Skip to main content
Shampan
  1. Blog/
  2. Building a Tech Stack That Reflects My Principles/

DeGoogle

·4036 words·19 mins·
P/S/A FOSS Tech Minimalism Self-Hosting
Shampan
Author
Shampan
Table of Contents
My Tech Stack - This article is part of a series.
Part 1: Introduction
Part 2: Lifestyle
Part 3: Threat Modeling
Part 4: Finance
Part 5: Networking
Part 6: This Article
Part 7: Phone
Part 8: Desktop
Part 9: Hardware
Part 10: Health (bonus)

Google removes “Don’t be Evil” form their Code of Conduct
Google quietly removes ‘don’t be evil’ preface from code of conduct

Google requires no introduction. Its parent company, Alphabet Inc is richer than most countries with a market cap in the trillions. They’ve just hit quarterly earnings of $100 billion for the first time. Revenue continues to spike upwards bolstered primarily by their advertising revenue. While this reliance has decreased over time advertising revenue still constituted ~72% of Q3 2025 revenue.

What are typically thought of as Google’s main products (YouTube, Android, Chrome, Gmail, etc.) are primarily instruments of data collection. Their entire business model centers on minimizing user privacy, maximizing accurate advertisement profiles, and selling it to the highest bidder, via real-time bidding auctions.

If it’s free, you’re the product

Despite repeated lawsuits Google has proved it is dedicated to violating your privacy:

Given their vast array of products and how embedded they were in my technological life, reversing Google’s presence (DeGoogling) was a challenge—my goal was to get to the point where I could eventually delete my Google Account.

Messaging
#

Google Messages has become the default messaging app for Android phones. It primarily uses Rich Communication Services (RCS) instead of Short Message Service (SMS). While an improvement, it’s still flawed.

It often silently downgrades messages to SMS, and E2EE works only with other Google Messages users. This leaves messages with non-Google Messages users vulnerable to telephone network compromises like Salt Typhoon.

I use Signal for every day private messaging. If you require anonymous messaging, consider SimpleX.

Password Manager
#

I used to save my passwords to my browser which utilized Google Password Manager. Partly to save time, but mostly to get rid of the incessant Save Password? pop-ups.

After clearing all saved or cached passwords from my browser and Google Password Manager, I considered Bitwarden as a convenient alternative. By default, it stores your vault on their servers with E2EE. They are a great option for anyone looking to either set up a password manager, or move away from Google Password Manager. However, since I wanted to reduce my reliance on the cloud services I decided against them. It is possible to self-host your vault, but I decided against this as well.

Instead I opted for KeepassXC (KeepassDX on mobile). While certainly more of a pain to setup, the advantage is that there is 0 downtime. It’s not a service that you host but rather an encrypted database file that can be accessed offline wherever you are. This file can easily be backed up and synced using Syncthing.

2FA
#

I’d never used time-based one-time password (TOTP) before, but I knew I wasn’t going to use Google Authenticator.

While Ente Auth is a decent cloud-based alternative, I chose to use Aegis on mobile, and Authenticator on desktop. I keep the Aegis JSON file synced with Syncthing.

SMS & Email
#

SMS and email are not secure 2FA options and should generally be avoided. Yet there are still many important services that do not offer TOTP. If I must give a number, I provide a voice over IP (VoIP) number. If you choose email-based 2FA, make sure your email account itself is protected with strong, proper 2FA. As to whether VoIP or email 2FA is more secure, I do not know.

Translate
#

Desktop
#

I use Dialect, which serves as a frontend for Google Translate or other services like Bing, Yandex, and DeepL.

Mobile
#

Simply Translate is the only FOSS translate app I’ve used on mobile that didn’t crash immediately. The user interface/user experience (UI/UX) is rough, but it works well enough.

Keyboard
#

Google Keyboard is a security disaster. It logs everything — passwords, credit card details, private chats — putting you at risk of hacking, identity theft, and surveillance.
Stacy L

We don’t often think of keyboards when considering privacy, but as it turns out, Gboard—and most likely all internet-connected proprietary keyboards for that matter—function as keyloggers.

I use FlorisBoard. It’s still in beta but perfect for typing. The default vibration mode is very distracting, so I switch it to haptic feedback via Keyboard > Sound & Vibration > Vibration Mode > Use haptic feedback interface.

For a more fully featured keyboard with swipe typing and voice-to-text, FUTO Keyboard is a great option.

Search Engine
#

I started by using DuckDuckGo and brave search, but after instituting AI slop in their search results I’ve started using Startpage instead.

