I can't speak to their Password Management as I use Bitwarden for that

But I am slowly but surely migrating myself away from gmail to (my own email at my own domain routed to) Proton. The webmail is very much comparable to gmail and, if you communicate with like minded people, it has decent support for signing and even encrypting email both to other proton mail users as well as to complete randos with just a password that you can send later. My only real complaint is that (... for some really good reasons) there is no easy to use exchange server and I need to run their mail bridge to use a desktop client like Thunderbird to send and maanage and (one day) back up emails.

VPN? I switched over to this around the same time I decided I wanted to "take control" of my email and it works pretty well. Very easy to get some openvpn credentials that I can plug into whatever setup I want. And no extra fee for port forwarding unlike SOME providers. That said, my main complaint is that the port is semi-randomized which doesn't play the nicest with my totally legit linux iso torrenting setup... But a quick docker ps and docker logs and then updating the config is pretty trivial and I only have to do it maybe once a week?

The big elephant in the room is that, as you rightfully understand, you are still putting a LOT of trust. But that is actually why I like Proton. Because other companies pretend they are going to knife fight the CIA and the US Government on your behalf all while actively not acknowledging anything until we get a post mortem. Proton are VERY open about just how far they are willing to go to protect you (not very) and what YOU can do to mean that Proton can't provide much useful information once the appropriate paperwork and legal actions have been filed.

I wouldn't trust a paid account with anything more sensitive than what really innovative stuff a friend did with a bun in the dumpster behind the Wendy's the other night. But, hypothetically, if I needed to send an anonymous email? Third party VPN/Tor, clean hardware, and a free Protonmail account works great and I do trust Proton to give the absolute bare minimum in that case.

And just for a bit of context. My "grand plan" is to migrate the vast majority of my correspondence and accounts to email addresses tied to one or more of my own domains. Currently I plan to use Protonmail for the mail server because I don't want that smoke. But the point is that I control the email address so I can get my Heat on and walk away in 30 seconds (actually more like a few hours but...).

Which is why the other aspect of that is that I want to back up the emails I actually want to save (rather than just EVERYTHING like those of us with older gmail accounts do) via a local client that I then archive to an encrypted volume on my NAS and (REDACTED) after that.

Not sure if google is particularly different but the way this works for the other services is basically low energy bluetooth scanning coupled with the phones providing their location*. So basically all the devices on that scanning/spy network periodically ping/listen for nearby devices/trackers. When it finds one, it sends a quick message to the servers with that phone's location and the ID of the tracker. Get enough of those pings and you can triangulate the position of the tracker pretty precisely.

Which... is why this fundamentally does not work with "hacker" solutions that allegedly emphasize privacy. Because you just don't have enough devices listening. This was painfully obvious with tile back in the day and is still an issue with Samsung in some countries.

*: Via a combination of gps, cell tower, and wifi network scanning. The less obvious part of that being wifi networks which is the majority of how interior positioning works.

I mean... bluetooth is literally broadcasting your position (sort of/it depends on the implementation). It is not at all a stretch that you should turn that off if you care about privacy. Same with not scanning for what wifi networks are available or even pinging GPS satellites (because that leaves a log). Hell... cell tower logs are a treat for cops/TLAs for a reason.

Aside from that? Good for you. If you actually follow through on that I can respect it. My point is more that this particular solution seems like the worst of all worlds.

Either you are demolishing your battery with regular phone homes to a server you hopefully control or you are relying on a push via SMS and the hope that you lose your phone somewhere you havea reception. And you still only have YOUR phone and YOUR network to track it which has significant drawbacks if you travel.

If people truly change their lives and focus on it, you can do a lot. But it does not take much, at all, to become compromised to one degree or another and people vastly underestimate the amount of redundancy. Or even the impact of a sibling or partner or even friend.

Instead, the common case is people will tweak one small aspect and think that does anything other than inconvenience them. Or, worse, they'll watch a youtube and decide to put EVERYTHING through their vpn which... defeats the purpose because they are still one easily collated set of profiles/cookies that can trivially reveal that "Fred Smith in Afghanistan" is really "Fred Smith in North Carolina"

Which is why my approach is that there is data I very much want to protect and data I know I can't. So I focus on understanding the former while doing what I can with the latter.

And something like this? There are probably specific niche use cases for this. But it is a product/service that fundamentally requires aggregated data. And, depending on the implementation, it is going to fuck with your battery hard.

I guess. But it is really going to depend on where you live and just how frequently it does dial home.

My personal use for these networks is luggage tags. But a friend lost her phone on a hike a few years back and the find my phone stuff was more or less useless due to poor reception and ever dwindling battery.

The real benefit is the low energy bluetooth magic and OTHER devices to do the phoning home. Because maybe I have shit reception but someone hiking a hundred feet away has good reception and updates the ping.

