Why I’m ditching Google

A few months ago, I had moved almost all of my storage into Google Drive, OneDrive, or iCloud depending on the usage.  This allowed me to turn down my old Dell FreeNAS server in an attempt to save on my electric bill.  I’ve never been completely on-board with this model, even though I know I’m keeping some physical backups for emergencies.  It could be that I spend too much time listening to Michael Bazzell and Justin Carroll or the control freak in me, but not having control of my data really bugs me.

The revelations from the Cambridge Analytica debacle stirred up information on just what Facebook, Google, and Apple store.  I won’t go into detail here, as The Guardian and TechDirt have two great articles on this.  This all left me wondering what Google, Microsoft, and Apple are really doing with all of my files, photos, and email.  All of these companies could hand my information over to the government without warning, or could be breached and I would never know.  It’s definitely time to bring everything back in house.

My initial plan is to bring all of my files back down from the cloud and simply store them on my FreeNAS server.  Once that is done, a NextCloud server should provide me a solid way to sync files across devices as well as online collaboration.

What I’m lacking is a plan to privatize my email.  Do I ramp up my ProtonMail account?  Or do I build my own email server?  Both have their pros and cons, but what is really worrisome is what happens to ProtonMail if it simply disappears?  What if our government decides to block access or make it illegal to store your email in another country?  On the other hand, do I really want to take on managing my own email infrastructure?  In the end, I think I will in-house the majority of my email and rely on ProtonMail for secure backup mail client.

I expect the whole process to take several weeks due to current time constraints.  I have FreeNAS back up and running, however I need to get a solid back strategy in place before moving forward.  Ideally, I would have an encrypted cloud-based backup like RSYNC.NET or Amazon S3 combined with a offline physical copy.  I have some details to iron out yet.

Decluttering your social media

I’ve decided that one of my new habits is to keep my social media footprint to a bare minimum.  Listening to the newly discovered Complete Privacy and Security podcast has definitively changed my mind on how I handle my opsec.  Mike and Justin do a great job with describing the ins and outs of exactly how our social media footprint can be used against us in many ways, not only by attackers but also by the company providing the service.  While their take on personal privacy is way too extreme for me, there is definitely something for every infosec professional to glean from this podcast.  I highly recommend it.

Besides covering my opsec, I wanted to purge any potentially embarrassing things that I may have forgotten about on my public persona.  Who knows what impact my party pictures from 2008 might have on getting a job in 2018?  Looks at all of the people who have been seriously burned when something they post goes viral, only to rain down troll hellfire on them when it is later discovered they have a picture of something offensive or embarrassing.

Facebook

Purging my old photos was relatively easy.  You can access almost all of your photos in their respective albums.  I simply deleted the albums that I no longer wanted, and downloaded a ZIP file of the albums that I did want.  When you are judging what to keep and what to toss, remember how many of these photos are likely in your Google or iCloud account as well.  Tagged photos are more problematic.  They require that you manually untag yourself in each one – not a user-friendly task.  I recommend that you hold off until a bit later for the solution to this issue.

Purging my old Facebook posts was not as easy.  At first, I tried purging my Facebook posts manually.  I quickly ran into exactly why more people do not attempt this – Facebook doesn’t make this easy at all.  I spent a couple hours trying to clean up every post manually for the first half of my initial year on Facebook.  The process was brutal and caused a definite carpal tunnel flare up on my mouse hand.

My next attempt was to use a much-discussed Greasemonkey script called “Timeline Cleaner for Facebook.”  The product did not work as advertised, hiding instead of deleting the posts matching my criteria.  The script was also very slow, constantly popping up “script is taking a long time” warnings from Firefox.  I allowed the script to run for about three hours, but it only went back a little over a year in that time.

Finally, I discovered the “Social Book Post Manager” extension for Chrome.  This extension worked exactly as advertised and allows you to delete or hide all posts meeting certain criteria.  I was able to purge everything that could be purged from my first year on Facebook in just a few minutes.  A second run was able to hide everything else in a few seconds.  The only real drawbacks to using this plugin are that you can only delete/hide at most one year at a time and that you cannot automatically hide what you cannot delete.

Twitter

Purging my old Twitter posts was dramatically easier.  TweetDelete is a web service that not only does a one-time purge, but it can also delete your tweets when they hit a certain age.  I simply signed up for the service and let it take care of the rest.  The whole process only took a few minutes.

LinkedIn

I didn’t spend much time cleaning up my LinkedIn history – there just wasn’t a lot there besides my resume.  A few clicks and everything was cleaned up.

Once you have done the bulk cleanup, I suggest you review what is still available publicly.  If there is anything you think might hurt you in the future, you should probably just delete it.