SearXNG is decent if you want a metasearch engine or a self-hosted option, but I did not like its way of presenting search results.

Browser
#

Browsers are a bit tricky because there’s no single easy solution. There are three main types of browser engines: Chromium, Gecko, and Webkit:

I’ll only be going over the browsers from the first two types since I don’t have any Apple devices and I don’t use Epiphany.

In general, it’s best to stick with something that has a dedicated security team. I care about anti-fingerprinting, so I prioritized a browser that had it integrated, since do-it-yourself methods of evading browser tracking are ineffective.

Chromium
#

✅ Trivalent
#

Trivalent is a promising fork of Vanadium for desktop. Although it is currently unsupported for general release, it can be installed from their repos. Definitely one to keep an eye out for as it progresses.

❌ Brave
#

When it comes to an out-of-the-box experience that maximizes security, privacy, and ad blocking while maintaining full functionality, Brave is undoubtedly impressive. However, there are a few things to be aware of.

Originally I switched to them from Chrome because, they had great privacy results, including when compared to other browsers.2 However, a series of scandals and bloat they’ve added in recent years has turned me away from them.

I was not a fan of the numerous Web3 integrations that were aggressively pushed in the browser. These features crowded the homepage, and backgrounds would randomly switch to sponsored imagery, usually some form of AI slop.

Additionally, they have injected their own affiliate links, covertly installed and ran a VPN service, suggested adding obstacles to discourage users from disabling sponsored imagery, introduced a broken Tor integration, and removed strict fingerprinting protection as an option.

[It] speaks volumes about the mission Brave is trying to go for: the point has never been putting users in control, the point has always been to lure privacy-conscious users to use a product that was meant to be nothing but a cash cow with the primary goal of extracting every single cent of profit that can be extracted in any way - ethical or not.
Libre News

Gecko
#

Firefox/Gecko-based browsers tend to have a weaker security posture than Chromium-based browsers. Despite being inherently less secure, I’ve preferred Firefox and its forks for day-to-day usage.

✅ Mullvad
#

I’ve been testing out Mullvad Browser as my primary browser for a while now. It’s been nice, but not without its flaws. First off, I appreciate how minimal it is: no AI images, no sponsored posts, no web3 gimmicks. It even comes pre-installed with the following extensions for a cleaner default internet experience:

However, its aggressive anti-fingerprinting settings come with some usability drawbacks: dark mode doesn’t apply, the timezone is always incorrect, letterboxing is always active, and it always runs in private mode, which means multi-account containers don’t work.

If you can tolerate these measures, it’s a great browser; the main ones that bother me are the timezone spoofing and dark mode not applying. Timezone spoofing cannot be resolved. If I need accurate times on my browser I use Firefox. The dark mode can be resolved with Dark Reader, but:

It is not not recommended to install additional extensions for the Mullvad Browser as they can increase the likelihood of fingerprinting, possibly nullifying the whole point of the browser to begin with.

Another minor issue is that the default font (Tinos) is different from other Firefox-based browsers and wasn’t to my liking, so I changed it to DejaVu Serif.

✅ Firefox
#

Firefox has suffered severe reputational damage following their new terms of use and updated privacy notice. Its default homepage is already fairly bloated, requiring manual changes to remove sponsored shortcuts and posts/ads. Additionally, I’m concerned about their current focus on AI features. I hope they avoid the Web3/AI bloat issues Brave has.

That being said, Firefox remains my go-to for a casual everyday browsing, especially when I need accurate timezone detection. I use it with a few settings tweaked. You can also extend the privacy and anti-fingerprinting capabilities with the Arkenfox user.js profile. I primarily use Mullvad Browser for these features, so I haven’t tried this yet, but it seems to have a solid reputation.

❌ Librewolf
#

LibreWolf is a simple, convenient installation that bundles Firefox with Arkenfox and uBlock Origin pre‑installed. While it is no doubt convenient, offers good out-of-the-box privacy results, and is generally enjoyable to use, I do not recommend it. It has been known to lag in adopting security patches from upstream Firefox and has struggled to stay up to date with Arkenfox changes since the departure of one of their developers. There appears to be only one active developer throughout the entirety of 2025.

Extensions
#

Generally, it’s recommended to keep browser extensions to a minimum, as adding more only increases your attack surface. While I try to follow this principle as closely as possible, I’ve found that some extensions are necessary to make the modern internet experience bearable:

Mobile
#

As previously discussed, Gecko-based browsers are less secure than Chromium-based ones; this is disparity is even stronger on mobile. I would only use them as a last resort.

