To build on what was said below, your whole online existence is essentially three things combined:

RE: https://infosec.exchange/@SecurityWriter/115969540425890734

To build on what was said below, your whole online existence is essentially three things combined:

1 - Your email account or mail server where you can get password resets.
2 - DNS that protects the mail server from being impersonated.
3 - Your domain WWW server that can publish records that your domain registrar or certificate authority trusts when issuing certificates.

If you lose control of your email account or mail server, people can password reset their way into all of your account unless you have some strong second factor as a security key. If you have a secondary email recovery account that would be vulnerable. It could possibly be used to bypass your second factor.

If you lose control of your DNS server or your registrar account, then people can impersonate your services such as your web server or mail server for account recovery. A DNS attack could completely remove your existing servers and point traffic to malicious ones as well.

Finally if you lose control of you web server then it could be used to publish .well-known files used for identity verification with certificate authorities, spread malicious files, your imagination is the limit.

As you can see DNS and email are critical. Today everybody outsources their DNS and email. Choose how you manage these as if your identity, finances, and company depend on them.

Basically no one controls their own identities. By running your own email or DNS servers the third-party doctrine would not apply to you, and you would get notice that something was going on with law enforcement.

@thedarktangent I got a pretty good offer for my main domain recently and thought it would be nice if I could accept it but feared that someone was after my linked accounts as my entire life is connected to it. I told my wife she needs to make sure she renews the domain if I die. This is not robust at all. What is one to do and who should one have the domain with?

@thedarktangent it is becoming increasingly clear how critical this observation is. Considering Zooko's triangle ( https://en.wikipedia.org/wiki/Zooko%27s_triangle ), I am getting more and more convinced that anything that does not rely on a cryptographic identity is a waste of time in the long run. Yes, even Mastodon.

DNS -> Namecoin
Mastodon -> Nostr
Signal -> Jami/Briar/SimpleX/Etc

Yes, I know that many of these alternatives carry a questionable philosophical/cultural background. But, from the technological point of view, they are probably the way to go.

@thedarktangent 10 years ago "my" bank's internet banking was set up so that for a password reset you needed an ID document and had to go to the bank branch in person. I liked that.

Then ofcoz they decided that this is inconvenient. Now resetting the password is all of a few clicks and a mail away. Because what could possibly go wrong.

@thedarktangent tom scott once did a really cool talk basically on this exact topic called "single point of failure" (https://www.youtube.com/watch?v=y4GB_NDU43Q) which agrees with you (and the post you quoted) but on a more accessible-to-the-masses level

@thedarktangent This, among some other factors, is the reason my I've self-hosted for a long time now.

https://infosec.exchange/@harrysintonen/115916299816297773