+ spam emails per day and having your inbox become unusable. Instead, you should use aliases, and perhaps even some Guerillamail addresses for less sensitive, or more temporary services/sites. Proton has a great hide-my-email function that will act as an alias that will be forwarded to your main email. You just have to be careful, because there is metadata that can potentially leak your identity even when using aliases.
I highly recommend organizing your email, and using aliases + fake addresses as much as possible, this will just ensure that your email inbox does not become a landfill of garbage, or even potentially malicious emails.
What you want to look for in all digital communications is end-to-end encryption, this is the best way to communicate with other people, and email is no different. You can also use PGP-encrypted files for further hardening, but this complicates things and unless you are hiding from the feds, or actively whistleblowing, it is not necessary when using secure email providers.
You can also use custom domains, which will allow you to swap providers without changing your email, I use my own domain for my personal, sensitive stuff, this way if I ever have to change providers, I do not have to go through the process of changing the important stuff. The downside, is that this costs money, and can be a little daunting for those not familiar with domains and advanced email configurations. If you are interested, I recommend porkbun and proton premium for this.
Not much else to say about email, feel free to add something in the comments I may have missed about very basic email stuff, but I think this covers the bare-bones basics.
Two-Factor Authentication
2FA has become increasingly popular, and for good reason. Unfortunately, many of the solutions are not being used properly which can lead to unsecure setups, or even account lock-outs due to not keeping back-ups.
DO NOT USE SMS 2FA IF POSSIBLE.
SMS is incredibly insecure. SIM swapping, while probably not incredibly common, is a threat vector worth considering, and it is actually pretty easy to do... SMS is also unencrypted, and you shouldn't ever be using SMS to communicate any sensitive info, ever! Carriers are also known to be breach prone, and this can lead to further security concerns. Bottom line, if the service offers ANYTHING other than SMS authentication, then take the other option.
You should obviously also avoid Google, Microsoft, and Authy, all of which are big-tech backed applications that are known to sell and trade data, and if we are going to revolt against the corpos, then we should not let them have control over such sensitive pieces of data.
Personally, I use Aegis Authentication. It is open source, encrypted, and the vaults are all local IIRC. It has a lot of great features, and can be found on F-Droid.
There is also FreeOTP and KeePassXC, but I am not familiar with these, so definitely do your own research on these. If I am not mistaken, FreeOTP is on both Android and IOS.
Make sure you are making back-ups of your vaults/tokens and that they have encryption. You should then store it in multiple places. I recommend keeping a dedicated always offline USB stick for stuff like this, as well as a backup computer, in some sort of encrypted place. Bottom line, encryption and offline devices are like locks, if you are keeping something important in there, you wanna put a lock on it. Home invasion is still a thing that can happen, and at least with encryption, it is unlikely that an actual home invader will get the sensitive info.
Overall, use privacy centric 2fa TOTP, no SMS, back it up securely, and you will be gucci.
Passwords
Passwords are another big topic, especially when we hear about data breaches at least a few times a year these days. It is imperative that your passwords are strong, implementing randomized characters, and not using things like identifiers that could tie you to the password.
Every login should utilize a completely different password, not simply a variation of one password, but a completely different password. That way, if one gets compromised, your other logins will not be as vulnerable.
Additionally, you should regularly change your passwords, but understandably that can be a headache. That is why password managers are incredibly useful, because they can auto-fill password fields which can reduce the inconvenience of doing all of this manually.
There are two main password managers you should steer clear of: Browser storage and LastPass. Hopefully by now, people realize that lastpass should be the last password manager you even consider because of how many breaches it has had, it is literally a meme at this point. Browser password managers are also not very secure, and may not even offer encryption.
Instead you should use a dedicated password manager. ProtonPass is pretty good, but the best option is going to be a self-hosted BitWarden instance. If you cannot self-host it, you can host it on a Virtual Private Server, or use their servers, but only if you trust their servers. KeePassXC, VaultWarden are also good options, but I am not familiar with them, so DYOR.
Make sure to encrypt these mfers as much as possible.
Cloud Storage
This one is very important. Most people store VERY sensitive information on the cloud. Im talking photocopies of all sorts of state issued documents, financial and tax records, receipts, credit and debit cards, and probably a whole lot more. Not only should this storage be encrypted, it should be locked down harder than Groom Lake.
The issue with Cloud Storage is that you are essentially handing all of these docs and files to a corporate middle-man who you are entrusting with the safety and security of those files. They also have the ability to censor, modify, and scan all of these files.
