Obfuscating your email addresses is pointless

I’m with Cory Doctorow here: Keeping an email address secret won’t hide it from spambots.

When I had to change email addresses a couple of years back, I considered not posting the new address on my site, to keep the spambots from harvesting it. (My previous email address had been published before there even was spam, so keeping it secret from spammers had never been an option.)

In the end, though, I decided—just as Cory has—that there’s no point. The benefits are very small (the spammers will get your email address anyway), and the costs are significant (all your correspondants have to go through extra work to track down and de-obfuscate your email address).

In the end I did make one concession to the spambots. My email address is no longer in the footer of every page, the way it used to be. Now it just appears in my “contact” page (linked to from the sidebar). That hides it from the very most lazy spambots (which seems to be a large fraction of them). But my email address is right there as a clickable mailto link. Not obfuscated. Not presented as an image. Not hidden behind a contact form.

If you’ve got something you want to say to me, send me some email!

The Google-free option

Zen Habits has a fresh post up on becoming Google-free. It’s a pretty good look at the key resources that Google provides—Gmail, Google Docs, Google Reader, Google Calendar, Picasa, etc.—and for each one provides Leo’s choice for a replacement, along with mentioning a few other alternatives.

On the one hand, this is just the sort of thing I’m a bit too prone to worry about. For me, security, privacy, and reliability are right up there with functionality. On the other hand, it had scarcely crossed my mind that I’m so reliant on Google that becoming Google-free was an important issue. So, seeing Leo’s article prompted me to give it some thought.

To me, the more fundamental issue is choosing to keep your data on your own hardware or to keep it in the cloud.

It used to be that the cloud was a loser on all four issues (security, privacy, reliability, functionality). In just the past few years, the cloud has made great strides in the latter two. I haven’t seen a careful analysis, but my sense now is that the cloud is about as reliable as your own hardware, albeit with different failure modes (less chance of a bad disk drive losing a bunch of data, more chance of the provider deprecating the tool or simply going bust). Functionality is a different kind of question—all you care about is whether the tool provides the functionality you need—but my sense again is that tools like Google Docs do fine at providing the most important functionality.

On issues of security and privacy, though, it seems to me that the cloud can never win. Well, maybe in one narrow sense: Servers in the cloud can be professionally managed with security in mind, so there’s a better chance that security patches will be applied promptly and less chance that they’ll be configured in an insecure way out of carelessness or ignorance. Except for that, though, all the cloud can offer is an unenforceable promise of security and privacy—and it rarely offers even that.

Because of that, I’ve always ended up choosing to keep mission-critical work on my own hardware. I use various cloud services, but they’re all in some way either publishing or else secondary.

Where what I’m doing is publishing (such as this blog, my account on Flickrmy account on Twitter, and so on), the privacy issues are moot—I’m explicitly making the stuff public. I still care about security, but my security interests are closely aligned with the provider’s security interests, so I feel reasonably comfortable relying on the provider to get security right.

All my uses of cloud-provided tools are non-critical. I have a Gmail account, but it’s a backup account for use when my main email account is unavailable for some reason. I have a Google Docs account, but I only use it occasionally to view a Word document or make a graph with the spreadsheet facility. I don’t use Google Calendar (I use iCal). The one Google tool that I’d really miss if it disappeared is Google Reader which I use every day, but even losing that wouldn’t be a catastrophe. I could go back to reading blogs on the websites themselves (!) until I picked out a new RSS feed reader. My latest backup of my subscriptions was really old (I just now grabbed a current one), but I’d be able to recreate the important ones easily enough.

The upshot is that going Google-free seems to be a non-issue to me. I could do it in five minutes and scarcely feel the loss. I’m glad to have been prompted to think about it, though.