Nearly a decade ago I discovered the power of controlling my environment by being deliberate in how I wanted to operate. This consisted of reflecting on what “systems” I wanted to use and what mental models served me. This ranged from the delightfully banal (“how do I want to hang my washing?”) to the rather more esoteric (“I desire my wallet to function exactly like this”), which often brought an associated step of having to build that thing.
It’s been a decade since I last actively designed my digital life and a few things have conspired to prompt a more broad review:
- Over the past decade Google has shut down Wave, Reader, and recently Inbox, making my world a little bit less good each time, and the service removal entirely out of my control.
- Earlier this year, Dropbox started changing its offering away from what I had signed up for (a sync service) and toward more of a 1-stop business collaboration platform, and I don’t even get a choice to stick with what I’ve got - I will be moved to their new thing next billing cycle, effectively putting a timer on my time with Dropbox.
- The refrain for increased privacy continues, meanwhile I shop my phone number to every one who asked for two-factor authentication to “be more secure”.
- Some conversations with a group of friends (collectively we are the Privacy Badgers!) has highlighted that reasoning about the services we use is hard, and it’d be good to understand if there are any heuristics we can create to actually have half a chance of talking about privacy and security without devolving into full-blown tin-foil hat territory.
Service closures and alterations
In reaction to the first few service closures (Wave, Reader), I moved service. First to Google Docs, then later to Feedly. With Inbox, I got punted back to Gmail (bleh). But each replacement service has felt second rate and failed to have key features that I was using, effectively making my life harder than it used to be by small increments. I feel my habits a being forcibly changed to come into line with whatever is driving company decisions (likely versions of “not enough people used this feature” and “we can’t find a way to charge for this”). Rather than allowing me to grow and improve my use of a thing, it is just taken away.
Earlier in 2018 I started paying for Dropbox, for two reasons: 1. Because they met a need I had and 2. To show that need had value to me at that price point. Changing the service to something I don’t want right now and increasing my subscription forces a re-evaluation of what I’m using and if the value of the service is worth the price of entry (spoiler, for me: I don’t think it is).
Security and privacy
The Dropbox changes prompted me to look at how they keep my files and I (re)discovered they restrict access to users files by policy rather than by technology so things like financial records I cannot keep in Dropbox. But I’m totally happy to leave notes and upload pictures there for convenience. Or am I, if I really think about it? What does Google do with my stuff? And what about my passwords and keys? Are they okay? Am I okay with how I give out my email? I don’t have answers, just more questions.
So the metaphorical pot has been on the stove for some time for me, and now it’s started to boil over. I need to get a better handle of how I want to operate and find services that meet my needs. I want a way of making judgement calls on “fit” and I want to understand what risks I’m taking when I bring a 3rd party service into my life.
Upgrading from a knee-jerk reaction to a journey
This started as an experiment, in reaction to taking away things I liked, but as I’ve explored the ideas swirling around the pot with my fellow Privacy Badgers, this has become the first step on a journey about ownership. Ownership of the servers and technology: maybe. Taking responsibility for being informed, owning the decisions and risks and understanding what exactly the costs are to me: definitely.
The goal of this journey is to be able to reason about and rationalise what services I use and why, articulating the risks of each service I interact with.
Since this is such a huge fertile ground for doing stuff around, I want to focus on 3 outcomes:
Understanding the risks of using services - apparently even the ones you pay for can just go away, and am I really okay willingly giving up my search history to Google? What do I get in return? What have I lost?
Simplifying the technology in my life - I have many email accounts (why?!) and some complex and weird interactions between devices and services. Some stuff in in gdocs, some on my hard drive, some in Dropbox … some is synced to phones and tablets, some not. Some stuff is 2FA with my phone, some with apps, some with hardware. It’s complicated.
Ability to design how I want to interact with technology in my life - it’s complicated because it’s organically grown this way over the past 2 decades. 3rd party services have filled gaps or plugged holes that have adjusted some of my habits, chafed against others, and fitted perfectly at the time. Evolution has gotten me a long way, but it’s time to reflect and be a little more deliberate. Thinking longer term, this digital decluttering is also a gift to my executors - one neat account list should be nice and easy to deal with.
Questions to answer
So that’s why I’m doing this. Let’s look at how I’m going to tackle this. There’s some themes and commonality that’s come out of thinking about this, in no particular order:
What do I want my relationship with Google to look like? I used a lot of their products, services and software. Is that okay? Do I care to be one more free customer, do I get something more if I pay, or can/should I vote with my feet and go other places? Is keeping my eggs all in one basket a good idea? Extending that to other large providers like Facebook, Amazon, Apple, Microsoft and possibly further is one thing I need to get a handle on.
How secure is my digital identity? Lots of two-factor authentication stuff going on and backup emails and phones, but is it enough to keep me “secure”? Is it too much? Is it too much of the wrong stuff? No reasonable way to rationalise this right now, but we’ll take a look, and see how this intersects with my credit card and other payment services.
WTF is privacy and why should I care? It seems that “privacy concerns” are now as deeply entangled into the internet as “http”, but what are privacy concerns? What’s my stance on this and where is the line, exactly between “I’m willing to offer this data” and “You don’t get to know that about me”. This intersects with security too, since with no privacy, security becomes harder … but does it matter and is security technology being designed to fit a world without privacy anyway?
Having figured out some of the boundaries and established some beliefs, if I now define my interactions with technology and I want to live, can that be created? If I want notes synced here and here, but not here, and I know that two-factor authentication over here with a specific app over there is right, can I identify the core services upon which to build out from? Am I missing any? What needs to be built/bought/traded for?
Putting the starting state on the record
It’s entirely possible for me to change how I feel as I go along and explore and experiment with those questions. For the record, to avoid the inevitable hindsight bias, I currently feel …
- … ad tracking is bad, I hate all the popups.
- … ads are bad: targeted ads are worse because they know about me.
- … ads are bad: they’re annoying and I’d rather pay for content (but I don’t).
- … annoyed at Google for having pulled things I like. Doubly so since I used to be a huge advocate for them, and now I just feel jilted.
- … like I am putting too many of my digital eggs in the same basket, relying heavily on Google for many aspects of my life.
- … comfortable with using Amazon. Why is this different to Google?.
- … pretty uncomfortable with Facebook but I couldn’t tell you why.
- … weird at making accounts with Samsung to sync things.
- … my accounts are pretty secure, although I have felt more secure in the past.
- … like I have too many services, and a fair few that don’t quite work the way I want, but if pressed I couldn’t tell you what “the right number” is or which ones don’t work for me.
- … like I should be using a VPN all the time because privacy but it’s money and fuss, and because I can’t reason about what I’m gaining, I find the value proposition unquantifiable.
- … HTTPS is good.
- … GDPR in theory is good but in practice, in some areas, is crap. The forced weird UX around cookies makes me sad and long for a cleaner, older, internet.
Even now, having only done a small amount of work articulating this and changing some of the services I use, my view on the above is shifting. More on that later.
With any luck, as a side effect of going through these exercises, I’ll find, remember or develop some mental models I can use in the future to help keep my technology simple, and crucially, in service to me; not the other way around.
A big thank you to the Privacy Badgers for their consultation, proof-reading and additional research.