Episode three: Safety First
20-12-2025
Password Manager
I had always ignored the importance of having a password manager. I knew they existed, but I didn't see the point of using one—the browser's one worked perfectly fine! On Android, I used Google's password manager, and Apple's when I switched to iPhone.
But obviously, in the rabbit hole obsessed with security and privacy, I learned how unwise and insecure it was to save all my precious passwords on Chrome. So I started searching for the best solution for my needs. I wanted something cross-platform, simple yet secure with good end-to-end encryption, and possibly open source: I switched to Protonpass.
I tried both the paid and free versions, and in the end, I went back to the free version. Is it my definitive solution? Probably not, but at least now I have a password manager. In the future, I might consider something self-hosted, who knows...
Anyway, it was a great opportunity to delete many unused accounts and useless passwords. So there was a bonus charge from that "spring cleaning" feeling.
My email was like the same one for 20 years. I thought it was a positive thing to have "a digital identity" for everything, that it was normal... WRONG! I checked how many data breaches my email was in... 15!!! One more reason to abandon it to oblivion.
(If you want to check if you're mail has being exposed in databreaches you can go on haveibeenpwned )
But damn, it was a long process: no spring cleaning vibes here, more like "I have to empty a hoarder's house" vibes (alias me!): I had a ton of GBs of emails sitting there for 15+ years. Rereading them was a dive into the past in chronological order: emails from university classmates, the period when I hung around various animal rights and environmental associations, my various relationships.
Most things lived in the Google account, but many things were still saved on a Hotmail address connected to OneDrive (an email address I had created as an exercise during computer class in my first year of high school!).
Deleting useless things, moving services I cared about from one email to another, was long and tedious. It took me more than a month. The choice of the new provider was definitely well-considered. I had narrowed it down to 3 contenders:
The first choice fell on Proton Mail. With the variety of services it offers, it positions itself as the natural replacement for Google's suite. For a couple of months, I was very satisfied with the service, but when in my journey I came to want a custom domain and then another one... Tuta Mail became much more interesting from a quality/price perspective.
While with Proton Mail Plus for €4.99 per month you get only one custom domain and you can't delete more than one custom address per year, Tuta Mail offers 3 custom domains for €3. So I made the switch.
Obviously, before deleting emails on Google and Outlook, I made a good backup after the cleanup. I won't deny that cleaning up digital life has an excellent effect on mood. A colleague recommended Cock.li to me—simple, with definitely peculiar addresses, and by their words, they seem honest too. But I think that even for emails, the definitive path will be self-hosting.
VPN
I have to be honest, until the beginning of this year I didn't know what VPNs were, let alone think I would need one. But from interesting YouTube videos, I learned that we should all use VPNs in our "Online Privacy: venturing into the net" toolkit.
(The more I go on, the more I feel like an explorer hacking through with a machete in an intricate, lush and equally dangerous impenetrable jungle when I open my browser: it can go very well and you discover a new variety of butterfly that glows in the dark, or you can die devoured by a panther or from the sting of a small spider)—because the web is an increasingly dangerous place.
Starting from scratch, I tried to learn about which VPN could work for me. I learned that right now—when online surveillance is increasing exponentially and data is the new oil—choosing the right VPN is important. Because in the end, it's one more "character" who knows what you do on the internet and can collect data from all your online browsing, even across different devices.
Many companies have extremely vague privacy policies about what and how much data they collect, and for how long they keep it. A jungle within the jungle. I began to automatically distrust those services that promote VPN as the ultimate solution for online privacy. VPN is one piece of the big puzzle of things to put together to have a good level of privacy (a level that obviously varies from person to person).
But I had Proton Mail and Proton Pass, so for a few months I used Proton's Plus services, VPN included. But I realized I was making the same mistake I made in the past with Google: I was putting all my eggs in one basket. I was closing myself in a new golden garden, albeit more privacy-respecting!
In my wandering in search of a different VPN, I came across Mullvad. I liked the philosophy and decided to support their project! At the moment, I've been using them for 3 months and I'm very satisfied! 10 out of 10 recommended (But obviously, like all the other services listed, not sponsored).
Cloud
All my data was scattered across different accounts: OneDrive, Google, iCloud—a real chaos. And the cloud was actually the first step toward a more conscious online presence. I started cleaning up and looking for a new service already in the last months of 2024.
I wanted to find a local alternative, perhaps with some form of default encryption. And just a few kilometers from here, I discovered there's a beautiful cloud service at "human" prices, European and more transparent than the big players to whom I was currently giving free use of my data: koofr.eu.
Located in the lovely Slovenia, Koofr offers different plans, and for two euros you get 100 GB, which was exactly what I needed to transfer data from all the other accounts, organize, and eliminate the superfluous. And so I did. While cleaning up, I found several photos I thought I had deleted but that somehow remained in the cloud in some obscure way... oh mama mia, they really shouldn't have been there...
The transition to Koofr was actually prior to the email migration, but moving everything was definitely a slow process (I have a veeery slow connection at home). So part of the photos and documents lives on Koofr's servers, part in the home server I'm building, and in a myriad of other hard drives.
Final Thoughts
If I could go back with the knowledge I have now, I would definitely take more time to plan the transition of different services, evaluating the pros and cons of each service. There are no right or wrong solutions—it always depends on everyone's threat model, on how much convenience we're willing to lose in favor of security.
Diversifying increases security. If you lose an account or a provider is no longer available in my country, it's not the end of the world. I have my domains and I can move them wherever I want, my precious photos aren't all in one place. This gives me security and more peace of mind.
Moreover, just as I choose what I eat every day and don't support the meat industry with my money, I can choose to support different online services and different projects.
If you've read this far, thank you! Maybe you want to check the previous episodes:
And if you want to share any thoughts with me, write me an email! (PGP is coming soon!)
Note: Proton is an excellent service. The fact that they offer a truly privacy-focused free tier is wonderful. I simply prefer to "help" multiple services grow, but for the average user, I think it's an excellent solution and definitely a step forward compared to Google, Apple, and Microsoft.