Migrate Outside The Surveillance Ecosystem

As privacy activists, it's not only important to support the tools and organizations with good privacy practices, but also to lead by example when it comes to moving away from the surveillance ecosystem. We cannot afford to compromise our principles simply for convenience.

Here's why and how to move away from Big Tech and embrace alternatives:

The cost of using Big Tech in our privacy work

While using the most popular mainstream tools and platforms for our work might seem efficient at first, there can be an immense cost to it, if these tools and platforms aren't aligned with our privacy values.

1. The first drawback is that by using products that are antithetical to our values, we are directly participating in sustaining anti-privacy corporations and contributing to surveillance capitalism.

2. The second drawback is that simply by using Big Tech tools, we are indirectly promoting the usage of services that are horrible for everyone's privacy.

3. The third drawback is that if we use these tools in our action and communications, we are then endangering the data of others who rely on our expertise to keep their data safe. They might think: "If this privacy advocate asks me to fill a Google form, it's probably safe enough to use Google products for sensitive data."

With great knowledge comes great responsibility. We must protect the data people share with us, even more than we would our own.

1. The fourth drawback is that, as privacy activists, demanding that others use tools violating their privacy rights to communicate with us can damage our credibility, and have a negative impact on the whole community. Observers might think: "If all these privacy advocates use Facebook groups, why should I listen when they recommend that I move away from Facebook?"

2. Finally, the fifth drawback is that we need to be leading by example and demonstrate that it is possible to live a connected life without using privacy-invasive tech.

Because a better world is actually possible, right now. It might not be as easy and as convenient, but it's certainly possible to thrive outside the Big Tech surveillance apparatus, especially for privacy activists and digital rights organizations.

As the saying goes: If not us, then who? If not now, then when?

How to migrate away from privacy-harmful tools and choose better alternatives

What is the best tool?

For each proposed alternative, you should always first consider your own threat model. One tool might be ideal for one person or organization, but another tool might be better for another. Make sure to understand well your threat model in order to choose the tools that are the best for your unique situation.

There are two good news about this:

• First, there are many wonderful alternatives that already exist to support all kind of tasks, and that will preserve your privacy and the privacy of the people you communicate with.

• Second, you don't have to do it all at once! Start your migration process slowly, but be persistent about it over the whole year.

Here's a list of alternative solutions you can start adopting to improve data privacy in your advocacy work:

For individuals and organizations

• Messaging communication: Move your text message communication, audio calls, and video calls to a secure messenger like Signal. Enable features like Signal's username option, and disappearing messages.

• Sensitive messaging communication: If your threat model requires a peer-to-peer solution that doesn't need a phone number and transits over the Tor network, you might want to use an application such as Cwtch or Briar.

• Email communication: Migrate to a privacy-respectful email service that offers end-to-end encryption, such as Proton Mail or Tuta. Make sure to inform yourself about the limitations of email privacy when using email for sensitive communication.

  Service providers disclosure and compatibility

If you use your own custom domain name for email addresses, let the people you communicate with know what your service provider is.

That way, they will know that if they use a compatible service provider, they might benefit from end-to-end encryption protections for the content of their communications with you without requiring any additional steps.

For example, this is the case when emailing from a Proton Mail account to another Proton Mail account, or from a Tuta Mail account to another Tuta Mail account.

</section>

• Document storing and sharing: Move away from privacy-invasive Google products to store and share documents. Instead, use an end-to-end encrypted solution such as CryptPad for your collaborative documents and forms. Proton Drive also offers collaborative documents with Proton Docs and Sheets.

• Storing files: Choose an end-to-end encrypted cloud solution to store and share files. Always keep in mind that if a cloud service provider doesn't offer solid end-to-end encryption, then it can potentially access any of your stored files.

• Surveys: Stop using products such as Google Forms to poll your community. Instead, choose a privacy-focused alternative such as CryptPad Form or Framaforms.

• Online calendar: Your online calendar can be an important source of sensitive data. Moreover, you might store other's people data in it, or use it to share event links with collaborators. It's essential to make sure to use a privacy-protecting solution for online and collaborative calendars.

• Groups and events: When organizing groups or events, be careful to choose platforms that are privacy-respectful and don't require participants to register personal information. Keep in mind that if you only use Facebook groups, you are contributing to people staying on a privacy-invasive platform. If you only use a closed Meetup group, you are demanding people create an account and share their sensitive data in order to join. Instead, use privacy-respectful platforms such as Mobilizon or LAUTI for groups and events, Discourse for forums, or simply use your own website to advertise in-person events.

• Website analytics and cookies: If you own a website for your organization or for your individual advocacy, make sure to remove from it any tracking technologies that could be sending your visitors' data to Google, Facebook, or other advertising corporations. You shouldn't need a cookie banner for your website, because your website shouldn't use any non-essential cookies. If you really need website analytics, try using a privacy-respectful alternative such as Umami or Plausible Analytics.

• Smart devices: Whether you are meeting with other advocates at home or organizing an event, make sure the location is free from Big Tech surveillance devices that might get easily forgotten. This may include a doorbell equipped with a camera, a smart speaker such as Amazon Echo, Google Home or Google Nest, or any other audio or video recording devices that is on. Physically unplug any such devices in the location before guests arrive. If you cannot unplug them, at least provide a proper warning to any guests before they enter the location and the device collects their audio or video data.

• Usage of AI: Be extremely careful if you are using AI platforms. Most current mainstream AI products will send at least some data or metadata to the company's remote server. This can create many privacy issues, ranging from mild to severe. Never use these products to upload data about another person without their prior explicit consent. Ideally, refrain from using any AI tools in your advocacy work entirely.

• Candidates data: If your organization hires people, be mindful of how you handle candidates' data. Try to select privacy-respecting solutions such as email communication instead of using commercial platforms that might share candidates' data with third-parties. Only request the minimum information required from applicants, and always delete all data you are no longer required to keep as soon as you don't need it anymore.

• Availability: Make sure you or your organization is reachable outside the Big Tech ecosystem. If your organization only has a Facebook page, then people without a Facebook account cannot reach out to you. The same is true for other commercial social media. Instead, try to rely on a website you control yourself, or a social network page you can host yourself.

• Social media: Move away from commercial social media platforms. Mainstream platforms are almost all abusing their users' data. By keeping an account there, you are indirectly encouraging your followers to stay there as well, perpetuating the platform's abuse.

While you may want to keep a minimal presence to advertise that you have now moved your activity to a more privacy-respectful platform, you should keep your engagement there to a minimum.

Instead, migrate your advocacy work to better social networks that aren't abusing users' data, and encourage your followers to migrate with you. Choose and support a platform that is more aligned with your privacy values, such as Mastodon or any other open-source non-commercial applications connected to the Fediverse.

More resources

• Alternatives to Big Tech that have been vetted by our community (Privacy Guides)

• Privacy-respecting European tech alternatives (Privacy Guides)

• Helpful articles and tips to migrate out of Big Tech (The Opt Out Project)

• More advices on how to improve your privacy if you are just getting started (Privacy Guides)

אתה צופה בעותק העברי של מדריכי הפרטיות, שתורגם על ידי צוות השפה הפנטסטי שלנו ב- Crowdin. אם אתה מבחין בשגיאה, או רואה קטעים לא מתורגמים בדף זה, אנא שקול לעזור! בקרו ב-Crowdin

You're viewing the עברית copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!