Moving away from Google services, 8 years in
On July 1st, 2013, Google shut down Google Reader forever. On that day, I understood that my personal data was at the mercy of a company that might just shut down access to it whenever business incentives lined up.
My digital life almost entirely used to be stored within Google services: emails, personal files, to do lists, photos, RSS subscriptions, contacts, passwords, music playlists, apps, etc. Since then, I’ve been on a journey to reduce my reliance on Google products and to put my eggs in more privacy-friendly baskets, and I’ve come to realize that having agency over my own data is really, really satisfying.
This blog post covers how I migrated away from a dozen Google services to privacy-friendly (and sometimes self-hosted) services instead. Let’s go over those one-by-one and see how they all work (and how you can set them up yourself) Hint: it’s quite fun.
Before we start, it’s worth pointing out my personal device setup:
- Server: Raspberry Pi 3B+ (with a static IP on my LAN)
- Android-based smartphone
- Linux-based laptop (that’s right, my trusty ThinkPad X220)
Okay, with that out of the way, let’s jump in!
Google Reader ➞ Miniflux (self-hosted)
Here it is: the original trigger. When Google Reader shut down, I moved my subscriptions to Feedly, then to Feedbin, and eventually I decided to self-host Miniflux on the Raspberry Pi. Miniflux is super easy to install: it’s a single binary, and from that I simply created a service that runs the binary whenever the Raspberry Pi boots up.
The nice thing about Miniflux is that it provides a Web UI, which I use when reading feeds from my laptop. I simply punch in the IP address of my Raspberry Pi, tack the port where the Miniflux service is running at, and log in. Easy!
For Android however, I use a neat little app called Constaflux. Setting it up is easy too: punch in the IP address and port of your Miniflux service, username and password, and connect. From there, you have a native application that lets you read your RSS feeds on your Android device.
Very happy with this setup. It’s fast, there are no ads, and I greatly enjoy that my data is mine and mine only.
Gmail ➞ ProtonMail
If I was to stop relying on Google services, I needed to work on the one that contained most of my life: Gmail. I decided to go with ProtonMail for multiple reasons: their services are hosted in Switzerland, their products are open-source, and messages are stored with zero-access encryption, as any good online service provider should do. I’m very happy to pay for ProtonMail Plus. Only good experiences with it 4 years in.
Getting started is easy: set up a forwarding rule in Gmail settings so that any emails sent to your Gmail address get forwarded to your ProtonMail address. This way, no need to even have to monitor Gmail account anymore: it’s all going to the ProtonMail address.
The tricky thing however is to change email addresses everywhere: online services, offline businesses, friends and family, etc. Patience is key for this one. I’m still waiting to delete my Gmail account because to this day I receive the odd email to the Gmail address every now and then, though this is becoming less frequent as I’m changing email addresses every time I get those odd emails directly to Gmail. I created a label in ProtonMail for emails that are sent to the Gmail address, so directly in the inbox I can tell when an email was sent directly to the Gmail address (meaning I should let the sender know I changed my email address).
Additionally, if you’d like to migrate the old emails you have in your Gmail account to ProtonMail, you may use Google’s export service Google Takeout, which lets you download an .mbox
file you can then import into ProtonMail.
Google Calendar & Tasks ➞ Radicale (self-hosted)
Good. Gmail is out of the way. But the other big thing I relied on Google for was calendars and tasks. How does one move years of calendar data to another service, and most importantly, which one?
I decided to go with Radicale, a “Free and Open-Source CalDAV and CardDAV Server” I consider in the “set-and-forget” category. I genuinely never bothered with debugging Radicale even 3 years after setting it up. It’s that good.
Radicale is only the “server” part of the setup, meaning it provides a CalDAV API for clients to use to create/update/delete calendar events. To actually manage your calendar, you need to use a client to connect to your Radicale server.
I installed Radicale on my Raspberry Pi 3B+, which, as mentioned earlier, has a static IP on my local area network (LAN). This means that the Raspberry Pi is always available at the same IP address even when my router reboots. Thanks to this, I can point clients on my Android smartphone and on my Linux laptop to that IP address knowing they’ll always be able to talk to Radicale.
On Android, I use DAVx⁵ (previously known as DAVdroid) to connect to the Radicale server (punch in the IP address, username and password, and you’re done), and Etar to actually interact with my calendar (add/update/delete events). I also use ICSx⁵ to read external calendar files (for PagerDuty on-call shifts, for example) so that they show up in Etar. For tasks, I use OpenTasks, which just like Etar also talks to DAVx⁵.
On my laptop, I simply use Thunderbird with the Lightning extension. Doesn’t get any easier than that.
What this provides is a LAN-only set up, meaning my calendar and tasks data are only stored on my Raspberry Pi, Android phone, and Linux laptop. Given that I nearly always come back home (on my local network) at least once a day, I know my data will be synchronized daily. This setup might be a problem however if/when I leave home for an extended period of time with both my laptop and my smartphone, because they won’t have the Radicale server on the Raspberry Pi to communicate with anymore, leaving both my devices out of sync until I come back home. This hasn’t been a problem for me yet, but certainly something to keep in mind.
