DeGoogling is tedious, sometimes absurd, but strangely liberating. Here’s how I spent weeks unbinding myself from the biggest surveillance empire on earth.
Much of my free time in the past couple of months was spent in a purgatory of repetitive tasks brought on as a consequence of retiring a long-time Gmail address in favor of a new email address with a privacy-positive email provider (ESP).
I updated my email with around 300 different organizations and accounts connected to the old email address. I deleted around 100 accounts that I no longer used or needed instead of porting them to my new email. This required submitting data deletion request forms, sending emails, and in some cases even providing proof of identity to around 100 different organizations. I spent tens of hours on this.
It wasn't fun, stimulating, or particularly difficult. It was time consuming, tedious, and motivated: this was all part of a push toward self-conscious degoogling with a focus on privacy and security.
DeGoogle, Why?
"Give me convenience, or give me death!"
For most of my life, I might have been characterized as a "passive privacy" appreciator. If you had asked me if I thought privacy was important, I would have said yes. But I didn't care enough to really stop and read the terms of service of the products I used.
Opinions were easy enough. I can remember being vaguely aware of Coach Zuckerberg pronouncing that this generation cared less about privacy than previous ones, and thinking, "That guy needs a swirlie." I even quit Facebook circa 2016, but I was still on Instagram, tons of other services with equally questionable practices. Like everyone else, I was enjoying the luster of these new experiences and social modalities.
There was no sudden epiphany that led me to consider degoogling, but I don't think it's coincidental that it happened soon (~6 months) after my first revelatory experiences with ChatGPT. It was clear enough that this kind of technology could be used to derive previously unimaginable insights from unified data sources.
Initially, I didn't even understand that I was "degoogling". Mainly I just thought it might be good to look into a more privacy-friendly email provider and to start actually reading terms of service and privacy policies as they crossed my path.
I read dozens of privacy policies and terms of service agreements. Time and time again, it seemed like what was being discussed here was possibly really important! Obligations, and responsibilities, and the law, and even criminality might be at stake.
And yet, I had never given pause to let any of this sink in when I had agreed to the many terms of service I agreed to in my adult life.
Why was that?
Spend any time with these kinds of documents, and you'll quickly realize that they are if nothing else extremely boring. Which is perhaps exactly the point.
That boredom sits beside something enticing: the desired product or service just a click away. When users hit 'I agree,' they create a legal fiction of consent, but what’s really happening is a ritual bypass of the dull in favor of the gratifying. This ritual is repeated across providers, services, and devices and is the precondition of much of the data generated by users on the modern web.
When I considered the many orgs I interacted with digitally, I soon realized that Google was the most pervasive. Just some of the things they were tracking about me by default, given my usage of their products, included:
| Product | Data Collected |
|---|---|
| Gmail | Email as plain text + metadata, all your contacts, all your tracking pixels |
| Google Analytics | Behavioral data across numerous UIDs but conceivably reducible to single individual, across upwards of 50% of the public web. |
| Google Fiber Hardware | Home device mac addresses and IPs, web request metadata, DNS etc |
| Search | Search queries |
| Maps | Location data, routes, and places you visit |
| Photos | Photos, metadata, and facial recognition data |
| YouTube | Viewing history, comments, and likes |
| Google Assistant | Voice recordings, commands, and interactions |
| Google Ads | Ad interactions, clicks, and conversions |
The first and second items on that list were particularly salient for me, because I could see right away how much behavioral information they gave Google at scale. Gmail is the de-facto standard for email. And roughly half of the public web uses Google Analytics. That means Google is in a position to deanonymize something like half of traffic on the public web.[1]
At some point I rewatched The Lives of Others and while it continued to be as compelling as ever, I couldn't help but find it quaint in comparison to the surveillance archipelago comprising the modern web. Google holds an almost unfathomable amount of data on billions of people — more than any government or corporation in history. Every search you make, every YouTube video you watch, every route you map, email you send through Gmail, or photo you store in Google Photos is logged, indexed, and analyzed. Even your deleted activity may still be retained in hidden backups. Google collects data from Android devices, third-party websites that use Google Analytics, and millions of apps that rely on its advertising services. This data includes your location history down to the minute, your voice recordings from Google Assistant, and predictions about your interests, income, health, and political leanings. In effect, Google likely knows more about your private life than your closest friends—or even yourself.
If nothing else, what all the many terms of service and privacy policies were telling me was that I was producing something of great value — a digital footprint that could be used to generate insights about me, my friends, and my family, and beyond that used to train next order AI models.
I started to wonder, what if I could stop giving away that value for free? Could I stop someone else who does not have my best interests at heart from profiting off the value I created with my behavioral data? I began to view degoogling as an incremental step toward tackling these questions.
DeGoogle, How?
There are shallower and deeper ways to degoogle. I went relatively deep, but not total. For instance, I retain my decades-old Gmail account, but I no longer use it as my primary email address. I also still sometimes use Google Search because it's really damn good and I haven't had time to give Kagi a fair shake. Of course, one can't control which products one is required to use in employment contexts. But beyond that, I have made it a priority to cut out Google as much as possible.
