A catchy title inspired by my own reliance and the recent announcement by Google that their Stadia game studio is being shut down. Ostensibly this is to focus on the underlying technology but looks like the first signs that Stadia is on the way to being killed by google to my eye. While Google is perhaps the most conspicuous example with it’s track record of shutting down services, not being forthcoming about bans, and sheer ubiquity they are far from the singular issue the title would imply. Realistically I should title this “Don’t rely on single services”; You shouldn’t allow any other entity, company or otherwise, to be a single point of failure in anything critical.
This reasoning is the foundation for the existence of this very site, as elimination of my own reliance upon Google as a single point of failure for email, cornerstone of our online identities that it is. Email is a fundamental tool to our online identities and often used as an authoritative authentication of said identity. For nearly all online services access to an email inbox gives everything needed to reset any authentication method and gain access to those services. It also serves as record of the services we use with the history of account creation and management sitting merely a search away. Every social media account, every store, every bank. Because of this the loss of access to this email for whatever reason, has devastating potential. So many services to be rerouted, some of which won’t change without confirmation from an old address, so many contacts that can no longer reach you, so many resume’s out in the world now uselessly unable to bring you to employers attention.
Looking at this for myself, and recognizing my reliance upon Google as a single unresolvable point of failure I tried to apply my experience with other digital backup methodologies by adapting the standard 3, 2, 1 strategy to email: You should have 3 email addresses, on at least 2 different services, 1 of which is on a domain you own. In this way you have a strong multi-layered response to any issue you may have.
The email on the domain you own should be your primary. Since you fully control that domain should anything happen, from a temporary outage, to the service going out, to whoever runs it deciding they don’t want you as a customer you can simply repoint the domain to a new server and be off and running immediately. You may lose archives but you will still be good moving forward. Your backup address on the same service with a more generic address gives you something that can be used if your domain should be compromised in some way, and your final backup on another service provides resilience against service disruptions.
To this end I’ve elected to go with Protonmail as my primary service, hosting my custom domain and same service backup email. Gmail, as my pre-existing address, moves to function as my second service backup. There are arguments for, and I did briefly consider hosting my email on a server of my own. This would provide additional security as while they claim to be unable to read the contents of my emails, having it on my own hardware would guarantee that my service provider could not be such an attack vector. In the end I chose against it as I would only be trading the risk of their service being flawed or broken for the risk of my skills and knowledge being inadequate to properly secure such a system. Not being an expert in email server security it’s far more likely that I would fail than they would.
There is always the consideration that a setup like this is not free. A custom domain typically costs in the range of $10/year (for a standard top level domain), and email hosting can be $50/year or more depending on the features needed. Self hosting is similar until you include your time. That said: If you aren’t paying for the product, you are the product.