This cheap criticism of the headline doesn’t actually apply to the problems brought up in the article:

> Your PDS operator can post as you, like things as you, follow people as you, and it would be cryptographically indistinguishable from your real activity. The signatures are valid.

Your domain name owner or DNS provider cannot redirect your domain name to a different server and cryptographically impersonate you.

I do. I registered it directly with my ccTLD’s registry, which is a government agency. It’s tied to my national ID number, or to my company’s tax ID.

If my DNS provider messes up, I revoke their DNSSEC keys and point my domain to a different provider.

Domain registration should be national public infrastructure.

Can you move a DNS record AND make it look like I signed off on it?

The author's concern seems to be more focused on impersonation

But without private keys they can't pretend to be the same you. There is a very big difference here.

If its an Onion (Tor) hostname, you absolutely do own it. Sure, its not memorable being a 128 bit hash. And nobody else can impersonate nor take.

And for lower bandwidth tasks, Tor Onions can't be beat. Just make sure to use 2fa on services you offer to keep the trash out. Things like fail2ban don't work the way you intend.

that is why you have did:plc in ATProto but that doesn't resolve the concerns raised in this article.

Yes you do own your domain, as much as you can own your house. Your hosting provider can only take down your hosting, not your domain. Seizing domain names isn't very common. And by the way, with Web3 domains, you have full ownership via your own private key, with no need to pay rent. Is it possible to lose your house that you own? Yes. It's far more rare to lose a domain you own, by it being seized.

DNSSec is used to prevent unauthorized stealing of domains. Furthermore, if someone does steal one domain you own, they don't steal all your accounts across all domains. If they take over your hosting, that's a fixable problem -- you just repoint the domain.

Now, having said that, I designed the Safebox exactly to prevent these scenarios from happening, and create an actually solid foundation for decentralized social networking, AI workloads, etc. If anyone is interested, probably the best link to begin reading about it is: https://safebots.ai/about (If you do, I'd love to hear your thoughts)