Secure
#

Anti-tracking
#

  1. Cromite
  2. IronFox
Both Cromite and IronFox are small, community-maintained forks with limited resources and potential security/maintenance risks.

Anonymity
#

If you want to maximize anonymity, there really isn’t any other option but the Tor Browser.

Youtube
#

YouTube remains one of the few social media sites that hasn’t become a walled garden. All videos can be viewed without an account.

While alternatives like PeerTube exist, their catalogs are far smaller and cannot match YouTube’s breadth or depth. For finding information in video form, it’s a necessity. However, if I must use it, I’ll make the experience as enjoyable as possible.

Algorithm
#

Credit: Technology Connections

I try to avoid YouTube’s pernicious algorithm whenever possible. For any frontend or filtering techniques discussed later, my main goal is ensuring that I control my feed. I disable as many recommendations as possible, aiming to consume content primarily from my subscriptions rather than the recommendations page. I keep recommendations enabled only for videos I’ve clicked on, but I toggle this off when YouTube starts getting a little too wacky with it.

Blocking Shorts
#

I use the My Filters feature on uBlock Origin to block all shorts. I use a modified version of gijsdev’s shorts blocking filters. I’ve added a few lines that prevent shorts from appearing in search results. I find the recommended homepage fairly distracting so I have that blocked as well.

From time to time YouTube will change up how shorts appear, when they pop up in a new place I use the picker tool to remove them. This automatically adds a new filter to the list.

! Hide all videos containing the phrase "#shorts"
youtube.com##ytd-grid-video-renderer:has(#video-title:has-text(#shorts))
youtube.com##ytd-grid-video-renderer:has(#video-title:has-text(#Shorts))
youtube.com##ytd-grid-video-renderer:has(#video-title:has-text(#short))
youtube.com##ytd-grid-video-renderer:has(#video-title:has-text(#Short))

! Hide all videos with the shorts indicator on the thumbnail
youtube.com##ytd-grid-video-renderer:has([overlay-style="SHORTS"])
youtube.com##ytd-rich-item-renderer:has([overlay-style="SHORTS"])
youtube.com##ytd-video-renderer:has([overlay-style="SHORTS"])
youtube.com##ytd-item-section-renderer.ytd-section-list-renderer[page-subtype="subscriptions"]:has(ytd-video-renderer:has([overlay-style="SHORTS"]))

! Hide shorts button in sidebar
youtube.com##ytd-guide-entry-renderer:has-text(Shorts)
youtube.com##ytd-mini-guide-entry-renderer:has-text(Shorts)

! Hide shorts section on homepage
youtube.com##ytd-rich-section-renderer:has(#rich-shelf-header:has-text(Shorts))
youtube.com##ytd-reel-shelf-renderer:has(.ytd-reel-shelf-renderer:has-text(Shorts))

! Hide shorts tab on channel pages
! Old style
youtube.com##tp-yt-paper-tab:has(.tp-yt-paper-tab:has-text(Shorts))
! New style (2023-10)
youtube.com##yt-tab-shape:has-text(/^Shorts$/)

! Hide shorts in video descriptions
youtube.com##ytd-reel-shelf-renderer.ytd-structured-description-content-renderer:has-text("Shorts remixing this video")

! Remove empty spaces in grid
youtube.com##ytd-rich-grid-row,#contents.ytd-rich-grid-row:style(display: contents !important)

! Hide shorts carosels in video results
www.youtube.com##.ytGridShelfViewModelHostHasBottomButton.ytd-item-section-renderer.ytGridShelfViewModelHost
www.youtube.com##.yt-shelf-header-layout--disable-horizontal-padding.yt-shelf-header-layout
www.youtube.com##grid-shelf-view-model.ytd-item-section-renderer.ytGridShelfViewModelHost:nth-of-type(1)
www.youtube.com##grid-shelf-view-model.ytd-item-section-renderer.ytGridShelfViewModelHost:nth-of-type(3)
www.youtube.com##div.ytGridShelfViewModelGridShelfItem > .shortsLockupViewModelHost

! Block shorts url
||youtube.com/shorts/$document

! Block homepage recommendations
www.youtube.com##ytd-browse[page-subtype="home"] ytd-rich-grid-renderer

Frontend
#

Desktop
#

FreeTube is my frontend of choice for desktop. The UI is a bit ugly, and could definitely benefit from some rounded rectangles.

Distraction Free settings
Source: Yahoo

The app provides an intricate set of toggles for managing distractions. You can also import history, import subscriptions, and includes a built‑in SponsorBlock integration.

