Why Use Encrypted Messaging & Email?

I’ve come to realize that it’s actually pretty difficult persuading friends and family to switch to an encrypted messaging service. From my personal experience it really boils down to two things: 1) most people don’t care about (or necessarily understand) digital privacy and verbatim will often state the “I have nothing to hide” or “you’re being monitored anyway” argument; and 2) they don’t want to go through the trouble of installing another app on their phone – oftentimes Facebook Messenger is the app that they and all their friends use and anything with a word like “encryption” sounds hard.

Why We Need Encryption

We live in an age where normal people believe the government in spying on you and giant internet companies collect every piece of data about you, and it’s crazy to believe that they’re not doing these things. Using an encrypting communications services is one way to mitigate this for anyone who still believes they have a fourth amendment right. If any company, state, or simply a bad actor intercepts your communication that is end to end encrypted all they will see is random blogs of garbage since your intended recipient is the only one with they key to decrypt it. This type of communication is absolutely vital for journalists and people under oppressive governments, but normal everyday people as well. Now my threat model isn’t that of a journalist or someone living in an oppressive country, but being in the United States, I’m personally more concerned about surveillance capitalism.

This isn’t to say there’s other ways to intercept communications on your device. For example, an adversary could install a malicious application on your device without your knowledge that records everything you do on your device – or simply stand over your shoulder and read your messages.

Facebook – The Advertising Behemoth

Facebook collects information not just about what you “like”, what you watch, who you engage with, and what you’re doing online even when you’re not using their services – they also collect data from your personal messages on Facebook Messenger. This information combined into a neat advertising profile in which Facebook sells the keys to the highest bidder, namely advertisers. This profile is essentially a score about what you’re likely to engage with (ie a click, like, comment, share, etc).

Advertising by it’s very nature is a means to manipulate you into performing an action (in this case clicking/viewing) with the ultimate goal of buying a product or even swaying you who to vote for. I should note that I’m not saying that Facebook directly shares your entire message with advertisers (at least not to my knowledge), but by scanning your conversations they’re able to further build an advertising profile about you which is then shared with advertisers. Of course we all agreed to this type of data collection when we signed up for the service, but I’m willing to bet that you (like me) didn’t read through the Terms of Service.

I’m picking on Facebook here, but other messaging services will often do the same thing.

Why not revert back to SMS?

This is pretty straight forward. First of all, wireless carriers have begun implementing encryption into SMS, though every carrier is different and I for one wouldn’t trust carriers with the keys to my personal data.

Secondly, we have become accustomed to rich messaging services where we can send higher resolution photos, videos, GIFs, stickers, read receipts, voice messages, and seeing when the other person is writing a reply, it’s a hard task to convince people to go back to the limitations of SMS. With Signal, my preferred encrypted messaging app, your account is essentially your phone number which makes it significantly easier to transition as most of my friends still have each others numbers. However you also get the added benefit of not only rich messaging but also end-to-end encryption.

Conclusion

When people (ie normies) hear the word “encryption”, then tend to lose interest and run the opposite direction because it sounds complicated. The reality is that it’s far from being complicated especially with services like Signal and Protonmail at our disposal and are completely free for anyone to use. With these services we are not the product. Signal happens to be a non-profit and has received a large donation from the co-founder of WhatsApp (which is a very interesting story and I recommend you read up on it). Protonmail has paid tiers for more storage, more customization, the use of custom domains, and more. Do yourself a favor by checking out these tools and maybe take back control of your privacy.

Donating to Security and Privacy Advocating Organizations & Projects

After recently paying off my student loans, I have been giving some thought to making regular monthly donations to various organizations. Specifically to non-profit organizations, services, and tools that advocate privacy, security, and open source.

Also, I’m privileged to have a job that has only been minimally impacted by the COVID-19 pandemic. With the recent stimulus check from the US government, I decided to donate a portion of it to two organizations: the Signal Foundation and the Electronic Frontier Foundation.

