Comment by palata
2 days ago
> I don't think people want to change email addresses very often.
You probably know this already, but people should have their own domain. Then they can change provider without changing the address.
2 days ago
> I don't think people want to change email addresses very often.
You probably know this already, but people should have their own domain. Then they can change provider without changing the address.
> You probably know this already, but people should have their own domain.
Until they forget or unable to renew. And then their PII is in the hands of the person who gets the domain.
That happened to me, but fortunately it didn't end up being a huge deal.
I had forgotten to renew my domain from Gandi, it expired, and I stopped getting emails. I also could not find my password for Gandi, and I couldn't get the password reset to work, so I panicked, but fortunately Gandi will let you renew someone else's domain. Not a transfer, just if account A wants to pay to renew account B's domain without any change of ownership, they allowed that, so I made a quick throwaway account, and renewed everything for eight years.
I mean, sure, but I and probably 99% of other folks have a credit card set up to autorenew. This is a security problem, but not a very serious one.
Credit cards have expiry dates, or at least they do over here. I expect my partners domain to expire 10 years after my death, as I can only pay 10 years in advance. To many people, there are more important things to worry about (and often second thoughts after the fact).
8 replies →
Taking over a domain is not particularly connected to access to PII.
You own/control the name, not the set of files on a hosting service somewhere.
If you buy someone's domain name, then they'll probably have emails going to it. So you set up a catchall address and discover what accounts are related to it, then you can use the reset password functionality to get access to the accounts. In some cases, they'll have a backup gmail account - and perhaps you can guess what it is (e.g. emails come through to Paul Davis so you guess, oh, maybe they have the paul.davis google account, and reset password on that).
But if someone else gets the name, they get your email going forward, and therefore access to a lot of your accounts.
If you're going to buy a domain for this, don't get fancy with the TLD. I made the mistake of choosing a .io domain for this purpose and with the future of the TLD uncertain, I have been moving away from it, so I'm not left in a bad spot if things go sideways.
Never go for ccTLDs for anything critical, since you're practically at the whims of the government controlling it (see: .af ccTLD that the Taliban took over)
One exception is the country you actually live in, then a local TLD wins you at least a more reasonable way to go to court.
Never ever? Should I start moving away from my .li domain?
Yeah even sensible looking decisions can backfire. Am in the UK. Had to scrap my .eu domain due to brexit.
wait what? Is .io going away?
I have a .app domain for my email, and have had it since like 2018. Now I'm wondering if that was a mistake.
.io is the ccTLD for Chagos Islands.
UK will give sovereignty of Chagos Islands to Mauritius.
There is a mixed history of what happens to the ccTLD in such cases.
See also https://news.ycombinator.com/item?id=41729526
The British Indian Ocean Territories (.io) might go to control of Mauritius. They will be able to decide what to do with the TLD. It could in principle be restricted to residents, or go away entirely.
3 replies →
People should, but is the existing process simple enough even any laymen can do is the question.
To be fair, most people I know that are competent to do it just don't. So there is probably another reason, like "people can't be arsed to do it".
The average person is not intelligent enough to have their own domain.
Getting a domain is no more difficult than selecting some "easy web hosting and email" bundle on a site and paying for it with bank transfer, credit card or whatever. There's an entire industry around this. I've met plenty of people who are largely clueless about PCs, doctors, lawyers, artists, etc who have their own domain. It's actually extremely common, because conducting business from a Gmail account is a bit unprofessional and sketchy, particularly here in Germany.
> The average person is not intelligent enough to have their own domain.
You think that that skill (maintaining own domain for email) is an indicator of intelligence?
My interpretation was that they didn't mean to talk about "intelligence", just meant that the average person is not "competent enough" to have their own domain. Which in all fairness is not wrong.
My question is always: of those who are competent, why is the vast majority not having their own domain?
It is an indicator of knowledge, not necessarily intelligence.
I said "own your domain", not "self-host your email server".
"own your domain" is technobabble to 99.999+% of email users. Most people understand emails addresses are <something> "@gmail.com" or "@yahoo.com" or "@<somebigcompany>.com". They don't understand the parts of an email address, nor how or why they are constructed that way.
I have been using a personal domain for my email address for decades and when I have to give it out verbally to someone, it is about a 50% chance that the conversation is:
"My email is <name@myname.tld>"
"uuhhh... at gmail.com?"
"No it's just <@myname.tld>"
"Yeah, but is it gmail or yahoo?"
27 replies →
Or they have better things to do vs fighting Route53 MX records errors.
Records, shmekords.
The practical experience of having your own domain for your email is that you delegate your domain to Google / Fastmail / Proton / whatever, and it takes care of everything else. Some webmail providers will also let you buy a domain on their own website as a part of registration flow.
It really is not hard. Harder than not having a domain of your own, but not as hard as you make it sound.
8 replies →
Sounds like a business opportunity.