Security and convenience are often placed at opposite ends of a spectrum. You can have security, or you can have convenience, but you can't have both. It is inherently more convenient to have bad security, and less convenient to have good security. Security places limitations on access or control, so well-secured things contain limitations that insecure things don't. This in turn makes them less convenient to access or control.
For example, it is more convenient not to lock your house. Then you wouldn't have to worry about losing your keys, locking yourself outside the house, or needing to be inside to let a visitor in. But, of course, a house without a lock is less secure than a tightly-locked house. The classic security-vs-convenience tradeoff is at play.
The problem with this model is that it doesn't work laterally. Within a given level of security, some solutions are more convenient than others. Alternatively, within a given level of convenience, some solutions are more secure than others. For example, suppose you can choose between a house lock that uses a traditional key and one that uses your fingerprint instead. Also suppose these two locks are equally effective at keeping unauthorized guests out. (This may or may not be true in practice, depending on who you ask.) In this example, the fingerprint lock will be more convenient despite being equally secure. In other words, we just got a little extra convenience for free, without sacrificing security along the way.
I have noticed an increase in the number of secure-yet-convenient tools and services over time. People are (hopefully!) becoming more security-conscious, or developers are (hopefully!) being more careful about user data. Either way, it is easier than ever to retain the convenience of the cloud without worrying about your traffic being sold or inspected.
All of these tools are in the broad category "data synchronized over the Internet." But much like choosing the type of lock to put on your house, this category encompasses both the secure items listed below as well as their less-secure counterparts. In the end, you're receiving extra security without losing convenience1.
- Standard Notes: end-to-end and locally encrypted notes application that Just Works. More secure version of Evernote.
- Syncthing: peer-to-peer file synchronization, more secure version of Dropbox.
- Signal: easy-to-use secure messenger, more secure version of texting/Facebook chat/etc.
- Pinboard: paid bookmarking service that promises not to sell your data, less user-hostile version of Pocket.
- Mastodon: federated social network, no encryption but open source, it won't sell your data, and allows you to export and delete your user data. Less user-hostile version of Twitter.
- Firefox Sync: encrypted browser synchronization across devices.
It seems you no longer have to sell yourself in order to reap the benefits of cloud-based, easy-to-use tools. This is more true now than ever. As server costs decrease and design, development, and deployment become easier, I hope to see even more small, simple services that don't feel the need to sell my data.
The internet is changing in a lot of ways, but this is one change I can get behind.
- This isn't entirely true in all cases. But the most convenience you'll lose is that these platforms are less popular than their big, user-hostile counterparts. It may mean convincing your friends to move over, which is less convenient than not having to do that. ↩