Signal Foundation
I use the encrypted messaging service Signal everyday. Using an end-to-end encrypted messaging service that doesn’t collect my data, read my message, or serve me advertisements based on my messages/usage is a breath of fresh air in the current technological climate we’re living in. I’ve managed to convince getting my girlfriend, my family, and my group of friends to exclusively communicate on it, which I consider a huge win – it’s actually fairly difficult to convince all of your friends and family to install an app on their phone. Signal has an interesting background with the co-founders having strong moral code. Signal is, of course, free and open source software.

Electronic Frontier Foundation
I’ve been a long time supporter of the EFF so my college days. The Electronic Frontier Foundation’s core mission is to focus on digital rights and provides funds for legal defense, defends individuals and new technology from abusive legal threats, works to expose government misconduct (ex: government mass surveillance), supports new technologies which preserves personal freedoms and online civil liberties (ex: TOR), challenges potential legislation that could infringe on personal liberties and fair use (ex: net neutrality), among other things.

Some organizations I plan to donate to in the future the Free Software Foundation, the Linux Mint team, Mozilla, Privacytools.io, the TOR Project, and LibreOffice.

The End of Ownership in a Digital Age

I was an early adopter to Google’s Daydream VR product. What drew me to Daydream as a platform was how easy and cheaper it was to experience VR (albeit not nearly as high end as other VR platforms like the HTC Vive or Facebook Oculus). I spent around $100 on Daydream applications and games throughout it’s life. I was okay with it at the time because I wanted to support the platform and developers because in my mind, this platform was the most cost-effective way to bring virtual reality to the masses. Unfortunately, Google being Google, they decided to kill Daydream in 2019.

One of the last purchases I made on the platform Blade Runner Revelations about a year ago which was launched just after the Bladerunner 2049 film. It was one of the better Google Daydream VR experiences available and I’m also a fan of the original film. However, I recently picked up a used Pixel 2 XL and wanted to try out the slightly larger display only to discover that Blade Runner Revelations has been completely pulled from the Play Store! Here’s the link where the app should be. I tried numerous ways to obtain the original APK, but unfortunately I wiped my 2016 Pixel XL so transferring the the application wasn’t an option.

What I find particular odd and alarming was also the fact that the original transaction was removed from my Google Play transaction history. I am the type that practices inbox zero, so I wasn’t able to pull up my receipt because I deleted the original purchase confirmation email (note to self: don’t delete receipts). The only way I was able to pull up any proof of the original purchase was scouring my bank statement.

The story here is that the company and developer Alcon Interactive pulled the game about a year after the I made the purchase, then Google removed the transaction record from my Google Play Order History. This is a very shady business practice by not only the developer, but by Google as well.

The sad thing about this situation is that this has happened to me at least half a dozen times with other games and applications I’ve purchased from the Google Play Store throughout the years. This is one of the reasons I deleted my Google account and no longer use any of Google’s services (except under certain circumstances for work).

We live in an age where we no longer own the things we purchase. The difference between buying content now versus 20 years ago is when we purchase digital content today, we do not own anything – we obtain a license to consume the content temporarily, that is until the platform, company, or developer decides it’s no longer making them any money. The content gets pulled from the service and you and I, the customer, have to eat the cost.

This may not come as much of a surprise if you’re a user of Netflix or Spotify, but there’s other digital distribution services like Amazon, YouTube, or Steam where you “purchase” a book, movie, or a game from their platform, but consumers are seldom aware that they’re not actually purchasing property – they’re purchasing a license that don’t hold their best interests. Additionally, software vendor can delete it from your device at anytime without any warning or explanation.

