UmmahPassportSign in
← UmmahPassport

Migration guide

How to leave the big-tech identity layer.

Switching to UmmahPassport is the easy part — sign up and start using it. The harder part is unwinding the years of “Sign in with Google” and “Login with Facebook” connections that already feed your identity into companies whose parents hold the contracts we documented on the privacy comparison page. This is the step-by-step.

Before you start · pick a neutral email provider

Your UmmahPassport account is only as private as the email behind it.

A privacy-first SSO rooted in a Gmail account is not actually private — every password reset, every recovery flow, every account-notification email still passes through Google’s mail servers. If you’re going to bother delinking the SSO, pair it with an email provider whose business model isn’t advertising. Our recommendation: Proton Mail.

Setup order we recommend

  1. Create your Proton Mail account first (or Tutanota / Posteo).
  2. Sign up for UmmahPassport using the new email. Set a passkey while you’re in.
  3. On each app you currently sign into with Google / Facebook / Microsoft / Apple: switch to UmmahPassport (where supported) or email+passkey on the new address.
  4. Run through the delinking checklists below — provider by provider.
  5. Forward your old Gmail to Proton for 90 days as a safety net, then close the Gmail account fully if you want a clean break.

Delinking · provider by provider

Four short checklists. About 20 minutes per provider.

Each provider exposes a settings page where you can see every app that’s been authorized through their SSO. The links below jump straight to it. The steps below cover both revoking the SSO connection AND requesting the provider purge whatever historical data they shared with each app.

    1. Open Security · Third-party apps with account access. Every app listed is using "Sign in with Google" and receiving claims about you from Google on every login.
    2. For each app you want to delink: click the app → "Remove Access." Google immediately invalidates the SSO token. The app will prompt you for an alternative sign-in next time you visit.
    3. On each delinked app, set a new sign-in method — UmmahPassport, email + password, or passkey. Most apps offer all three.
    4. Confirm by re-opening the Connections page and verifying the app no longer appears. Google may keep an event in your security log; that log itself is also a record Google holds.
    5. If you want a clean break, also visit Google Account · Data & Privacy · Activity controls and turn off Web & App Activity, Location History, and YouTube History.
    1. Open Facebook Settings · Apps and Websites. This shows every app that has used "Login with Facebook" — past, present, and expired.
    2. For each app to delink: click "Remove." Facebook offers two options: "Remove app" (revokes the active session but keeps the connection record) or "Delete app and all activity" (also requests deletion of historical data Facebook shared with the app). Choose the second.
    3. If you also use Instagram, repeat the process under Instagram → Settings → Apps and Websites. Instagram's connection list is separate.
    4. Set new sign-in on the delinked apps — UmmahPassport, email + password, or passkey.
    5. Optional but recommended: Settings · Off-Facebook Activity · Manage Future Activity → "Disconnect future activity." This stops third-party apps from continuing to send your behavior to Meta even when you're not logged in.
    1. Open Microsoft Account · Apps and services that can access your data. Every app listed has used your Microsoft account for sign-in or data access.
    2. Click each app to delink, then "Edit" → "Remove these permissions." The app's sign-in token is invalidated.
    3. On each delinked app, set up a non-Microsoft sign-in method.
    4. If you also use Azure AD (work account), your IT admin controls the delinking process; ask them to remove the app from your Enterprise Apps assignment.
    1. Open Apple ID · Sign-In and Security → Sign in with Apple. Apple lists every app where you've used "Sign in with Apple."
    2. For each app to delink, tap "Stop Using Sign in with Apple." Apple invalidates the relay email (the random @privaterelay.appleid.com address) and the app loses the ability to contact you through it.
    3. Set a new sign-in method on the app. Note: Apple's Hide My Email is genuinely good privacy infrastructure; the migration cost here is mainly that you'll need a new relay-or-real email for the app.

One more layer · tracking pixels

Delinking SSO is not enough. The trackers stay until you block them.

Even after delinking “Sign in with Google” from every app, Google Analytics, the Meta Pixel, TikTok Pixel, and Microsoft Clarity continue to load on the apps’ pages. They observe your behavior and report it back regardless of whether you’re signed in with Google/Facebook/etc. To block them, install uBlock Origin(Firefox or Chrome) and turn on the default filter lists — they ship with the major ad-tech endpoints blocked. For more aggressive blocking, add the EasyPrivacy and Peter Lowe’s Ad & Tracking Server List filter sets.

For mobile devices: iOS users can enable Lockdown Mode for paranoid-grade protection or use the Firefox Focus browser. Android users can install Brave or use NetGuard / RethinkDNS for system-wide blocking. The Pi-hole project gives a router-level option that protects every device on your home network.

Identity migration is a few hours of work. The payoff is permanent.