Mobile
#

I use Tubular, a NewPipe fork with integrated SponsorBlock. I remove the trending page at Settings > Content > Content of main page, leaving my homepage as just my subscriptions. Tubular lacks a recommendations page entirely, though related videos still appear on individual videos. I keep this enabled but it can be disabled at Settings > Content > Show 'Next' and 'Similar' videos.

Cloud Storage
#

Self-Hosted
#

I use Nextcloud as a fully featured self-hosted replacement for Google Drive. However, it’s very resource intensive, requires substantial storage space, and includes many business-oriented features when I just need basic data storage.

Peergos is another self-hosted alternative that seems more lightweight, but I have yet to try it.

Cloud
#

For those who are not interested in self-hosting, Proton Drive is a good cloud-based solution with E2EE storage.

Photos
#

All images managed by Google Photos are scanned by Google. If they suspect any wrongdoing they can close your Google account and report you to the authorities—even if you did nothing wrong.

I use Immich as a snappy self-hosted alternative to keep my photos off Google’s servers. Its app neatly integrates with the server, and it’s focused solely on image storage. Of course, you could also use one of the cloud storage alternatives mentioned earlier.

Maps
#

Google Maps is perhaps the trickiest service to replace. It’s not only a maps service; it also provides live traffic updates and accurate, up-to-date business information. You can plan an entire trip without ever having to leave the site/app.

No perfect alternative exists, but Organic Maps comes close. You get everything except live traffic monitoring. It even includes business information (courtesy of OpenStreetMap), though not always as up-to-date as Google. I haven’t had major issues and have used it successfully for several cross-country road trips.

Location Sharing
#

I use a self-hosted OwnTracks instance for live-location sharing. Keep in mind that constant location sharing is inherently risky for your privacy. If this conflicts with your threat model, I wouldn’t recommend any form of location sharing at all.

OwnTracks uses your smartphone’s location services to determine where it is. While you decide whether you want to enable or disable this feature (check your phone’s documentation), there is no guarantee that the APIs used by OwnTracks won’t submit your data to the vendor’s servers.

For example, it’s quite possible that Apple or Google keep requests used for reverse geo-coding your location; there is pretty much nothing OwnTracks can do to avoid this.
OwnTracks

Email
#

Email has long been the bedrock of how we interact with the internet (account creation, newsletter subscriptions, notifications, finance, verification, professional contact, etc.). Because of its utility most of us have racked up quite the archive of important communications, receipts and other necessary documents, making replacement a challenging proposition.

Self-Hosting
#

While there are several self-hosted options, they require a constant maintenance of numerous specifications:

A strong self-hosted deployment for email needs deliberate architecture for maximum deliverability. This includes maintaining clean IP addresses, setting up SPF, DKIM, and DMARC without error, managing suppression lists with zero latency, and integrating real-time monitoring. If just one link in the chain is weak, the whole delivery pipeline suffers. The best implementations don’t treat these as optional—they’re core to the design.
Andrios Robert

Projects like Mailcow streamline much of the setup process but don’t solve the core issue of IP reputation. If you’re hosting it on your own hardware with your ISP’s provided IP, your emails are likely destined for the spam folder.

Additionally, if you receive an email from someone who isn’t using Pretty Good Privacy (PGP)—which is the overwhelming majority of senders—an unencrypted copy of your entire exchange is sitting on their email providers’ servers (Gmail, Outlook, Yahoo etc.).

By Default says it best:

The entire video is a great watch—I highly recommend it.

Because of my lack of a public IP from a double NAT configuration, I would have to use a Virtual Private Server (VPS) to self-host an email server. However, if I’m going that route, and the data isn’t guaranteed to stay on my server, I may as well just pay for a managed email service hosted on someone else’s servers anyhow.

Gmail requires a Google Account to use, and if I aim to delete my Google Account, I would have to find an alternative. Seeing as self-hosting came with many drawbacks without meaningfully improving data sovereignity, I opted to buy a cloud-hosted solution.

Proton Mail
#

While Proton Mail touts E2EE for their services, it is important to note that despite those claims, email is a fundamentally insecure protocol, and should not be used for sensitive communications.

We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk.
Proton Mail Privacy Policy

E2EE is only applied to emails between two Proton Mail addresses. If you send or receive emails for any other provider, like Gmail for example, those will be decrypted in plaintext and scanned on Proton’s servers. Proton claims these are temporary and are not stored long term. While there are security audits for the Proton Mail client, I haven’t found any server audits—akin to their VPN ones—confirming that decrypted emails are not stored.

