Cloud email, contacts & calendars without Google

Tricky situationI like Google and a lot of the things it does in the world. When people ask me what free mail, calendaring and contact syncing tools they should use, I usually include Google's services in my answer. But I always explain that they're trading some privacy and ownership of their information for the "free" part of that deal. "You're the product, not the customer" and all that.

For me, I've always tried to avoid having my own data and online activities become the product in someone else's business model. There are plenty of places where I can't or don't do that, and I mostly make those tradeoffs willingly. But so far, I've been able to avoid using Google (and Apple and Microsoft) for managing my personal email, calendaring and contact syncing.

Here's how.

Continue reading Cloud email, contacts & calendars without Google

Chrome extensions to manage online privacy

Privacy

There are a couple of extensions for Chrome that I've been using for a while now to try to maintain or improve my privacy online. Some have been helpful, others haven't. Some mini-reviews:

Terms of Service, Didn't Read

Most every modern website has a "Terms of Service" that governs your interactions with it. The document usually lays out how and when the site will use any data it collects about you - helpful, right? The document is also usually many pages long and would potentially take hours to fully absorb and understand. Terms of Service, Didn't Read is an extension that tries to give you a high-level view of the Terms of Service of the site you're on, based on their team's reading and interpretation of those documents on your behalf. If there are particular concerns related to privacy and personal data use, the extension will flag that when you arrive.

I used this extension for several months, finding it interesting at first to see how the sites I visited regularly measured up to TOSDR's evaluation. But after the initial curiosity wore off, I realized that for the most part, the information here wasn't changing my behavior. If TOSDR flagged something like "The copyright license is broader than necessary" or "This service tracks you on other websites," I'd still have to do some more digging to figure out exactly what that meant, and whether or not I was comfortable with it. So, the information provided by TOSDR is helpful, but not always conveniently actionable when it comes to protecting privacy. (There's a theme in all this: protecting privacy is rarely convenient.)

Continue reading Chrome extensions to manage online privacy

Use the cloud, keep control of your data

Balloons in the Rose GardenAfter ranting recently about the choices we make to give "big data" companies access to our private information in ways that might be abused or exploited by government eavesdroppers, I thought it would be worth sharing some of the options I've found for using "the cloud" while also retaining a reasonable level of control over access to the data stored there.

This post has information about tools and software you can deploy yourself to approximate some of the functionality that third party services might provide, but that might also make you vulnerable to privacy and security vulnerabilities.  It's based on my experiences designing and implementing solutions for my own company, so it's mostly applicable to the interests of businesses and organizations, but may also be useful for personal projects.

A few important disclaimers: any time you make your personal or corporate data available on Internet-connected devices, you're creating a potential privacy and security vulnerability; if you need to keep something truly protected from unauthorized access, think hard first about whether it belongs online at all.  Also, the tools and services I'm listing here are harder to setup and configure than just signing up for one of the more well-known third party services, and may require ongoing maintenance and updates that take time and specialized knowledge.  In some cases, it requires advanced technical skills to deploy these tools at all, which is the reason most people don't or can't go this route.  Hosting and maintaining your own tools can often have a higher initial and/or ongoing cost, depending on what financial value you assign to data privacy.  Sometimes the privacy and security tradeoffs that come with using a third-party service are well worth it.

Still interested in options for using the cloud without giving up control over your data?  Read on.

Email and Calendar Sharing

Need a powerful, free email account?  Need robust calendar management and sharing capabilities? Everybody uses Gmail and Google Calendar, so just sign up for an account there, right?  Unless you don't want Google having access to all of your email communications and usage patterns, and potentially sharing that information with advertisers, government agencies or other entities.

Continue reading Use the cloud, keep control of your data

I have read and agree to the terms of service

NSA Seal

As revelations continue about the US Government capturing and monitoring online activities and communications, I'm glad (and, ok, only a little bit smug) to see that more conversations are happening about just what privacy expectations we should give up by using modern Internet tools and services.