Now, hash-based content id is great for getting rid of some unsavory content and identifying very bad individuals, however, this can also be easily abused to flag people for simply hosting and distributing perfectly legal forms of content. Youtube Content ID is a good example of this kind of system just not working well. Unfortunately, even technology proposed to do good will easily be abused by the despotic intelligence agencies and state enforcers.
When it comes to cloud storage, the best solution is obviously going to be to self-host some kind of NAS, or purchase a VPS but this can become VERY costly and have a lot of technical overhead that the average consumer will not have the time or money for.
Instead, I recommend using something like Proton (Im not sponsored, I swear), or Tresorit. You can also setup file syncing between devices using something like Syncthing, or encrypt your files before uploading them with something like Cryptomator.
There is also NextCloud, which has a whole suite of features.
Personally, I only use the cloud for very specific document syncing when taking notes of things like tabletop games or passing files between devices, so I have never required more than a couple hundred gigs of storage at any given time. For me, the best solution would be a very small home server with a 1tb drive, which would not cost a whole lot, but would require some networking.
For non-sensitive documents, I actually recommend using git, a version control software typically used for managing code-bases, for saving directories and certain files and uploading them to git hosting platforms. NO GITHUB! Codeberg, SourceHut, and GitLab are the ones I would recommend. Remember, nothing too sensitive here. Use GPG and aliases if needbe.
Document Editing
I almost never edit documents on the cloud, like I said I use it only for taking notes of non-sensitive stuff like TTRPG sessions. So in this section, I am going to recommend some stuff that can be used to edit documents, and potentially replace docs, word, and other pieces of software.
Word Processing
I only know two word processors that I can recommend here. LibreOffice and OnlyOffice. I have heard that OnlyOffice pairs nicely with NextCloud. Personally I use LibreOffice, which is FOSS and works on pretty much any platform AFAIK. It should be compatible with most file-types, but you may want to DYOR on that, I know for sure it will support .odt, .docx, .xlsx, and .pptx. It has a replacement for sheets, slides, and docs, and they all work pretty nicely. All for free!
Text Editors and IDEs
Now, I will always recommend the one editor to rule them all which is VIM. VIM is probably not for the average user, and is pretty much a UNIX-centric piece of software, however, if you do a lot of text-editing and want something minimal, fast, and powerful, it is IMO the best option. It is known for "VIM motions", so for moving around the doc you use "hjkl" instead of arrow keys. This has become centric to many peoples workflow including my own, I now use these keybindings to operate my entire PC in full muscle memory.
Outside of VIM, there is Kwrite, Geany, and Nano, none of which I have used, but have heard good things, and then there is VSCodium.
If you absolutely need a full-fledged IDE, or you just love VSCode for some reason, then VSCodium is what you want. It is VSCode without the spyware included. It is FOSS, should be compatible with some of the extensions from VSCode, and should work just as well.
Concluding our section on document editors, let me put it this way, would you ever rent a notebook? If no, then we should conclude that we should own the tools we use to write and edit any document, and guarantee that they cannot be used against us.
Bonus Section - Use Linux!
This section is a bonus because I will also have a Linux specific blog, so I will be somewhat brief in my never-ending glaze of Linux. Linux is a free and open source OS that anyone can install and setup and get to work on.
Linux is one of the ultimate steps in "degoogling" and decoupling from the tech oligarchs. This is because the Linux community is very much pro-FOSS, and is always developing new tools, or new forks of old tools for users to share and use.
The enduser has full control over Linux, and you can into the deep-end by using something like Gentoo compiling the kernal yourself, or even something like LFS, or you can install Linux Mint and get a working computer in a fraction of the time it takes to install windows. All for free!
Now, it is important to note that Linux IS NOT WINDOWS, it is also NOT MAC. Do not expect it to just work like the other two. You can get close, but it is ultimately a different operating system. Some software was not made for the platform, and may not work well, or at all. Some software such as adobe products and video games with invasive-malware anti-cheat will likely not work on Linux without serious tinkering if at all.
However, if you do not require a very specific piece of software for work or for pleasure, then I highly recommend you give Linux a try. I would recommend new users start by looking into Linux Mint or Debian, but if you are tech-savy and want a challenge, then opt for Arch, Alpine, or Void. But, whether a newbie or power user, Debian is much loved by the Linux community for good reason, though keep in mind it was built to be very stable, so package updates are few and far between.
There are many other reasons why you should consider swapping to Linux. Enhanced security features, full user control, very lightweight, insane customization, industry standard for server hosting, and very programmer friendly! Not to mention... it will fully disconnect you from Microsofts spyware suite.
Comments
Displaying 0 of 0 comments ( View all | Add Comment )