These types of emails can be E2EE by manually using PGP, but it requires that the recipient/sender is already familiar with the system. While you may be able to convince some of your friends to do this, it’s exorbitantly improbable that businesses—which in all likelihood comprise most of your inbox—are going to use PGP.

However, only the message body is subject to E2EE, most metadata will remain unencrypted on Proton’s servers:

Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times.
Proton Mail Privacy Policy

Proton must comply with all legal requests from authorities, and can use this information as in the case where they IP logged a French activist.

It’s important to note that these issues persist for all cloud-based privacy email providers (Tutanota, Fastmail, mailbox etc.). Since I was not willing to undertake the responsibilities associated with self-hosting, I settled on Proton Mail with the understanding that, they could store most of my emails. I would be transferring my trust from Google to Proton.

In a way these services can be understood similarly to virtual cards where they don’t offer anonymity nor guaranteed privacy from the companies providing the service, but offer useful tools to increase privacy in other areas of life online.

Migration
#

The transfer process was actually quite smooth thanks to Easy Switch. With one click all legacy emails from Gmail were imported into Proton Mail, and with a second click all new emails would be forwarded to my Proton Mail address as well.

Calendar
#

I don’t the Calendar much—no major sharing or importing. I just need a few recurring events and a way to track important engagements. Proton Calendar handles these needs quite well.

Custom Domain
#

Custom domain integration required many steps but was made fairly simple with their guided process. After pulling the relevant information from my domain registrar my custom domain was ready to send and receive emails.

Hide-My-Email Aliases
#

Proton Mail acquired SimpleLogin to implement their hide-my-email alias system. Normally these services are separate from your email service. This means that your emails will first go through the alias service, and then forwarded to your email provider—introducing another actor to trust with your email. With this integration you get the helpful alias features without the need to extend your trust to a second organization.

By using an email alias, you can keep your Proton Mail address hidden while still being able to receive, reply and send emails to the sender, without even revealing your actual address. This helps protect your email address from being misused.

For example, Alice wants to make an online purchase, but she doesn’t want to receive all the marketing emails the website will send her long after her purchase. When creating an account to make her purchase, instead of using her real email address, “alice.jones@proton.me”, she can use a Proton Pass email alias like “alice.wzzsn798523@passmail.net”.
Proton

This is by far the greatest feature that a paid Proton Mail account provides. Combined with virtual cards these drastically improve your privacy online.

Filters and Folders
#

Proton Mail offers a very intuitive and powerful filtering system for sorting your inbox. These filters can even be applied retroactively. They offer a more advanced filtering tool, but the simple one was plenty for me.

I create a folder for each possible category of email usage I have (shopping, travel, newsletters etc.) which is assigned a designated email alias. I then set up a filter that takes all incoming mail to each of those aliases and assigns them to the proper folder. An example filter might be: if shoppingalias@proton.me gets an email > then send it to the shopping folder.

I cannot describe how helpful this has been for automated inbox organization.

Proton Ecosystem
#

While I recommend Proton’s email service, and their E2EE Drive is a very compelling option, it’s a smart idea to not put your eggs all in one basket. If you are concerned about Proton or their ecosystem, consider using Tuta for email instead. This way, you can keep things compartmentalized.

Delete Google Account
#

With the rise of digital ID cards there’s a lot of talk about what this could mean for internet privacy and the negative ramifications that such an implementation might have.

While there isn’t a government digital ID in most countries, I’d argue that a Google Account is functionally the private version of it. A centralized ID with your all of your personal sensitive information, location, and a comprehensive model of your personality and habits. I think it should be the eventual end goal for everyone to opt out of this surveillance mechanism.

After double checking that everything I wanted was backed up I was finally able to delete my Google Account.

A Google Android is required to use an Android device. If you have an Android phone, deleting your account will not be possible unless you change your Phone OS.

  1. Settlements outside of court are not an admission of guilt, proof of wrongdoing, or evidence of liability. ↩︎

  2. Privacytests.org was created by Arthur Edelstein, who is currently an employee of Brave. His testing programs remain open-source↩︎

  3. You can reduce your reliance on this as a browser extension by using a frontend with SponsorBlock already integrated. ↩︎

  4. Although it cannot block YouTube ads, this hasn’t bothered me since I use a frontend anyway. ↩︎

My Tech Stack - This article is part of a series.
Part 1: Introduction
Part 2: Lifestyle
Part 3: Threat Modeling
Part 4: Finance
Part 5: Networking
Part 6: This Article
Part 7: Phone
Part 8: Desktop
Part 9: Hardware
Part 10: Health (bonus)