What I mean is if you depend on paid services for things like email or your password manager, you have to be able to guarantee that you will always be able to pay for it or else you will be locked out of that critical service to some extent. For example if you were to sign up for Tutanota and have one email for personal use, another for healthcare, and another for banking, and then at some point you are either in a tough financial spot or your payment method gets lost or stolen, you might lose your email for critical services.
Simple login doesn’t have this issue because they promise that even if you stop paying you get to keep the aliases you’ve made. But most services don’t operate like that.
I know the default answer would be “what are the odds you won’t be able to afford $10 a month”. For context I am poor and have always been poor, so it’s very easy for me to understand that even if I become successful there will always be the possibility that I might lose everything, and the whole point of security is preparing for when bad things happen, even if they don’t.
I’m curious if anyone else shares this opinion, because I haven’t heard anyone else in the privacy space talk about it. Probably because most prominent people aren’t dirt poor and don’t factor that into their threat model.
The default answer is a custom domain.
I can use 8 different email addresses with the same domain and in a couple hours move my email hosting from one service to another entirely, or do it all myself. The domain is mine, the addresses whatever I want, as long as I just keep the domain mine.
You still have to pay the registrar
Oh yeah I forgot about that. I wonder if there’s some way of completely self hosting a domain to then be used for email. My first thought would be an onion website or maybe I2p, that then somehow connects to the rest of the internet to be able to be used like a normal email. Not sure if that exists but that would probably be the ultimate free and private setup.
You do not want to look into how to create a custom tld
He estimated that companies will need to spend as much as $1.5 million to operate their own TLD registry.
https://icannwiki.org/Brand_TLD
gTLD evaluation fee is $230k
Couldn’t you avoid ICANN altogether by making a domain on tor? I’m only just now learning how all this works but from what I can tell tor is disconnected from all the ICANN stuff
I’ve really been considering that, but from what I’ve heard you can’t make a domain completely anonymously. I could be wrong because I haven’t researched it enough, but if there is a way to make a domain completely anonymously by all means let me know, because that would pretty much be the solution.
Even if at some point in my life I can’t afford the electricity bill for the server hosting my domain, if I can manage an upfront investment then I could get solar and make an entirely self sustained system. This is drastic of course but it’s nice to theoretically have the option.
What company actually checks?
There are some privacy-forward domain registrars and you can register with a privacy mode enabled that hides your name and info. Also, it’s an honor system, no one comes around to check your ID and phone number, at least in my experience with NameCheap. I registered a domain with a day-old Tuta address. Likely using a credit card with KYC didn’t make them look any farther, but if you get a burner SIM and have an image of an “ID” at the ready, and set a VPN for an EU location, I expect you’d be fine. Just don’t put all your eggs in the basket for a month or so.
Oh definitely. The only subscriptions I have are for content, not services, and even those I am slowly working on replacing. I used to see a lot of people complain about their streaming services and decide to set up Plex instead and like… I guess that’s an improvement but still not all that much better. Which is why I used Jellyfin instead when I set mine up.
We had a client at work who couldn’t access our platform because their trusted DNS vendor was returning the wrong IP addresses.
So to answer your question: Yes
If you can afford $10/month today but you think you might not be able to afford it next month, better save the money.
If you can afford it today and are reasonably sure you’ll be able to afford it next month, but aren’t sure about 2 months from now, then it’s enough to just have some kind of strategy in mind for downloading your data and gracefully cancelling the service, given a month of lead time. Like with email, I can download the email I have archived at my provider by clicking a few buttons. Then I change the MX record of my email domain to go to my self-hosted email or even (shudder) forward to something like gmail. I do expect to keep paying domain renewal ($10/year) for quite a while.
I wouldn’t use a hosted password manager by any means though. Give all my passwords to some company? I’m kind of a fuddy duddy but I guess there must be some pretty good drugs out there that I haven’t heard about. Maybe I’m missing out.
You have to trust society at some point.
How do you know you’ll be able to pay for your power bill, or replace a broken hard drive in your home server
The value to utility is high enough and the cost low enough that paying will always be a priority. There’s a whole lot of other things that would go first if money became an issue.
If you stop paying for Proton you simply drop down to the free plan.
To clarify: you have to pre-emptively cancel before it expires, otherwise it auto renews and they invoice you. If you don’t pay in 30 days, you get locked out.
Best practice is buy like 1 year (or however long you can) in advance, then click cancel, and you will still have the remainder of the year, and there will be a big red text on the top of the page nagging you, but it will not auto renew.
Edit: Phrasing
You said “no” but none of that contradicts what I said.
simply drop down to the free plan
Lol, I thought you meant like “it automatically downgrades” which was what I meant by “no”, because its not automatic.
I’m not completely sure how it is on proton, but on tuta you can only have one free email address at a time. So if you make more then one on a premium account and then stop paying, eventually your other emails will be disabled. I’m not sure if they just get deactivated until you resubscribe or if they get completely deleted, but either way for critical services that’s a big issue.
I thought of this while writing my will. I definitely want my domain names to be paid for after death atleast until things are properly archived.