Before providing the steps I took, one important prerequisite: password management. Years before I started degoogling, I began using password managers. For the past few years, I've relied on 1Password.For the purposes of this post, I will assume that you are using one, and that you have a good understanding of how to use it. If you don't, I recommend starting there before you begin degoogling.
Here are the steps I took to degoogle my life, along with some tips based on my experience:
-
Choose a new email provider Try not to jump from one frying pan to another. No platform is perfect, but look into privacy-positive options like ProtonMail, Tutanota, or Fastmail (I went with ProtonMail). Don't be afraid to pay for a service, and recognize that if a service is free, you are the product. Also, be aware that when you adopt a new email provider, you'll be starting in a fresh, pristine, unspammed inbox state. It's a good experience and drastically improves the signal-to-noise ratio. Try to stay on top of your inbox management, and look for a provider that provides good email aliasing so you can use throwaway email addresses for signups that you don't want tied to your primary email address.
-
Generate a list of accounts to port to your new email address Much of the grunt work involves updating what might be dozens or even hundreds of accounts connected to your deprecated gmail address. For each such account, you need to log in, update your email address, (usually) click a link in a verification email. I ended up using 1password's CLI to export my accounts to a spreadsheet, which I then used to track my progress. The CSV I generated had columns for service, login url (which I was storing in 1password in most cases) and a status column indicating "unconverted", "converted", or "closed" (the last for the many accounts I ultimately decided to close). If you go this route, be sure to ask each vendor to delete your data and confirm your request before closing the account. Also be sure to export any data you want to keep before closing.
-
Generate a list of critical contacts to notify of your new email address You may have friends, family, and associates that you want to notify of your new email address. Send an email to each of these contacts letting them know about your new email address and ask them to update their records.
-
Export any data or assets you need from Google This includes things like photos, documents, and any other data you want to keep. Google provides tools for exporting data from their services, such as Google Takeout. Be sure to check the settings for each service to ensure you're getting everything you need.
-
Optimize all Google config for privacy and security This includes things like turning off location tracking, disabling ad personalization, and reviewing your privacy settings. Google provides a Privacy Checkup.
-
Keep your old Google account around For better or worse, my Google account was well over a decade old, and it was woven into myriad transactions. That made me uncomfortable (at least in the medium term) with fully deleting it. I decided to keep it around without forwarding to my new email address. I check it a couple times a week and when I find an odd contact that needs to be updated, I update it. For the most part, most of what I see is noise with very little signal. My advice here is to be conservative about deleting — once it's gone it's gone for good.
-
Delete third-party connections via SSO If you used your Google account to log in to other services, be sure to delete those connections. This will help ensure that your data is not being shared with those services. Be sure to have a backup login method for each service before deleting the connection.
-
Ditch Google Chrome If you are using Chrome, consider switching to a more privacy-centric browser like Brave or Firefox (I went with Brave). These browsers have built-in ad and tracker blocking, and they also provide better privacy controls. Keep in mind that you may have to make tough choices about browser extensions along the way if you're a big extensions user (I am not).
-
Block Google (and other trackers) at the household level This can require some cash outlay, but there are some limited upgrades you can make to your home network to harden it from a privacy and security perspective. I decided to go with a Firewalla router, replacing my Google Fiber provided router. That left me with a Google provided ONT (optical network terminator) at the head of my network, followed by the Firewalla, connected to a Unifi Switch, which connected to wifi access points and IoT devices directly connected to the switch. I found the Firewalla setup to be straightforward, and the UI is excellent. When you begin to see the volume of requests that get blocked at a household level on a day to day basis, it feels like vindication for being more privacy-oriented.
This list is by no means exhaustive, but it's a good starting point consisting of relatively low- and medium-hanging fruit.
I plan to write more detailed posts on each of these steps in the future, so subscribe to get updates as I post them.
Final Thoughts
If you're interested in degoogling, know a few things up front:
- It's a lot of work if you get serious about it. I spent dozens of hours on this, and I still have a few things left to do.
- There also may be financial costs associated. For instance, I pay for ProtonMail (~10USD/month) and upgraded my home network.
- Once you're over the hump, it feels really good, and it's nice to feel slightly more in control of this very valuable resource that some very powerful companies care a lot about: your data.
- Once you start scratching the surface, you realize the ubiquity of surveillance, but also the embarrassingly undertapped technological possibilities we have at our disposal to achieve better privacy and security footing.
My journey is ongoing, but the strange purgatory has given way to a quiet, ongoing joy — not of total digital purity, but of knowing I’ve taken back a little control over who watches me, with plans to claw back more in the future.
-
I sourced the following claim "Google Analytics is used by 55.49% of all websites globally. This translates to approximately 37.9 million websites using Google Analytics to track and analyze their website performance. Of these, about 14.2 million websites actively use the platform. Google Analytics is particularly popular among high-traffic websites, with 61.3% of the top 10,000 websites and 47.1% of the top 100,000 websites utilizing the platform." from here. It linked to a payment-gated data source I could not access, so I can't verify these numbers, but they seem prima-facie plausible. ↩