By data I mean anything / everything: telemetry, contents in emails and files, and other user data. My school uses Google Workspace and I don’t like the idea of having to depend on it but I can’t change that. Give me tips and advice.
Unless you are in control of the encryption keys (E2EE), assume that everything stored there can be read and accessing by Google.
If you’ve never worked before, this can be considered practice runs for the when you do.
Like one of the other commentors said, assume everything is accessible by Google and/or your university (and later, your boss, company, organization, …).
And not just you, but the people who interact with you through it. So that means you may be able to put up defenses, but if they don’t (and they most likely do not), the data that you interact with them would likely be accessible as well.
So here are some potential suggestions to minimize private-data access by Google/university while still being able to work with others (adjust things depending on your threat model of course):
- use Google Workspace services only for collaboration and for official business communication
- don’t link things that may be personal, such as Google Map, Youtube, Search history, Browser, …
- if more sensitive things need to be shared with other people, use more private/encrypted solutions that you like or the university suggests. You should use the latter if it’s still “business”-related, e.g. communicate about medical research data with PII
- if there are communications that need sensitive information (eg HR documents, tax documents), ask them (a) if you can bring the sensitive documents to them, (b) or if the university has an encrypted solution, or © if you can use your own encrypted solution (eg put files on protondrive and you give them the appropriate folder password in person)
- go through all Google privacy and security settings every 6 months or so, and turn off what you don’t need (there are usually a bunch of guides for that). Note: every 6 months because there may be new stuff that they add
- turn off all the AI integrated features (sometimes called smart features) in Google services like Mail, GDoc, …
- avoid using GDrive for storage of personal files - if you need to, try to encrypt them before uploading
- you may find there are other people like you; and if you work with them, try to ask whether they are comfortable with alternatives or if they have anything suggestions. However, this is usually rare in most fields, so keep your expectations low for this
- use the multi-account containers in Firefox to containerize all stuff related to university account in one container. Don’t use Google Chrome; if you must you Chromium, there are other “forks?” that you can try
- use UBlock Origin and block unnecessary Google services (you’ll have to play around with this a lot)
- avoid clicking on links in emails if possible, but instead copy them by selecting them (or the right click, copy). This is an unfounded suspicion, Google may track what links you click on
If you’re the only one that needs access to the data, you can PGP encrypt it yourself. If you need shared access, there’s no way to protect the contents. Telemetry mitigation is standard.
Yeah. the can read it unless you encrypt it and own the keys
No way to protect emails, google chats, or many other things AFAIK. Yeah, I hate it too.