The list of all the horrifically shitty things LMG has done over the past few years will fill up a thread on its own and I strongly encourage you to educate yourself before even thinking of defending them for... anything.

But some highlights:

1. Over the span of a week or two went from "Companies aren't your friend. I am not your friend" to "Written warranties are worthless and can only hurt you so you shouldn't want them. Also, if there were a written warranty and I were to die then my wife (who just so happens to be the CFO and second biggest shareholder in the company...) would suffer from harassment. So written warranties are bad and just trust me bro". This was bad enough that his decades long crony (Luke) even openly criticized him
2. Stole a GPU from a small company, shit on their prototype for weeks on end even after knowingly using it with the wrong card, and then sold the prototype cooler to a random third party. Proceeded to make claims (that the timeline doesn't even work for) that they resolved this before anyone caught them and their main argument is they accidentally removed said company from those emails where they were "solving" it.
3. Have increasingly openly acknowledged they will do big pieces on products they hate if the money is right. I think the most recent shitfests are a pool cleaning robot that barely functions and now sponsorshipps from one of the shittier VPN companies because the money is really really good.
4. Responded to an "internal investigation" of sexual harassment and assault claims (where at least one perpetrator is literally recorded sexually harassing the entire company... during the all hands about sexual harassment... literally the day after his direct report left the company because of being sexually harassed) by talking about how they will sue any future whistle blowers or accusers for defamation.
5. Went full "but the white man is the real victim" after even d-brand acknowledged a fuck up where they "roasted" an Indian guy because they thought his name was funny
6. Basically turn every single accusation into "They are personally attacking Linus Sebastien because they are jealous of his success and genius" level cancel culture nonsense

They are rapidly circling the drain and I for one am waiting for the "Well, these aren't tech so we don't have a conflict of interest and you should buy some joe rogan branded supplements" within the next few months. Likely because more and more actual tech companies don't even want to deal with them for the PR boost.

I mean... plenty of youtubers and channels are doing exactly that. Ian McCollum (Forgotten Weapons) and the "educational" gun youtubers have History of Weapons and War. A bunch of creators did Nebula. Corridor Digital have their channel. That comedy channel that came from college humor have their own site? Same with those two channels that pissed everyone off in the past few weeks? And Linus Media Group have been trying to add "we run a shitty version of youtube" to their grift for years now. And Rooster Teeth and Giant Bomb had their own video site for basically the entirety of their runs.

Let alone stuff like Utreon and the other one. And then there are the various successors to liveleak that are basically about spamming yu with an insane amount of spyware and ads in exchange for letting you upload faces of death.

And while I think it is a fundamentally flawed idea that mostly just does the legwork for those sites to run the software: Peertube is a thing and there are plenty of instances that exist.

So I am REALLY curious what evil organization you think is waiting to kill anything that is not made by Youtube. If you comply with DMCA requests and don't host CSAM then it is just a function of whether you can afford it.

Which... is the real issue. There is just a ridiculous volume of storage and bandwidth required for even a "small" youtube. Which is why almost all of the successful "alternatives" only really host a very small subset of videos.

So... to punish them for "harvesting" your data you are going to... continue to give them your data.

"Time theft" is very questionable and more a topic for society as a whole but...

Okay? Then don't watch youtube. Rather than allow them to engage in "time theft" but calling yourself smart because you don't watch ads.

Also: As has been pointed out repeatedly in this thread, the scale of Youtube (and Twitch) is massive and truly hard to comprehend. The only companies that even have a snowball's chance of running that are Google, Amazon, and MS because they ALSO have giant "cloud" services. And... it is pretty clear none of them really know how to run a site like that (hence why MS just gave up entirely).

Sort of.

The issue isn't userbase size. Plenty of creators have tried to have their own private hosting over the years. The fact that the "successful" ones are Rooster Teeth (dead), Giant Bomb (basically dead), and Linus Media Group (unfortunately not dead, but shifting ever more toward right wing grifting) says a lot.

The issue, as those channels learned, is discoverability. If your entire fanbase go to giantbomb.com to watch videos then you aren't getting surfaced in the youtube/whatever algorithm. So as your userbase leaves (get pissed off, get older, die, etc) you don't have a good way to replace them and you more or less wither and die. You could see this on the forums (and the threads on sites that still have forums) where you almost never saw a new fan show up and it increasingly became all about the more vocal members of "the community" as even the fans started to nope out of chat (because nobody gives a shit about the guy whose gimmick is that he kept saying he was a duck...) and forums (because we don't care about the guy who can't stop talking about how "kino" Snyder films are).

And that is why stuff like Nebula, Gun Jesus's latest side hustle, Corridor Digital's site, etc are very much dependent on relying on Youtube for the "advertising". It says a lot that most of us only even check Nebula when we see a new Legal Eagle or Nile Red video on youtube and want to watch the ad-free version.