Google without Gmail

In the course of having a website, and running my own server, I’ve largely eschewed Google. In fact, aside from my Pixel 5a (love it) and running Android variants, I’d rather not have anything to do with Google, so I try to limit my usage of anything Google as much as possible. I had a Gmail account for years, from roughly 2005-2019, in fact, IIRC. A friend gave me a Gmail invite back in the day and it was useful for quite a while, for personal as well as professional pursuits. But I eventually started paying for a FastMail subscription (maybe ~2015? can’t remember) and it’s been much better overall. Now this is not an ad for FastMail, just giving my personal thoughts on it, and what I’m about to go through with you, you should be able to do on a number of other non-Gmail email providers. To what extent, I don’t know, however, as it depends on the provider.

I deleted my Gmail and eventually my Google account quite awhile ago at this point; I self-host as much as I can and run GrapheneOS on my phone and LineageOS on my tablet. I was using my FastMail address as my Google account’s email address for a long time, though, so you can definitely use a non-Gmail account for your email address, despite them perhaps not liking it much. However, in the past few months I created a new Google account. Why, you ask, would I do this, if I’ve disconnected from Google as much as possible otherwise? The answer is complicated.

You see, browsers such as Chrome, and even Firefox, use Google lists and heuristics from Google Safe Browsing to protect users against malware. This is in itself a noble goal, but IMHO with imperfect means. Why would you entrust the de facto gatekeepers of the internet with the keys to anything? is my question. Unfortunately, I have little to no control over that myself as a website owner; people are going to use whatever browsers they want, which is great. The issue I ran into was that YunoHost, which I use for the foundation of my server apps, due to its SSO (“Single Sign On”) system for users on a server, tends to generate red flags for Google Safe Browsing. I found this out the hard way when my friends told me that Firefox was flagging my site, based on Google Safe Browsing data, as having malware. That is patently untrue; I do not in the slightest care about collecting, much less keeping, any data on anyone visiting my site. I am not even interested in FOSS “analytics” packages such as Matomo, &c.

So you can imagine my chagrin that Google, as a “gatekeeper” of the Internet, analyzing my site and deeming it “malware,” then relaying that info to Mozilla, whose browser used that data to scare people away from using my site. οἴμοι! I initially submitted reports of a false positive to Google Safe Browsing, hoping they would receive it and remove the flag, and that would be it. But this whole situation really left a bad taste in my mouth, being beholden to a Kafkaesque system where I could barely dispute the charges levied upon my site. A friend suggested I sign up for Google Search Console, which would give me greater, more granular control over how Google analyzes my site. I was initially indignant about this, since why should I have to yield to Google and use their tools to exonerate my site when I’ve done nothing wrong? But angst didn’t get me anywhere, and I don’t think the YunoHost issue is easily fixed, mostly because the Google “malware” heuristics seem to take issue with the YunoHost SSO login screen, which it thinks is trying to steal credentials from people (Far be it from me!). And again, no shade on the YunoHost folks, as they’re working very hard and doing their best – I appreciate the software very much.

The problem is that Google Search Console requires, naturally, a Google account to access. Ultimately, “if you can’t beat them, join them,” vel sim, so I created another Google account. But by no means did I want to give Google any more information than was absolutely necessary. Typically a Google account requires using a Gmail account, but we don’t have to do that. Now I am getting to the point of this post in general. You can use whatever email you prefer; if you have one you don’t mind giving to Google, go for it. But I have a better suggestion, if this is an option for you, one that has an “insurance policy,” so to speak, when the Google account outlives its usefulness. I highly recommend creating an email alias and signing up for a Google account with that. FastMail has email aliases as a great feature, allowing you to create email addresses and give them out to various people/sites, depending on the occasion, without compromising your main email account. Basically, email aliases forward mail to your main address, and can be changed or deleted at any time if anything is compromised. I would recommend checking to see if your email provider has this feature, and if so, create an email alias, then we’ll move on.

Once the email alias was created – one with no connection to my FastMail main address – I went to Google to create an account. I put in a dummy name, entered dummy demographic information, and when they asked for an email, I clicked “Use my existing email,” rather than providing a Gmail address. It will ask you to verify your email (fine) with a verification code. I think it may also ask for a phone number as well – but this may be optional? I can’t remember and I am unable to go through the signup process again, so I would say follow the prompts. If they ask you for a phone number, only use it for the initial verification, then immediately delete it from your Google account. Once you’ve created the account, all communications from Google will go to the email alias you’ve set up. If you no longer have a use for the account and want to delete it, you can try to have Google delete it, but I would also completely delete the email alias. Theoretically, once you delete the email alias, there will be no trace of your activity there, and if you want to do it again down the road, go for it with another email alias.

I’m keeping mine around for the time being, as I’ve had to file reports with Google Search Console urging them to review my site and advising that it doesn’t contain any malware. It’s been a huge pain, but at least with this “burner” account, I have some recourse, as frustrating as it can be. If you are in a similar situation with your website, or just need a Google account for whatever reason, I would recommend this path to doing it, if you can. Here are some instructions to create aliases on major providers; it seems like many providers have them as a feature, so I’d recommend checking your email provider’s help pages to check.

I hope this has been helpful!