Hey, My mother is a non-technical person, she's a sole trader. She has been using Google services for many years and is probably used to them. A few months ago, I was able to convince her to set up an online password manager and calendar (up until now, she had been saving all her passwords in a handy paper calendar).

Should I convince her to withdraw from Google services? If so, how should I do it so as not to put too much pressure on her?

Thanks for all the answers.

  • glowie@infosec.pub
    link
    fedilink
    arrow-up
    3
    arrow-down
    15
    ·
    1 year ago

    Considering PM is basically a honeypot at this point (can't trust they're not monitoring with a gag order preventing warrant canary), I wouldn't recommend them even to my enemies.

    • QuazarOmega@lemy.lol
      link
      fedilink
      arrow-up
      14
      ·
      edit-2
      1 year ago

      Now that's an extreme statement. If your concern are the governments then you shouldn't even be using email in the first place, it wasn't built for private communication and all the attempts that were made to make it more private immediately fall apart when 90% of your contacts are sitting on Gmail.
      Proton is good for what it is, i.e. not Google.
      Who would you suggest otherwise?

      • glowie@infosec.pub
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        1 year ago

        Tutanota. Or any other e2ee email provider that still has a good reputation of not spying on behalf of a gov request.

        • QuazarOmega@lemy.lol
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          That's a fair suggestion, but still, that's not "spying", that's just called "complying with the law", if any service didn't, they'd risk shutting down.
          The problem is at the root, it is that they have or can have the data passing through your address (unless you encrypt everything you can with PGP, but who uses that realistically? I wish it were more popular…). When they have the power to get relevant data on you in any way, you can't ever fully trust them.
          The only sure way to protect yourself from such threats is by using a whole different kind of platform where the provider couldn't ever get the data, not even if it wanted, all private instant messengers are what PGP wishes it could be and way way more and meets exactly that purpose

          • glowie@infosec.pub
            link
            fedilink
            arrow-up
            4
            arrow-down
            1
            ·
            1 year ago

            For sure, email is an insecure means of communication. But, that wasn't the request of the OP. They're not asking for an e2ee messenger recommendation, but thoughts on PM. And I provided an honest suggestion that they simply cannot be trusted, regardless of whether or not they complied because "it's the law".