Leaving Google, Part 1: Search Engine, Email

Okay, so I’ve decided to leave Google, now how can I replace the same tools that Google gave me – for free?

As I’ve mentioned in the previous post, the reason why Google provides their products for free is because they earn profit off the data those products gather. You will be hard-pressed to find a free tool that provides a decent level of privacy and security. The key things to look for are open source software and donation-funded software. In some cases, you will have to pay something in order to get quality software. Just keep that in mind; I will attempt to list the prices of the software I use, for your convenience.

Since the last time I posted, I have begun migration of my default search engine and personal email provider.

 

Search Engine

Google, by default, records your search history and which webpages you often visit from the results. This is used to improve their algorithms and make searches more relevant to you, but it also creates a profile of your interests which they can use to target ads at you. Enter DuckDuckGo. DuckDuckGo is a relatively young but maturing search engine that started in 2008. Since then, it has grown to over 15 million searches done daily. Its privacy policy states that the only data stored in the cloud is the terms of your search, to help correct misspellings or provide more overall relevant suggestions. It does not collect any information that could potentially personally identify what machine or person performed the search (like IP address, User Agent data, location, WiFi network, etc.).

I’ve been using DuckDuckGo for the past 2 weeks, and I have had no serious issues with it. The search suggestions and results are significantly less useful than what I saw on Google; the results I used to see on the top of the page have gone down toward the middle. However, it is not a huge inconvenience; it is expected of a search engine that is not personalized. Overall, I would highly recommend DuckDuckGo as an alternative search engine. As a bonus, it is free and open source!

 

Email

Transitioning email providers seems like a lot of work. Imagine if you had to access the account of every website you’ve ever registered your email address to. That’s what I’ve had to do over the past 2 weeks; there are some accounts I had even forgotten that I had! Before we get to that, we need an email provider. I had the choices narrowed down to two: ProtonMail and FastMail. Self-hosting a web server is also a possibility, but you will still have to have a third-party email address to register a domain for it.

ProtonMail is the provider of choice if you want absolute security and privacy. It is an email provider hosted from Switzerland, where there are strict laws that enforce the privacy of users’ data. They do not track any personal data, meaning they cannot provide any direct proof that a certain person is linked to a certain mailbox unless the mailbox becomes decrypted and personally-identifiable information is found. It also enforces that emails be encrypted end-to-end, meaning only the user holds the key that can decrypt messages stored on the server. The only disadvantage is that end-to-end encryption is not supported by common email clients like Thunderbird; you must download and install their own app. Bonus: it is open source and provides free accounts with limited capacity. The standard plan is 48 EUR (USD 54.12) per year.

FastMail is another privacy-oriented e-mail provider that is hosted from Australia, which is another nation that has very strict privacy and anti-surveillance laws. Its advantage over ProtonMail is that it provides compatibility with IMAP/POP clients like Mozilla Thunderbird; however, that means that they can read messages on the server. This is not so bad; they still state that they do not use your personal information and do not cooperate with blanket surveillance agencies. They have 2 plans aimed at personal use, priced at USD 30 and 50 per year, with the main difference being the amount of storage available for your inbox. They also have a professional plan for USD 90 per year with even more storage and features targeted at business owners.

In the end, I chose FastMail for my personal needs. In the long run, I will be spending less for a few tradeoffs in privacy. I am currently on the $30 plan and will switch to $50 later if I run out of storage.

 

Stay tuned for next time; we will be talking about media and productivity apps!

Why I’m migrating away from my Google account.

Google has served me well as a productivity tool over the years. It started as my default search engine and quickly became one of my most visited sites on the Internet. I adopted their new technologies like GMail, Docs, Drive, Maps, and even Chrome, the very browser that was my go-to for years. I’ve gotten knee-deep in all of the convenience that Google has offered me, but at what cost?

A few years ago, I realized that I was paying the price of privacy for this seemingly free service. Google’s sole goal is not to make its users better off. Its primary goal is to make money. When you use their services, you are agreeing to let the machine use your personal data to make money for the employees and executives. It is important to remember that Google is a marketing company; their largest function is to mine data and sell it to advertisers via their ad services. It uses your data to provide ads that are targeted toward you, that may interest you, so their ad platform can generate more revenue for more clicks.

I’m not saying that Google is an inherently bad organization. Their tactics are completely legitimate; they don’t refrain from telling you what data they’re gathering on you. The issue is that most people don’t read the terms and conditions or the privacy policy of online services, where companies are legally bound to tell you what they’re doing (well, unless the government says they can’t tell you, but that’s another story). My goal with this transition and public announcement is simply to spread awareness.