At the end of the day, where does this leave us? In the situation I shared above, the developer has completely pulled the game I paid for and Google has completely erased the transaction record. Ultimately, this has strongly encouraged me to try and find a pirated version of the game – which is copyright infringement despite the fact that I already paid money to access the game. I believe creators should get paid for their work, but if it means I have pay for a license that could be revoked at anytime, I will more than likely pirate the content instead. On the other hand, this also means finding content on sketchy websites which is especially an issue when it comes to software. Installing a random APK from a sketchy website is not something I’ll do or encourage anyone else to do. At this point, I’m simply considering it a loss.

While writing this, I did some searches and found the book called ‘The End of Ownership‘ which I haven’t read yet but intend on checking out. The authors share the story similar to mine (but much more ironic) where Amazon deleted George Orwell’s 1984 from Kindles several years ago. Like most of us, these readers thought they owned their digital copies of 1984… until they didn’t.

Getting My Data Back From Google

Over the last year or so, I’ve been in the process of  weening my digital life off of Google’s services. There’s a variety of reasons why I began doing this such as privacy concerns, the fact that Google routinely kills products, and the risk of losing access to my account (this would especially be problematic as I was heavily invested into the Google ecosystem) – however, I’ll probably get into all these reasons another time.

This post is mostly a rant, but also a warning to anyone else out there trying to get your data back from Google’s services. This has not been a fun experience I’ll share another post about what I’ve switched to in place of these services, but ultimately I believe in privacy, security, diversification, and compartmentalization when considering an alternative.

Google Play Music
Using Google’s Music Manager, I was able to download all the music I had uploaded to Google Play Music. Unfortunately, I had a series of issues like having some songs missing, albums and artists being split into multiple folders, and even “clean” versions of songs being downloaded rather than the original mp3 with “dirty” lyrics – I’m not exactly sure how this happened. Additionally, any file that had a name longer than 25 or so characters were shortened. For example a Boards of Canada song with the file named “A Beautiful Place Out In The County.mp3” would be downloaded as “A Beautiful Place Out In .mp3”. This becomes especially annoying if you have files of songs with guest artists.

Google Drive
This was a bit more simpler than the other services, although I was missing roughly 10% of my files when I had downloaded in bulk, especially folders with a large number of files. I used the web version of Google Drive for the most part, but I remembered Google’s Sync tool. I was able to use Sync to download the rest of my files, unfortunately it’s only available on Windows and Mac (no Linux support).

Google Photos
This has been by far the most frustrating experience of all and I believe that this process is intentionally difficult to make it harder to switch. This whole experience would have been a lot simpler had Google kept the Photos integrated into the Sync tool or if they still made it possible to manage/view your photos from Google Drive. The only way to get all of your photos at once is to use Google’s Takeout tool which takes quite a while since I had around 80+ gbs of data in total and came out to 32 separate 2gb zip files.

  • All of the metadata (ie the time, date, location, device, etc) have been stripped out of the original image and into a separate .json file. I’m still trying to figure out how to merge this file back into the original image, but there’s no way to tell when the photo was taken other than the folder which only identifies the year.
  • There’s almost no organization to the photos and they’re scattered into multiple folders.
  • There are folders but missing data. For example, I had uploaded a folder titled “2005”, but the only file in the folder is a .json.
  • Some photos are not their original resolution and are basically the size of a thumbnail.

I’m still trying to figure out to get all my data exported intact from Google Photos. I’m considering going through the process again as it’s possible one of the issues is a 2gb zip not being properly exported.

Google Play Books
I’d say about half of the books I had uploaded could not be downloaded – this includes both PDF and ePub file format. There didn’t seem to be any rhyme or reason as to why I wasn’t able to download them. Some would download after 3 or 4 attempts but anything beyond this I just gave up. After dealing with Google Photos, I simply downloaded what I could and then deleted everything.

At the end of the day, I suggest against relying heavily on Google services. Their services are certainly easy and convenient, but I don’t believe in sacrificing freedom and control for the sake of convenience. I’ve since opted to store my files locally with a redundant cloud backup of everything just in case my laptop explodes. I will write another post soon about replacements.