DeGoogling - from ideas to real life usage
After reading the first part of the series, you might be compelled to think about ditching Google and going on a more privacy oriented route. I fully support this and in this post, I will present to you my own experiences and the issues and rewards I ran into. Before going into details, I want to make two disclaimers: I am still using Google products, but either all of them are open-source (Android, Kubernetes, Angular and Go to be more precise) or are being used behind some kind of a proxy and that I am not an expert in any case and you should not take my word as gospel, other solutions may work for you better than they did for me.
I will split this section in two parts: main products (alternatives to the search engine, Drive and so on) and mobile products.
Ditching main products
The first two most important steps for me personally were ditching the Chrome browser and the search engine.
I was already accustomed to Firefox because of I had used it previously so the switch was easy. Now, Firefox has its own share of privacy-related problems, but these are fixed easily and are not so deeply built-in. Additionally, it is open-source. For my usage, I found Firefox the best fit. It provides pre-compiled binaries for all platforms and I can create my own profile for extra privacy and check it out in a repository for usage across all devices. Some more privacy-oriented forks include GNU’s IceCat (which seems to be dead) and the Tor browser (which I use only in specific cases, because of its speed).
The search engine was more difficult. In my everyday live, I use two search engines - DuckDuckGo for a while, and StartPage. The first you have probably heard, whereas the second is a Dutch search-engine (meaning that it does not participate in US-surveillance programs and that it has to hold up to European privacy laws) that proxies results to Google without storing any personal information and search data. They have been a subject to a controversy, regarding their recent ownership change, but I still use StartPage because of the Google results. That being said, I use it only in extreme cases, where my DuckDuckGo searches cannot find anything.
After these two steps, the other things were easier for me. I migrated my email provider to a paid ProtonMail account, which is a decision I certainly do not regret as it really is a privacy-oriented service that I trust. I also have a server at home and self-host most of the stuff myself. In fact, the only things that I don’t self-host are my email account and my password manager (Bitwarden, also open-source) as they are key-services that I need for everything else and cannot lose in a disaster. Also, self-hosting an email server is a pain in the ass. The main service in my self-hosted toolkit is Nextcloud - a self-hosted open-source personal cloud with many functionalities. Almost all of my data (contacts, photos, calendars, personal files, phone backups etc.) goes there. It even has support for editing documents, just like the GSuite. So Google Drive, Docs, Slides, Sheets and Contacts have been avoided. Google News got replaced by a self-hosted FreshRSS instance and Google Authenticator got replaced by Aegis.
The Google product that I could only partially replace was YouTube. I still use it on my machine, but only in incognito mode with third-party cookies disabled, enabled ad blocker and behind a VPN. The one thing that turned out to be irreplaceable for me was Google Maps. I tried using OpenStreetMap but I found it too clunky and the information was scarce. Thus, I stuck with Google Maps, using it in the same manner as YouTube.
DeGoogling Android
DeGoogling my phone was a little bit harder. This required some technical knowledge that some readers may not have, but I will try to explain it in an understandable manner.
In order to DeGoogle, I installed a custom Android ROM on my phone (LineageOS, an open-source Android distribution) without the Google apps package. Flashing ROMs cannot be fit into a single blog post, but an interested reader can visit the excellent xda-developers forum for more information.
Before going on with this step, you have to evaluate the tradeoffs:
- most applications won’t send notifications - this was a big one at first. Suddenly, my phone went quiet. I was used to the constant beeps from various apps and thought that I would miss out. Later on, I developed the mentality that I need to poll for my updates when I need them. This is better in my opinion, as it keeps me less in the control of my phone and out of the loop - I only access the information when I need it. Keep in mind that most messengers use their own notification systems, so you will be fine on this front
- some applications will show a notification that the application does not work without Google Play Services. I have found that it is safe to ignore this warning most of the time as the applications work fine and complain because they cannot send telemetry and crash logs back (I assume)
- some applications may outright refuse to work and you will know that by the immediate crashes. For me personally, this was not much of a problem as I managed to find FLOSS (free/libre open source software) alternatives for all of them
If the points above are deal breakers, you can also install microG, which is a FLOSS implementation of Google Play Services. Keep in mind that microG still sends some data to Google and I personally avoid it.
Markets
You might be wondering how one gets any software installed on such a device. Android supports sideloading applications - installation from sources that are not under the direct control of the company that produces the mobile OS. Although Apple wants you to believe otherwise, this is a must for more privacy and freedom oriented individuals - it allows alternative markets, which don’t impose restrictions on payment methods, ask for fees for listing the application and embrace FLOSS software, to exist. One such store is F-Droid. I use and trust the applications on there, because they all have to be FLOSS, contain no trackers and contain no proprietary ad libraries in order to adhere to the store’s strict inclusion policy. The list of Anti-Features are also a really good touch to maintain privacy.
Apart from F-Droid, I also use the Aurora Store, which is an open-source store that proxies Google Play without the need to login. Everything that cannot be found on F-Droid can be found here.
Applications
As I mentioned in the previous section, I try to self-host everything. Because of this, most of the applications on my phone are companion apps to the self-hosted toolkit (NextCloud client, Readrops client for my FreshRSS instance etc.). I will briefly go through three applications that I find really important (all of them can be found on F-Droid):
- DAVx^5 and ICSx^5 - used for syncing my contacts and calendars with NextCloud. Really important in case I lose my phone
- WebApps Sandboxed Browser - a sandbox application that I use for accessing Google Maps, Facebook, Instagram and other non-privacy friendly services. It is a real lifesaver as it spares you from going into the browser and typing URLs and isolates each app into its own secure and private sandbox
This is a really broad topic, but for me - the general rule of the thumb is to search through F-Droid for the thing I need (or something similar) first. If it is not there, I switch to Aurora.
Final Words
DeGoogling is only one tiny aspect of obtaining privacy in the online world but is a broad subject nevertheless. The truth is that I cannot give you an exact recipe but only some guidance about the basics. From there on, you have to find what works for you and build upon them. What helped me is the realization that privacy should not only be viewed as a chore or something that you do once and then forget. Threats to personal privacy emerge every day. You have to stay vigilant and up-to-date on privacy topics and view reducing your digital footprint as a challenge to yourself (or a game, if you will), because every bit of information you leak in the Internet has no expiry date and stays there forever.
Useful resources
These are some resources that I recommend as they go into even more detail about the topic:
- PRISM break - a useful website for escaping global surveillance programs (in which Google also take part)
- The online spyware watchdog - a website for classifying spyware software
The image is courtesy of the Electronic Frontier Foundation.