My main problem in getting away from Google is: who will protect my email/phone accounts as well as Google does with GMail and Google Voice? Sadly, those are the main means of authentication for my multiple financial accounts (for most banks phone and emails are the only 2FA methods available).
I am not worried about the privacy issues, I'm mostly worried about Google deciding to terminate my account for some reason, like in this case. I'm also not worried about getting locked out due to losing my 2FA secrets, since I backup them in multiple places.
The obvious solution would be: buy my own domain and then connect it to another email provider or G Suite, right?
However, now I have a point of failure that is my domain registrar and my DNS provider, and I'm sure that even the ones that offer strong security (e.g. Gandi with U2F) are more prone to getting successfully hacked than @gmail.com, from both a technical point of view (e.g. attackers violating their systems and change the DNS records for my domain) and social engineering point of view (e.g. crafted support requests pretending to be me and begging to reset my 2FA).
Realistically speaking a hacker has more incentives to attack GMail than any domainer. I'm not saying that Gandi or whoever is more secure than GMail, just that there are more chances that something goes south with the latter rather than the former.
Following your logic, I would expect my bank to be hacked way more than the few careless customers of the bank itself who leak their credentials via stupid phishing attacks, since the returns are many orders of magnitude higher?
Iām not sure it works that way, incentives are always balanced by the practical effort required to achieve the goal, and the effort of breaking google is massive compared to the effort of violating a DNS registrar.
My main problem in getting away from Google is: who will protect my email/phone accounts as well as Google does with GMail and Google Voice? Sadly, those are the main means of authentication for my multiple financial accounts (for most banks phone and emails are the only 2FA methods available).
I am not worried about the privacy issues, I'm mostly worried about Google deciding to terminate my account for some reason, like in this case. I'm also not worried about getting locked out due to losing my 2FA secrets, since I backup them in multiple places.
The obvious solution would be: buy my own domain and then connect it to another email provider or G Suite, right? However, now I have a point of failure that is my domain registrar and my DNS provider, and I'm sure that even the ones that offer strong security (e.g. Gandi with U2F) are more prone to getting successfully hacked than @gmail.com, from both a technical point of view (e.g. attackers violating their systems and change the DNS records for my domain) and social engineering point of view (e.g. crafted support requests pretending to be me and begging to reset my 2FA).