dngray

I don't. I just run prefsCleaner each release and then updater.

No, they do not read your email, they're very clear about this, that is mostly FUD pushed by privacy providers who lack ethical marketing standards.

We do not scan or read your Gmail messages to show you ads

If you have a work or school account, you will never be shown ads in Gmail.

When you use your personal Google account and open the promotions or social tabs in Gmail, you'll see ads that were selected to be the most useful and relevant for you. The process of selecting and showing personalized ads in Gmail is fully automated. These ads are shown to you based on your online activity while you're signed into Google, however we do not process email content to serve ads.

To remember which ads you've dismissed, avoid showing you the same ads, and show you ads you may like better, we save your past ad interactions, like which ads you've clicked or dismissed.

The place where Google makes the money is on the sites you visit with Google Adsense and your search terms being associated with a logged in Google account. Most people want to stay logged into their email (and thus their Google account), so that's where the behavioral/adsense analytics comes in. Much fewer people use email clients these days.

If you've got your own server imapfilter is perfect for this.

It can periodically log into multiple accounts and move/delete do anything with emails.

You'll still need email hosted by someone else, even if you are self hosting, in order to sign up to domain registrar etc.

It's very poor idea to use the same domain for contact from a registrar.

Nordlocker is neither open source nor has it been audited. Tresorit at least has audits.

This 100%. It's also worth looking at https://www.privacyguides.org/en/basics/common-misconceptions/#complicated-is-better

Don't be obsessive about "degoogling" to the point where you pick worser alternatives that don't have the features you require. Always test something out before doing a mass migration of "all your email" for example.

Delete your accounts. Get a relay service (Firefox Relay, SimpleLogin, AnonAddy, etc.). Create new accounts with alias emails.

Also suggest reading this: https://www.privacyguides.org/en/basics/common-misconceptions/#complicated-is-better

For "known identity" do not use cloaking services, you'll end up banned. Amazon does this for example.

Skiff is another option to replace Gmail

Make sure you don't depend on features like email clients. You also can't use encryption like PGP so, that will mean that you'll only have E2EE if you're sending to other Skiff users. (There is no external E2EE with Skiff).

GrapheneOS, CalyxOS, /e/OS, etc

I'm not sure that /e/ is as degoogled as you might think:

• https://web.archive.org/web/20210429032124/https://infosec-handbook.eu/blog/e-foundation-first-look/
• https://web.archive.org/web/20210501132539/https://infosec-handbook.eu/blog/e-foundation-second-look/
• https://web.archive.org/web/20210515115246/https://infosec-handbook.eu/blog/e-foundation-final-look/

We do think their phones are very pricey for what they are and not nearly as secure as something like GrapheneOS, ie lack of verified boot etc. Their cloud service is also not E2EE as far as I can tell, which you'd really expect from a "privacy service".

Better to focus on using good products than be obsessive about Google.

Keep in mind Google Workspace has a significantly different privacy policy to Gmail and other consumer services. Data is not used for advertising purposes and is owned by you. They also warn you if you leave to a consumer service like YouTube.

Best bet would be to simply have a separate browser you're not logged into your account with. Don't do personal browsing with a company owned/educationally owned institution device.

• https://workspace.google.com/terms/education_privacy.html
• https://edu.google.com/why-google/privacy-security/

I know with standard setttings my isp see everything, but if i will use some encrypted dns what they will see exactly

Basically the same thing.

Encrypted DNS is not for privacy, it is for stopping someone from altering your queries basically, because normal DNS is not encrypted. Domains are exposed through other various methods we explain. Please see our website where we've gone to the effort to explain this https://www.privacyguides.org/en/advanced/dns-overview/ we have a flow chart that characterizes the above methods of obtaining the domains you're requesting.

Vanadium is built specifically for security. It lacks privacy features such as an ad blocker

Currently I use the AdGuard DoH server. It's not perfect, but I don't do a lot of browsing on my phone. There were some plans to implement this in vanadium https://github.com/GrapheneOS/Vanadium/issues/10