This surely can't be true for the typical image-based NFTs? I thought the entire point is that the full JPEG is embedded in the blockchain, thus not being dependent on any image hosting service.
On chain storage is expensive per KB so the vast majority of image-based NFTs are stored on awful image hosting services. A very common complaint among NFT buyers is how many of the "NFT-specific" image hosting services have already gone down and/or (of course) respond to things like DMCA takedowns.
Thanks for the explanation, this makes me profoundly sad and is completely absurd. They call it "minting" which I actually thought was a neat way of putting the image itself on chain which can't be deleted and is permanent, so people spending crazy amounts of money can at least have the piece of mind that what they've bought is immutable. This shouldn't be considered an NFT at all.. imagine if bitcoin was just linking to a bank transaction. In fact- a definition of NFTs: "unique digital asset that is not directly replaceable with another digital asset" - swapping the results of the URL would invalidate this. What is the actual point?
It's not as bad as you think. If the frontend and database is open source, the assets will be mirrored, and therefore end up in a giant archive. This is what happened to Hic Et Nunc last month - founder decided to pull the plug, community resumed within a few hours with other sites. The power is in the technology mix: Blockchains and smart contracts secure the transactions, everything else can be secured with existing methods. It's an incentive structure shift that's still being explored - you always want a 100% archival because it protects the represented value on-chain. It pushes the business model away from platform control as well. They will most likely have to differentiate with curation and discovery services.
Currently, a lot of the frontends are not open. They pose the same degree of rugpull risk as any ordinary web site. That is unlikely to remain the status quo since both collectors and artists will ultimately demand a proof of redundancy. But as it stands, it's a bubble, and the rules aren't set.
You can check out the contract for the Big Ape Yacht Club NFTs, for yourself[1]
If you go to Contract and then Read, there's a function you can execute towards the end which gets you the URI for a token. If you grab a token ID[2] and enter it in, you'll get back an IPFS address. Should be more permanent than a random image hosting site, but it's certainly not the same as storing the image on the blockchain.
Most are stored on traditional hosting services, some are stored on other chains (IPFS) and some are stored on the parent chain. Data storage costs vary a lot depending on the chain.