Unless you are in control of the encryption keys (E2EE), assume that everything stored there can be read and accessing by Google.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
If you’ve never worked before, this can be considered practice runs for the when you do.
Like one of the other commentors said, assume everything is accessible by Google and/or your university (and later, your boss, company, organization, …).
And not just you, but the people who interact with you through it. So that means you may be able to put up defenses, but if they don’t (and they most likely do not), the data that you interact with them would likely be accessible as well.
So here are some potential suggestions to minimize private-data access by Google/university while still being able to work with others (adjust things depending on your threat model of course):
- use Google Workspace services only for collaboration and for official business communication
- don’t link things that may be personal, such as Google Map, Youtube, Search history, Browser, …
- if more sensitive things need to be shared with other people, use more private/encrypted solutions that you like or the university suggests. You should use the latter if it’s still “business”-related, e.g. communicate about medical research data with PII
- if there are communications that need sensitive information (eg HR documents, tax documents), ask them (a) if you can bring the sensitive documents to them, (b) or if the university has an encrypted solution, or (c) if you can use your own encrypted solution (eg put files on protondrive and you give them the appropriate folder password in person)
- go through all Google privacy and security settings every 6 months or so, and turn off what you don’t need (there are usually a bunch of guides for that). Note: every 6 months because there may be new stuff that they add
- turn off all the AI integrated features (sometimes called smart features) in Google services like Mail, GDoc, …
- avoid using GDrive for storage of personal files - if you need to, try to encrypt them before uploading
- you may find there are other people like you; and if you work with them, try to ask whether they are comfortable with alternatives or if they have anything suggestions. However, this is usually rare in most fields, so keep your expectations low for this
- use the multi-account containers in Firefox to containerize all stuff related to university account in one container. Don’t use Google Chrome; if you must you Chromium, there are other “forks?” that you can try
- use UBlock Origin and block unnecessary Google services (you’ll have to play around with this a lot)
- avoid clicking on links in emails if possible, but instead copy them by selecting them (or the right click, copy). This is an unfounded suspicion, Google may track what links you click on
Yeah. the can read it unless you encrypt it and own the keys
If you're the only one that needs access to the data, you can PGP encrypt it yourself. If you need shared access, there's no way to protect the contents. Telemetry mitigation is standard.
No way to protect emails, google chats, or many other things AFAIK. Yeah, I hate it too.
They control it, not us. It's anti-libre software. It fails to include a libre software license text file, like AGPL. So, what do you think?
Don't use it. Let them give you a seperate device.
Tell them you're GNUist, armish, mennonite. Tell them you don't believe in using electricity, whatever. File formal complaints.
But you may get more privacy elsewhere, like getting your friends on Signal/SimpleX.