Privacy-Focused Alternatives to Google Services for Tax Pros
Google, which started as a simple search engine in 1997, is now a major player in almost every aspect of our digital lives. A corresponding increase in scrutiny followed. From data privacy issues to antitrust claims, the “Do No Evil” company has been accused of a myriad of bad practices. Furthermore, it has been known to cancel services and products rather abruptly.
Because of these trials and tribulations, there are now several services that aim to take customers away from Google. The main value added to many of these is privacy: limited data collection and retention and enhanced encryption. This should be music to the ears of tax professionals, as it is our duty to protect not only our own data but also that of our clients. We don’t keep our hard copy tax return documentation in a storage location that third parties have access to, so why would we hold our digital retention to less stringent standards?
In light of this, please consider this brief primer on privacy-focused alternatives to Google’s offerings that tax professionals often use. Most of these services will not have a free tier or will have a free tier only for limited personal use. In many cases, they are more expensive, especially for heavy users. One thing to remember is that when you don’t pay for a service, the company makes money off the service somehow. And more often than not, you are a product packaged and sold to an advertiser.
If Google has one banner product, it’s the search engine. The truth is, if you’re using a modern browser, your connection is secure, and you’re not signed into a Google account that tracks your search history, you don’t have much to worry about when performing. the odd find here or there. However, if you’re beefing up security in your home, and you’ve installed new locks on all the doors and a new alarm system, do you leave a window open just because it’s barely accessible?
The obvious alternative to Google Search is DuckDuckGo, which does not track searches or associate an individual with a specific search query. And the search results are pretty darn good. DuckDuckGo has been around since 2008 and sees around 3 billion monthly searches. It makes money by showing ads related to the individual search being performed rather than by assembling a dossier on a user and showing ads related to the user’s perceived interests.
However, caution should be exercised when running searches that contain identifiable information for a client. It’s worth considering what kind of picture an aggregate of all the searches you’ve run containing a particular client’s name might paint—your research may yield more than you realize.
If Google has a product that rivals its ubiquitous search, it’s Gmail. Privacy-minded people may remember that in 2017, Google had a bit of a scandal when it was revealed that the company had scanned the content of emails in order to better target advertisements to customers. For ordinary email users, that’s a violation of privacy. For professionals who may have other people’s personal and financial information in their inboxes, that can be an ethical problem.
Luckily, there’s no shortage of Gmail alternatives, and many have privacy as a top-line feature. Among the most frequently recommended services is Tutanota, a service from Germany that boasts end-to-end encryption. This means, at least in theory, no one can read the contents of your inbox. Similarly, Proton Mail encrypts everything associated with your account and signs your emails with PGP (Pretty Good Privacy) keys so that recipients can be sure that an email from you is really an email from you .
When client data is sent via email, the email itself and any attachments containing personal information must be encrypted and placed behind a password, regardless of the email service you use. You never know who might be listening on the receiving end.
Google Sheets is a popular tool among people who spend their days crunching numbers but has many of the same privacy concerns associated with other Google services. Someone with access to your Gmail account has access to your Sheets and anything stored on the larger Google Drive service. A spreadsheet accessible from any browser can be useful for tracking client data, and there are also templates for doing things like estimating quarterly tax payments—but the convenience comes with a security tradeoff.
Many privacy-focused users are looking at services like CryptPad—not just because it claims end-to-end encryption and is open source, but simply because keeping everyone in the Google ecosystem seems like previously seen about eggs and baskets. CryptPad allows users to remain completely anonymous, which can reduce the risk of exposing client data to a targeted attack.
Finding alternative private cloud providers to the big players (like Google Drive, Microsoft OneDrive, and Dropbox) isn’t as simple as email and spreadsheets. Large players are best positioned to provide storage services for rates that reflect their ability to pay for storage at scale. Because of this, the privacy-oriented answer for using cloud storage is a bit different from the above.
As with everything, cheap storage comes with a tradeoff for tax professionals: file retention issues and corruption. The more cloud storage you have, the less motivated space constraints are to periodically truncate your client data, and that can be a problem when client data is kept longer than necessary.
Overall, use one of the major players, but encrypt your data before uploading it and regularly delete client data you no longer need to keep. Cryptomator offers an open source and free tool that facilitates the process. The result isn’t perfect—given enough time, any encryption method can be cracked—but it’s the best solution that doesn’t just use cloud services.
If the above doesn’t convince you to take the privacy step, at least make sure you’re using a secure password for Google that isn’t used anywhere else, and turn on two-factor authentication. If possible, don’t send your two-factor authentication code via SMS to your cellphone, and use a code-generating application like Google Authenticator or Authy. If you use SMS to receive your codes, call your cellphone provider and ask for the PIN code on your account for all changes.
Finally, when handling sensitive information—especially someone else’s—think about when, where, and why you add a piece of data to the cloud. Best practices for backing up data include local and off-site backups. Your clients won’t thank you when their data isn’t disclosed in a breach, because that would be weird, but you can sleep soundly knowing you won’t have to have an uncomfortable conversation with them next time. which is a great opportunity. the breach makes the news.
This is a regular column from tax and technology attorney Andrew Leahey, principal at Hunter Creek Consulting and a sales suppression expert. Find Leahey’s column on Bloomberg Tax, and follow him on Twitter at @leahey.