Most of the mainstream conversation has been focused on what information "big data" companies like Google, Twitter, Facebook and Apple do or don't hand over to the government and under what circumstances, and debating where those lines should be.

The built-in assumption here is that it's inevitable that these are the companies that will continue to have access to our private information and communications. I grant that it's a pretty safe assumption - I don't foresee a mass exodus from Facebook or a global boycott on iPhones - but I do think it's important to note that this is a choice we are making as users and consumers of these services.  We are the ones who click through the "terms of service" and "privacy policy" documents without reading them so we can get our hands on cool free stuff, we are the ones who are glad to entrust our intimate exchanges to technology we don't understand.

A certain amount of naiveté about the security and privacy implications of the tools we use is understandable here.  When I've given presentations on email privacy and security issues, some attendees are legitimately gasping at the new understanding that their e-mail messages are traversing the open internet as plain text messages that can potentially be read by any number of parties involved in the management of those servers and networks.  The average user probably assumes that the Internet was designed from the ground up to be a robust and secure way of conducting financial transactions and sending suggestive photos of themselves to amorous contacts.

Continue reading I have read and agree to the terms of service

The Torn-up Credit Card Application

Some people think I'm paranoid when I shred certain documents, or when I lock my doors, or when I dart erratically down the street to avoid giving the snipers a clear line of sight.  But if you've ever needed convincing that a little paranoia is good for you, especially when it comes to how you dispose of those annoying credit card applications you get in the mail, here's a great story from the folks at cockeyed.com: The Torn-Up Credit Card Application.

Basically, the guy took an application ("pre-approved credit line - just sign here and return!"), cut it up into many pieces, reassembled it with tape, filled it out with a change of address and change of phone number, mailed it in, and got the approved, ready-to-use credit card back in the mail at the new address.

Most people probably don't tear those things up, let alone shred, incinerate and bury them like I prefer to.  And while I don't want anyone constantly living in fear that their identity will be stolen, there are some reasonable precautions to take.  After all, it's not paranoia if they're really after you.

Security FAIL

Two stories of security failure for this blustery day:

1) Apparently, all you have to do to throw off the facial recognition software that protects us from identity theft or worse, is smile:

The Indiana Bureau of Motor Vehicles is restricting glasses, hats, scarves -- and even smiles -- in driver's license photographs. The new rules imposed last month were deemed necessary so that facial recognition software can spot fraudulent license applications, said BMV spokesman Dennis Rosebrough.

And then he had the gall to spin it as an improvement, since it would be horrible to admit that humans had done a better job:

The new technology represents an advancement of what the BMV already was doing, Rosebrough said. BMV employees always have looked at the old photo of a person to see if it looked like the person seeking a new license.

FAIL.

2) I was at a local video store yesterday, trying to rent a video using Anna Lisa's account. I gave the cashier her phone number and name, and he said he'd have to call her to verify that it was okay for me to rent on her account. When she didn't pick up, I offered to call her on my cell phone (in case she wasn't picking up the call from an unknown number), and the cashier said, "okay, yeah, just ask her if it's okay and then you can tell me what she said."

FAIL.

Can the President of the U.S. use e-mail?

The Times has a nice little article today about why Barack Obama will probably have to give up the use of his Blackberry - and e-mail altogether - when he becomes President:

As his team prepares a final judgment on whether he can keep using e-mail, perhaps even in a read-only fashion, several authorities in presidential communication said they believed it was highly unlikely that he would be able to do so.

Diana Owen, who leads the American Studies program at Georgetown University, said presidents were not advised to use e-mail because of security risks and fear that messages could be intercepted.

“They could come up with some bulletproof way of protecting his e-mail and digital correspondence, but anything can be hacked,” said Ms. Owen, who has studied how presidents communicate in the Internet era. “The nature of the president’s job is that others can use e-mail for him.”

Surely there's some middle ground to keep a President as tech-savvy as Barack Obama from being forced off of e-mail altogether? I mean, this is the guy who announced his VP pick by SMS text message, for crying out loud.

Here are some scenarios to explore: Continue reading Can the President of the U.S. use e-mail?