Recently, the Singapore govt used the TraceTogether data from the COVID tracing app to assist in solving a criminal case.

And suddenly, everyone was concerned about the govt “spying” on them. Many posts were written on both sides – for and against. Personally I don’t see what the issue is – the govt used it to bring a criminal to justice, not like it’s using that data to see what you have been up to. Besides, the amount of info that effort gathered is so minimal – GPS location, time, and other device IDs that your device was less than 10m to (Bluetooth tech).

What people don’t realise is that they are leaking much more data to the Internet than they know. Posting a pic on Instagram, tagging your friends, and geo-tagging it (or tagging a restaurant/resort etc), immediately exposes more info to Instagram (which is a private company, not govt) and you have zero control how they use that info. Since Instagram is owned by Facebook, you know they’ll use it for ads and other “personalization” uses.

So this got me thinking – over the years I have tried to practice safe computing, ie trying to limit my exposure on the net as much as I can. Yet, sometimes I do things which run contrary to this practice, eg on my phone I used my primary Google account on it, which I should NOT have done. I should have created a special “phone” account, so that Google won’t use that data to tie me to my “real” Google account. But yeah it’s been so many years, and honestly I’ve become “dependent” on it. Best I can do now is create a new Google account and let that be my “main” Google account, and relegate this one to being just used for the phone.

Also, when I first registered my domain and got some web hosting for it, due to being lazy, I went straight for Google Apps. It was so quick and easy to do that I just readily gave up my “privacy”.

So now, years later (10 years or so), Google no doubt must have amassed a huge amount of info from my domain and the activity on that domain. That would include the emails and the contents in that domain.

Quick aside – even today, all email messages are PLAINTEXT. That means any human that deliberately looks at the email server which your email is passing through or being kept, they can READ YOUR EMAIL. Yes, this standard was from the 1950s, when Internet first started. It can’t be changed now cuz it’ll break all Internet apps (just like how Intel can’t change the motherboard infrastructure now or else OSes will break).

So, Google can easily get a bot to trawl through all the emails ever passed through or sitting on their servers to build an even more detailed and accurate profile of the user(s). Yes, that includes actual real companies that pay Google for their “Workspaces”.

In my small effort to wrest control of my privacy back, I decided in early Feb 2021 to move all my domain emails to the web host I have been paying yearly for. That should stop Google from building a more detailed profile on my domain, but it won’t undo what Google has collected before this. Sad, I know.

Interestingly, my web host actually has a pretty decent email server setup. It even includes SpamAssassin, which is a pleasant surprise. Since I’ve been so used to Google being able to filter spam out, I thought I’d sorely miss this when I move my emails to my web host. After adding a few sites to the whitelist, I was all set!

And now, in addition, newer versions of Thunderbird (email client) comes with PGP built-in. That means I can finally use my keys which I have generated in years past in my emails! Yes, even though the emails will still be in PLAINTEXT, what the human sees will be a big chunk of random letters, numbers and symbols in place of the real message. Only when it reaches my email client, that I can read the actual message because Thunderbird is able to decode it automatically (after some configuration of course).

So if I can use PGP, why move from Google? Well cuz not everyone knows what PGP is, and even worse, more and newer emails will still arrive for me in regular plaintext. Google Bots will continue to look at the email contents to add more details to my domain activity.

So yes, now my emails are off of Google, I don’t need to use secured email services such as ProtonMail, and Google can’t look at my emails now.

Small win for me, yay.