I have lots of old friends who I only maintained sparse contact with. When I let my personal email address die (the address they would all have records of), I did not bother to update them with a new address.
They are all on the platform of some surveillance capitalist (e.g. Google or Microsoft). Google & Microsoft both refuse connections from self-hosted residential servers. And even if they didn’t, I am not willing to feed those surveillance advertisers who obviously don’t limit their surveillance to their users but also inherently everyone who makes contract with their users. I cannot support that or partake in pawning myself to subsidize someone else’s service.
I just wonder if anyone else has taken this step.
You vastly underestimate the average user w.r.t to “capabilities”. You can scrap capability from your statement because the avg user can just as well use protonmail/tuta, or disroot.org, for example.
That leaves “desires”. Two people agree on how to correspond. The desire of someone to use one of the most unethical controversial corporations possible and in an insecure manner that exposes the data to a profitable extent in a privacy-lacking part of the world, and the other party has a higher privacy bar (and/or high moral bar), the party who must adapt is the one with the lower standards. It’s unreasonable to expect someone to lower their privacy standards or to lower their moral standards. If someone’s desire to support Google or MS trumps their desire to stay in touch, then the conversation isn’t worth it to them.
There is a rule of least privilege principle that seems to have escaped you. In the information security discipline, we do not need to justify security measures by default. It’s lack of security that calls for justification. If there were truly a capability problem, that would be reasonable rationale for reduced security. But it’s a phantom excuse. And “desire” is not an acceptable rationale for reduced security.
Your doubling down on the tinfoil claim was a failure simply because the security matter is least important of everything I’ve already said on this. But even if security were purely my sole rationale (as it is for some people), you are still calling the practice of basic well-established infosec principles tinfoil hattery. Pushing this culture of branding sound security practices as paranoia is a socially harmful move that you are partaking in.
I think we might be on slightly different pages here. Nobody is disagreeing with you or saying your wrong, but maybe you should take a step back and look at what your saying. Your calling for a certain level of extremism, which, as I said before, there is nothing inherently wrong with and from your point of view is probably perfectly reasonable. However, it’s not really realistic to expect everyone to abandon the easy and useful tools that they’re comfortable with just to match your views, regardless of the ethics or logic involved.
At least 10 people here believe Google/MS avoidance is “tinfoil hat” paranoia. It’s a stark disagreement on infosec principles. All responders in this thread (apart from 3 exceptions) come from privacy-hostile #Cloudflare instances including yourself. This crowd has little hope of taking privacy seriously.
You’re probably not going to sell anyone on an idea that requires discarding ethics and logic. That’s actually the crux of the problem. The problem exists because people disregard ethics and logic in pursuit of pragmatism.
You seem to be overlooking the fact that Google and MS are inherently exclusive choices. That is, if I try to connect to
gmail-smtp-in.l.google.com, the connection is refused, full stop. Google is blocking me before I send the first packet. So you’re implying that I must go through Google’s hoops in order to not be “extreme”. IMO, that’s an extreme position to take. To expect people to go beyond the norms of established open standards to cater for the extra requirements and special needs of a monopolistic corporation. I must either rent an IP address that’s to Google’s liking at my own expense, or I must establish a contract with another third-party who I must then trust with a centralized view on all my outbound traffic. I’m not supporting that abuse and loss of freedom.Nobody thinks that avoiding the corps is tin-foil paranoia, all any of us are saying it’s that the absolute insistence on cutting off Google/MS at the cost of alienating friends is pretty tin-foily. This is of course entirely your prerogative and, as I keep saying, isn’t necessarily a bad choice, but it’s not really worth it for the rest of us because of the cost of human connection.
Perhaps your right that my instance isn’t the most secure, but I don’t really give a shit because sometimes connecting with people on the Internet over stupid memes is more important than living a paragon of perfect privacy and security.