I strongly encourage you to read the terms of the major technology corporations, particularly Google, Apple, and Microsoft, and determine for yourself whether the data you’re giving them is worth the convenience. It will make you one of two types of people. You will either become an apathetic with nothing to hide, or you will take action to protect your privacy. The choice is ultimately up to you. It may be a difficult choice to make, but making it is better than living in ignorance.

Plans for a new website that I want to host.

I’ve become more interested recently in participating in wargames on the Internet. If you don’t know what those are, they are not games with any sort of violence or aggression. They are machines and networks that contain sets of challenges that the user must complete using hacking skills. Because the owners provide consent to hack within the bounds of the game, it is a perfectly legal scenario that promotes ethical hacking. Wargames are seen as a form of awareness for “sloppy” coding practices that may create system vulnerabilities. The hosts of wargames hope that such games will help coders recognize security flaws in the code that they are writing, which will lead to a much safer and more secure Internet.

Some of the wargaming networks that I visit frequently are smashthestack.org, io.netgarage.org, and overthewire.org. That last website has a game called the “warzone” which they are beta-testing at the moment. It is a simulated Internet that users can connect to. It is expanding the hacking environment out from a single machine into a network of machines. In short, this game has inspired me and I’d like to start my own “warzone” too.

My idea is a network where devices are distinguished into two groups: the hackables and non-hackables. For example, a server hosting a wargame would be categorized as “hackable” whereas a script-kiddie who just wants to connect to the wargame server would be a “non-hackable.” The difference is that machines specified as “non-hackable” would have a inbound firewall that is provided by the network simulation software. This is an easy way to manage “consent” so that a user can easily protect his computer if he doesn’t want it to be hacked.

Hackable machines, on the other hand, are able to connect to the network with no restrictions on either inbound or outbound connections. Of course, connecting to the network as a “hackable” means that you give your consent to others that they can hack you; however, you would  be able to specify what extent of hacking is allowed. For instance, a server with unprivileged SSH users as part of a wargame might have terms saying you can only use those users and not attempt to gain access to anything else.

This idea is still a work in progress, so if you have any suggestions, I’d be glad to hear them!

LD36 Update: A little progress.

I only got to spend about 2 hours on my game today due to other things on my schedule. With the time remaining, there is no way that I will be able to completely finish the game, even for the Jam. However, I will still continue to develop it until it is finished, posting updates here as usual when I hit major milestones.

Today, I did a little more art and put it together in code. Currently, you can drag and drop the various parts (motherboard, psu, hard drive) around the screen. Sorry that I cant post images or video this time, I am too tired 😛 Tomorrow I’ll do more graphic design and hopefully add “connections”  between components to the code!

Migration to GitLab!

Hey guys, I’ve been introduced to a new cloud service called GitLab. It is a free code collaboration utility based on the Git version control system. Besides VCS, it has features like issue tracking and continuous integration built-in. So, for all of my new projects, I’ll be using this instead of my GitHub. (Note: All of my GitHub stuff will still be available online. I will simply not check it as often.)

You can visit my personal account at https://gitlab.com/u/AGausmann and the group associated with my YouTube channel at https://gitlab.com/groups/NonemuNinja . I hope this transition goes well!

Open Redstone Engineers server outage

The server running the ORE website has been compromised. We have determined what the problem was and are in the process of fixing it.

Our Minecraft, IRC, and Discord services are still running. Here is the connection info:

Minecraft: mc.openredstone.org, sc.openredstone.org, ss.openredstone.org
IRC: #openredstone at irc.openredstone.org
Discord: Invitation only; ask a staff member at one of the services listed above.

We are sorry for any inconvenience this downtime may cause.

Networking disabled

Hi there,

We are sorry to report that we have detected what appears to be a large flood of traffic from one or more of your servers that is disrupting the normal traffic flow for other users.

To prevent this traffic from causing further disruption, we have disabled the networking interface on the server or servers involved.

Please take action at your earliest convenience in order to investigate and resolve the situation. Once this is done, if you determine the program was malicious, please also determine how this software came to be installed on your droplet and prevent it from being installed again in the future. As soon as this is done let us know and we will investigate re-enabling your networking.

Please understand that this is a very serious issue as it negatively impacts our platform and your server. If you have any questions just let us know.

Thank you,
DigitalOcean Support

TLS Encryption from Let’s Encrypt!

Today, the Let’s Encrypt Public Beta has come out. I’ve wasted no time in obtaining SSL certificates for all of my subdomains; however, Jenkins is still awaiting a certificate. By Saturday, every service will be fully encrypted with HTTPS, which includes permanent redirects from all HTTP services to their HTTPS counterparts.
I’m really excited for this change that Let’s Encrypt is bringing to the Internet. Today, data encryption has become a must-have in order to protect websites and their users. Now I’m going to go get an extra hour of sleep tonight, feeling protected by the new encryption. See you guys! <3 nonemu