Google Drive ➞ Syncthing (self-hosted)
I never really used Google Drive for much, but I did have one very important file in there that I used across multiple devices: my KeePass .kdbx database (in an encrypted archive). I removed everything I had in Google Drive, opted for a local-first approach, and started using Syncthing to selectively share what I need. Thanks to Syncthing, I can directly share my KeePass database between my Android smartphone and Linux laptop without needing a third-party to sync anything. I find the simplicity of this setup quite elegant. To access and update my KeePass database, I use KeeWeb on my laptop and Keepass2Android on my Android device.
For occasional file server requirements (say, downloading a PDF on my Kobo e-reader using its web browser), I have two options: I set up nginx on the Raspberry Pi to expose a specific directory as an HTTP file server, so I can copy a file to the Raspberry Pi in that directory to make it available to my LAN; alternatively, I sometimes use Termux on my Android device to spin up an HTTP server in a specific directory. Both approaches work nicely, though I have to say there’s something really fun in spinning up a Python SimpleHTTPServer in the command line on my Android device. :)
Google Photos ➞ external hard drives
I never was one to upload my photographs to a third-party service (Flickr, Picasa, Google Photos, etc.), so I never actually did such a migration, but I want to point out that it’s a good idea to keep your photos to yourself. Never share more than necessary with untrusted third-parties.
I store photos and videos on a pair of external hard drives that I manually mirror 1:1 (your typical RAID 1 pair). This is a weak part of my data setup, because both drives are in the same physical location. If my apartment building burns down, so do all my photos and videos. I’m looking into creating a third copy to store in a remote location (e.g. a trusted friend/relative’s place) to reduce this risk. I’m not there yet, but the end goal is the 3-2-1 backup strategy: “have 3 copies of your data on two different media with one copy off-site for disaster recovery”.
YouTube ➞ Nextcloud
My use case for YouTube is simply sharing videos with friends and family. I’m not a YouTuber that shares content with the entire world, so I don’t need the large-scale capabilities of YouTube, nor its comment and rating system, etc. To power my use case with a privacy-friendly solution, I signed up with Linuxfabrik, a Nextcloud instance hosted in Switzerland (again, for its data privacy laws) with end-to-end encryption. This lets me upload videos and create shareable links with passwords to send to friends and family.
Google Play Music ➞ Spotify
I started using Google Play Music soon after it launched, and eventually they shut it down and later turned it into YouTube Music, so I moved to Spotify. No regrets there: Spotify has a lot more music, great playlist recommendations, and feels much better than Google Play Music did.
Google Keep ➞ Standard Notes
I used to keep (pun unintended) notes and ideas and thoughts in Google Keep, which was easy to use on Android and okay on the web, but eventually discovered Standard Notes, a private and secure (and open-source!) notes app with excellent Web and mobile clients. In fact, I’m writing this blog post in Standard Notes on my ThinkPad X220 using the Standard Notes web UI.
Again, I’m happy to pay for Standard Notes Extended because I know I’m encouraging a small team of people who care about privacy and long-term data integrity. It feels good to pay for something knowing the folks behind the scenes are doing the right thing.
While I could self-host Standard Notes (they have great documentation explaining how to do that), I enjoy having access to my notes from anywhere in the world, so I’m sticking to their hosted solution for now.
Google Maps ➞ OsmAnd
This one, I have to say, I struggle to stick to. Google Maps is just that good. The search feature works really well, and time estimates (with traffic considered) are accurate. As much as I’d like to jump to OsmAnd full-time and delete Google Maps from my Android device, I find that OsmAnd’s search feature doesn’t cut it, and its UI is somewhat confusing. One day! For now, sticking to a combination of the two.
Most importantly: whatever app I use, I always keep location services off unless I actively need them.
Android ➞ (somewhat DeGoogle’d) Android
Another big one. While the Android distributions we run on our devices are based on the Android Open Source Project (AOSP)–which is open to everyone–Google still has a lot of influence on the direction of the operating system and how it connects to Google services. I previously used a custom ROM on my Android device without Google Play Services (though with microG), but I eventually went back to a stock ROM (with Google Play Services) to ensure full functionality with PagerDuty, which I rely on for work purposes. I had a hard time imagining myself justifying why I missed a page with “well I use a custom ROM on my Android phone and somehow the telephony firmware was messed up so I missed all the calls and notifications stopped working so this is why everything’s been down for 2 hours”.
Still, I don’t have a Google account connected on the phone, so no data being shared with Google there, and I uninstalled all Google-powered apps (except Google Maps as mentioned above). I use F-Droid to install apps, and Aurora Store for the occasional non-free app (such as PagerDuty).
Google Search ➞ DuckDuckGo
DuckDuckGo. Enough said. :)
Google Authenticator ➞ ?
All my two-factor authentication codes are currently stored in the Google Authenticator app on my Android device. I intend to move to another solution soon; just need to take the time to actually do it. Still not sure about which solution to pick yet.
Google Chrome ➞ Mozilla Firefox
This one is quite obvious. Download Mozilla Firefox (on mobile too!), install, and enjoy. Consider reading this blog post from Asif Youssuff about privacy in Firefox to improve your experience, and make sure to install an ad content blocker such as uBlock Origin.
This is the result of a few years of thinking about agency over my data, about long-term data integrity failure scenarios, and data privacy in general.
Next step: potentially introduce Tailscale into the mix to safely allow access to the devices on my LAN from anywhere in the world.
Next next step: finally delete that Google account. 🔥