When Google launched Gmail back in 2004, I was a college sophomore still using a free Yahoo! account that I’d set up as a high school freshman. My university did offer an email service, but it was old, slow and didn’t offer much space. Like 5MB or something like that (yes, 5 MB, that’s not a typo).
The two biggest problems I had at the time:
-
A regrettable handle. 14 year old me chose an email handle that 20 year old me had to live with, and the older I got, the more embarrassed I was to give it out. But all the saner choices I could think of were already taken on most free email platforms.
-
Lack of storage space. My Yahoo! account only offered 6MB. (again, not a typo). I often backed up my school work by saving files in a draft message so that I would have access to them if I misplaced my USB thumb drive. Naturally, this quickly pushed me up to my limit.
They also had a really annoying UI that was crammed with ads. It wasn’t a “problem” per se, but it sucked.
When Gmail was released, I was lucky enough to get a coveted invite early on. They solved my problems: I got a more professional handle in the land rush and an unfathomably large 1GB mailbox to start. Google was constantly increasing the mailbox size as well. The UI was minimalist, and miles ahead of Yahoo!.
I was able to import my entire Yahoo! email box into Gmail and have access to all of my messages without making a dent in my data allowance. Life was good. Yay for Google!
15 Years Later
Today, Google’s tendrils have invaded every corner of the web. Use Chrome? Google is probably receiving some telemetry about your usage and location. Android phone? Same deal. They are tracking you even when you tell them not to. Watch YouTube? Google is monitoring your activity ostensibly to feed your personal recommendation engine. Ever use a reCaptcha? Google. Have a lot of smart home shit? Google is up in that too.
Even if you avoid their products like the plague, many sites you use regularly still send telemetry about you back to Google-owned servers. It’s incredibly hard to avoid data about you making its way back to Google. Post a pic of your car on a message board? Google probably just indexed your license plate. If you’re one of those folks who owns a lot of guns and likes to post pics of them online? Google is capturing your guns’ serial numbers.
And what’s happening with all of this data? Honestly – I don’t think anyone knows completely. What I do know is that a considerable amount of Google’s revenue is through advertising, and they use data mining algorithms against the telemetry they collect to give advertisers unprecedented access to – and influence over – target demographics.
What’s scary is that, as a result, human beings are increasingly unable to distinguish between legitimate content and paid content. Even more, there’s no transparency over who is paying for what. Users can just as easily be targeted by a local deli as by a foreign government interfering in an election.
The Trouble with Gmail
The trouble with Gmail is fundamentally the same one inherent in all social media: “If you’re not paying for a product, then you are the product.”
One of the ways Google makes money from Gmail is by processing your emails and generating relevant ads based on what you send and receive. How this works is proprietary, and I have no idea how long the data persists, or what other purposes it serves.
For example, CNBC recently reported a Google feature that tracks your purchases from non-Google-owned companies. It can’t easily be turned off, and the history it shows can’t be deleted. That’s because the data has been extracted from emails in your inbox. The only way to delete the purchase record is to delete the email from which it was extracted.
Having used Gmail daily for the last 15 years, it goes without saying that by now they presumably have a pretty detailed profile on me. And that my data is probably being used by people I don’t know to influence me. Advertisers, mostly, wanting me to spend money on a product or service. But I can’t rule out political operatives or governments either.
What I really don’t like about Gmail can be distilled down to this: you have to trust Google to abide by their (former) motto “don’t be evil,” even though: A) there’s no reason to trust them, B) and the company is frequently a party to “evil” things, and C) there’s a lot of money to be made with questionable behavior – and the shareholders are greedy.
I was especially taken aback by Eric Schmidt’s authoritarian views on privacy, followed by revelations of their participation in the PRSIM program, and the quiet policy change on matching PII with web tracking. Not to mention their deference to China with respect to the Hong Kong protests.
I already use a number of privacy tools to mitigate against outside influence, but I’m increasingly concerned that it’s not enough. The tech world will catch up to people like me who use ad blockers and sandboxing. Eventually ML techniques will be developed to defeat these tools.
