[josteink]

> This raises a point that I don’t think many developers consider. By registering and using a custom domain as their main email address, they implicitly give that domain and their TLD complete control over most of their online accounts.

That’s a feature, not a bug. This is what allows you to take full ownership of your online identity.

If you use @gmail.com or another address where you rent the address-space, someone else can at a random whim completely erase or compromise all your things and accounts everywhere.

Is the author here really pitching that as a good thing(tm)?

[remram]

But you rent the domain as well. With the additional caveat that the domain will be available for renting by anybody else once you stop paying, whereas Gmail won't.

[josteink]

> With the additional caveat that the domain will be available for renting by anybody else once you stop paying

Not with the “additional” caveat. That’s the only caveat, and it’s a simple, understandable and known risk.

Using gmail.com or whatever puts you in a situation where the risks are numerous and unknown, and as a non-paying freeloader you get nothing to say in how access to your digital identity is managed.

If you care about your digital identity, there’s literally only one obvious answer.

[remram]

People have had their GoDaddy/NameCheap/... account social-engineered away from them too. That might be easier to fix than your Gmail (because you're a paying customer), but if your npm is already gone, having NameCheap apologize doesn't help much.

[jefftk]

Whether it is good or bad on balance is a complicated question; I think the author is pointing out that it would have addressed this particular issue.