Right, but neither do these problems apply to domains, as much as they apply to ATProto accounts.
You don't even have the frameworks that are available to protect domains. (Domain lock, transfer, etc.) And registrars are regulated by laws and frameworks in ways ATProto hosts aren't. Don't get me wrong, if a registrar transfers your domain due to a social engineering attack on the registrar, then you might lose it (an attacker almost did this to me once via a SIM swap, and I had to call GoDaddy to prevent the transfers). But that's not the same as, say, hacking the web hosting server.
In any case, tptacek, Safebox is supposed to solve these actual problems, by making sure no one can actually get into the box (no ssh, etc) so it's a "neutral ground" that no one can really "own", "redirect", steal keys or impersonate you. If you read https://safebots.ai/about you'll see what I'm talking about. If you do, I'd love to read any feedback you might have, given your background in security!
alt Hacker News
Right, but neither do these problems apply to domains, as much as they apply to ATProto accounts.
You don't even have the frameworks that are available to protect domains. (Domain lock, transfer, etc.) And registrars are regulated by laws and frameworks in ways ATProto hosts aren't. Don't get me wrong, if a registrar transfers your domain due to a social engineering attack on the registrar, then you might lose it (an attacker almost did this to me once via a SIM swap, and I had to call GoDaddy to prevent the transfers). But that's not the same as, say, hacking the web hosting server.
In any case, tptacek, Safebox is supposed to solve these actual problems, by making sure no one can actually get into the box (no ssh, etc) so it's a "neutral ground" that no one can really "own", "redirect", steal keys or impersonate you. If you read https://safebots.ai/about you'll see what I'm talking about. If you do, I'd love to read any feedback you might have, given your background in security!