But, I’m not going to make it easy for them. So the time has come to say “goodbye” to Gmail.
Separation
Vendor lock-in was a huge issue. There are a number of problems to solve with getting away from Gmail. Namely:
- What do I use instead?
- How do I transition to another service, when everyone knows this is my main email?
- How do I take my mail and contacts with me?
Here is how I solved each one:
What do I use instead?
I wanted a solution that was secure and supported encryption. I originally thought about running my own mail server on EC2 or Linode or something. That way, I would have absolute control over security and configuration. I could then use Thunderbird or something to manage the mail.
I ultimately rejected that because it’s a really complicated set up and would take a lot of regular work to maintain. And if I messed up, my information would be leaked to worse folks than Google.
After surveying a lot of options, I settled on ProtonMail as a replacement mail service. I love everything about it. It’s feature-rich and easy to use, and has an iOS app. It uses client side public key cryptography to prevent ProtonMail from being able to snoop on my communications if they wanted. Even if they were coerced, they would not be able to give up my emails because I hold the final key. It is the philosophical antithesis of Google.
It’s also free.
I opted to go with a paid plan though, to take advantage of some more advanced features. It’s pretty reasonable cost-wise (less than Netflix). I simply updated some DNS records so I could keep using rob@[this domain]. I also bought a cheap domain I could use for registering with other sites and configured it to be a catch-all so I could use it as my own personal temp-mail.
How do I transition to another service?
I kept both inboxes for a while. I’ve been thinking about this for a while, and have been using aliases on the robsears.com domain when contacting folks or registering for new stuff or updating existing accounts. When I updated the MX records, that was technically all I needed to do to transition anyone or anything hitting me up on the robsears.com domain.
The harder problem was transitioning the contacts and services that still used my Gmail account. I ended up using Google’s export tools to get all of my emails into .mbox files. Because I use tags and email salting, I was able to ascertain who was contacting me the most frequently with grep. I used this to get a list:
cat *.mbox | egrep '^Delivered-To:.*?\+' | sed -E 's/.*: (.*)/\1/' | sort | uniq -c | sort -nr
This gave me a list of all the email addresses that were used to contact me, sorted in order of descending frequency. I used this list to (judiciously) update a bunch of services that I still wanted to be able to contact me.
I handled personal contacts with an auto-responder. All new emails to my Gmail account get a response about how it’s no longer monitored. To get my new address, they need to respond to the email with a special codeword. I then created a filter so that any emails I receive with the code word will get forwarded on to my ProtonMail account.
I figure people who legitimately want to talk to me will read the auto responder and reply with the code word. Spammers, mailing lists and the like won’t bother. It’s a nice filter.
How do I take my mail and contacts with me?
Google Takeout allows you to generate and download a gzip of your data for backup purposes. ProtonMail also has some documentation for users transitioning out of Gmail.
It’s possible to import your messages into ProtonMail using a third party app, but I didn’t bother. I rarely need to search for an email that’s more than a few weeks old. I didn’t want to pollute the new inbox with tens of thousands of emails that I won’t need for a particular purpose. I simply made sure to test that Thunderbird could import the MBOX files okay.
It was much easier to upload the contacts.
How’s It Going?
Honestly, I like ProtonMail a lot so far. It has all of the features I used in Gmail, so I’m not missing anything (except maybe the multiple inboxes app). An additional benefit of this move is that it’s portable. If I want to jump ship again, I can update the MX records and all emails will still be delivered correctly.
The main downsides are that it’s not free ($8/mo) and the inbox is relatively small (5GB). You can buy more space, but it’s kind of a weird billing system. You have to add another user (+$8/mo) to get access to another 5GB; but you can then allocate that space to your inbox and give the new user 0 GB. Why they did this, I have no clue.
The other downside is that there isn’t really a clear way to export your messages. You also need a bridge installed if you want to use an email client like Outlook or Thunderbird. I’ll need to find a way to take and validate backups with some regularity.
It’s fine though. I’m willing to make this trade if it means Google knows less about me. Auf wiedersehen, Gmail!