Adventures in De-Googgling (Part 1)

I have been an enthusiastic user of Google’s products for well over a decade. I eagerly gobbled up Gmail beta invite codes during the closed beta to make sure I could reserve all of my favorite 1337 hacker usernames (ah, the dubious tastes of youth). When GSuite launched (back in my day we called it “Google Apps for Domains”) I took advantage of the free tier to get Gmail-powered email and calendaring on my own domains. Having hosted my own mail servers and crappy webmail instances for many years, switching to Gmail and keeping my own branded domain names seemed at the time like just a click or two away from total Nirvana.

Fast forward 10 years to our present dystopian free-market surveillance state. It’s become clear that we struck a devil’s bargain with Google, enthusiastically feeding them huge volumes of seemingly-irrelevant data so they can monetize us like billions of golden-fleeced sheep. I don’t know what my “spirit animal” would be, but I’m damn sure it’s not a sheep, gilded or otherwise. Time to cast off the shackles of ad-tech dark patterns and rediscover the freedoms our ancestors enjoyed all those many few years ago.

Vive la Resistance!

Getting out of a relationship spanning over ten years is never easy. When that relationship is with the email provider which has borne witness to nearly every aspect of your life, your hopes, your dreams, your triumphs, and your crushing defeats, getting out becomes particularly difficult. It’s natural for one’s resolve to weaken, to start to rationalize sticking it out, to make excuses for bad behavior and exaggerate the good times you may have had. But enough is enough. We’ve made excuses for too long. The line must be drawn here.

Exit Strategy

When I began to research alternatives, I was dismayed to discover that Google have done an excellent job of making their tools much more convenient and easy than competing solutions. Getting out from under the Google Panopticon is going to require some adjustments, some new workflows, and, yes, some rough edges.

I have five domains operating on GSuite, plus a few @gmail.com addresses I still use for legacy purposes. I use Google for email and I’m utterly dependent upon Google’s contacts and calendar features. I use the Gmail app on my Android phone, and I take advantage of the seamless sync between my various devices. This isn’t going to be quick or easy, and it will need to be an incremental migration.

To start with, I’ve decided to migrate my oldest domain name, which I’ve had since 1998. This contains an archive of most of the mail I’ve received over that time, but this is an address I use primarily for commercial purposes (e-commerce logins, dev account logins, etc). Thus it’s probably the largest mailbox I have to migrate, but also the lowest stakes in terms of needing to achieve a perfect migration. What’s more, I don’t actually use the Calendar or Contacts features on this GSuite domain, so I can focus specifically on migrating email, and see how that goes.

Where to?

There are two possible providers on my short list:

• Fastmail
• ProtonMail

Both have strong reputations, are foreign to the US jurisdiction (though Fastmail servers are in the US), and pursue monetization strategies that do not involve ads or privacy violations.

I like the idea of ProtonMail better because they guarantee privacy not just from mass government surveillance and data brokers, but from themselves. All mail is stored encrypted using an OpenPGP key pair which is generated on the browser and not available to ProtonMail engineers. While using ProtonMail still requires trusting the ProtonMail leadership and engineers not to backdoor their clients or web interface, at least there are some reasons to trust ProtonMail. Not only is their business model predicated upon being cryptographically hardened against surveillance by both corporations and governments, but even if that’s all a scam and they secretly cooperate with the NSA and the Five Eyes that’s still better than the behaviors that Google has publicly and explicitly admitted to, to say nothing of the undisclosed chicanery we don’t know about.

Something about ProtonMail also appeals to the 16 year old cipherpunk in me, who came of age at a time when The Man was trying to ban PGP and force us all to use key-escrow crypto and put Clipper chips in TVs. At the time, merely downloading PGP and sending an encrypted email felt like a powerful gesture of defiance, as if I were wielding some futuristic weapon against which the combined might of the world’s superpower was powerless. By the time I was 17 I had a real job and needed to communicate with people for practical purposes, so the allure of PGP and web-of-trust and decentralized cryptographic security gave way to the more practical appeal of other people actually reading my messages. ProtonMail promises to bring back some of that thrill of defiance, at least to the extent I correspond with other ProtonMail users.

That’s not to cast any aspersions on Fastmail, which I’ve used in the past and would not hesitate to use again. Their Austrailian leadership clearly seem to get privacy, and they’ve blogged in the past about their stance on law enforcement inquiries and they make a convincing argument for the strength of their privacy model. They’re also a much more mature company and have a much richer feature set (like, for example, a working Calendar feature).

I plan to migrate my first domain over to ProtonMail to see how it goes. Depending upon the result, I will decide how to proceed from there.

Onward to Victory!

Next step is to set up a ProtonMail account and figure out how to migrate the first Gmail account over.