Privacy mindset: Let's discuss. What's a better strategy to manage trust

There’s usually 2 strategies that people in the privacy community like to follow:

  1. Put all of your trust into one company and no other companies. For ex: You only use the Google/Microsoft/Apple version of everything, for the most part.

Disadvantage: One Big Tech company knows TOO much about you and your life
Advantage: Convenience, and at least it’s only one company who knows so much about you.

  1. Split up your trust across many different companies. You use one specific service from each company, ensure you don’t use too many products by one big tech company. Ex: You use Gmail for email, Microsoft Edge for browsing, Yahoo for search engine, Apple for operating system.

Advantage: No company knows too much about you, each company only knows a small amount of information about you and your life.

Disadvantage: convenience, and now it’s many different tech companies who have some data about you.

So which strategy do you prefer? Any additional advantages/disadvantages of each? Let’s discuss how we choose to control our trust in online services

1 Like

Not sure if the privacy community put much trust into above mentioned companies :sweat_smile:

1 Like

This isn’t strictly true, most Big Tech companies (Google, Meta, Microsoft, etc…) will often share - and sell - data that they have collected from their users with other companies. So your statement of:

Isn’t fully correct as when you use a service, such as Google, they will share (and sell) that information to a range of different companies and entities.

This also applies to your second statement:

As all the companies you have listed (Google, Microsoft, Yahoo, etc…) will share data with each other. This is why many people who are interested in privacy try to stay clear of Big Tech.

1 Like

There may be very few people who operate in just one system. If you only have an iphone and you have any other service with a level of trust say a VPN your in two systems. Use Signal, that’s another system which for example you may share your contacts.
A more likely scenario for a person who claims, I just use a dumb phone, and I have an old android i use just for google maps. I also have a microsoft account just for work, oh and a LinkedIn because I hate my job enough to always look for another job.
Is this scenario bad, maybe not if everything is compartmentalized.

The issue with both of these approaches is that companies share data, so at the end of the day all the companies (and the glowies) know everything about you.

However, you can use encryption, alias emails, and FOSS services to minimise the number of parties you trust, while also giving them the bare minimum amount of information needed for what you want to do.

edit: Approach #2 might work if you don’t have any common indicators between accounts, but that’s highly impractical at best (assuming you’re using shady services).

I use mostly Apple products/services to include iCloud+, Private Relay, and Advanced Data Protection (their E2EE cloud service).

However I keep email and password manager strategically separated. Bitwarden for password management and Proton for email (and VPN). This ensures some redundancy in accounts. If for some reason my Apple account was locked/lost access I would still have email and passwords for other accounts plus local backups of my data. Also if somehow my Proton account was breached the attacker would not have access to my Apple cloud data nor my passwords.

Even if Protonpass or Proton Drive ever reached feature parity with iCloud and Bitwarden I would not go ‘all in’ on Proton due to the need to strategically diversify critical accounts. Any of these services could disappear or lock you out for reasons outside your control (service disruptions, mistaken accusation of service term violations, etc). If you are ‘all in’ on only one you are really screwed.

Same reason it is critical to keep local backups of all your data in addition to a cloud service. If Apple ever got mad at me and locked me out of my Apple account I would still have local copies of all my data.

I know I have to do research to support this claim, but my understanding is that Google and Meta don’t sell data. They sell access to advertising based on data, but they’re not giving the information away. Much of that information is stuff that doesn’t change frequently, so once you sell it there’s no reason to come back for more. The data is their competitive advantage and they have the ad business to support it. For smaller companies or ones that don’t have this turbo-charge ad business, they do sell data because they don’t have an ad network to add value on top of the data they collect, so the most they can do is just sell it.

From that perspective, compartmentalizing the services you use (when it comes to the Big Tech companies) does make sense. Why have duplicates of your data shared between Google and Microsoft for example if you can totally get by with only one of them?

Like others have shared, most folks on this forum graduate away from Big Tech, but the mentality of trust one or a few companies to handle as much for you as possible is still there. Proton and the ecosystem they’re trying to build is proof of that market.

Why choose one approach over another? To me, it depends on how advanced your threat model is and how willing you are to be your own IT department. If there’s only so much you can do or have the mental bandwidth for, you will gravitate to the easier to adopt solutions. If you want to go further, you benefit by spreading out among services.

Google gives away the data for free, it’s the profile used in ad actions. The bidders are given the data, without it each auction wouldn’t have a value, it’s the only way each bidder can determine how valuable the ad space is going to be for them.

The most important part of the profile is the purchase intent and history, which changes a lot. If your internet activity shows that you are interested in X item, then you are worth a lot to all companies that sell X item.

I would love to know more about this if you find any articles about it; Google probably doesn’t ‘sell’ data in the sense that we think, they will most likely share data points with companies as you have said. Selling is a buzz word that is used by the media - Google could be selling data, they might not be, we’ll never know with certainty (hence why I have used the word ‘sell’ to cover all bases)

That is correct, but in the sense that @anon93564765 has used it in they are implying that only one company has access to your data, when in fact they will share some of that data with other companies - some of which could be Big Tech.

In all cases it will end with this: everyone has a different situation, someone’s solution might not work for some, but it might work for others. It is the same when someone says that X solution is the worst you could do, when it could actually be what is achievable to them. It always depends on the person.

1 Like