After seeing some harrowing stories of people having their google accounts banned, I'm increasingly concerned about how important my Gmail account is in my life.
Essentially everything digital I have is tied to my Gmail account. Many services even use two-factor auth tied to email, so were I to be locked out, I would be locked out of all of these services.
So it got me thinking about what the safest "source of truth" would be if I were to switch away from Google. Privacy is nice but more important is reliability since losing that loses everything.
In the ideal world, self-hosting your email would be a good option, but you risk reliability there.
It seems to me that the best solution is to use a personal domain rather than an @gmail.com account since if you get google-banned for whatever reason you can just point your DNS at another service.
Not completely without risk, it's easy to accidentally uncheck the auto-renew button with your domain provider. But you do have the option to add many years at a time, so it is easy to deal with that.
The problem is picking a company you can be confident in for both:
1. Competent security
2. Good support
Google meets 1. but fails at 2. Every time this topic comes up there are many suggestions meeting 2, but without any arguments or evidence that the suggestions also meet 1.
According to HN security guru tptacek the top three most secure companies are Google, Apple, and Microsoft. (Paraphrasing from memory, any errors are my own.)
Apple and Microsoft both have retail locations unlike Google, which could in principle be used as a last resort for recovery, but I don't know if they actually are. Without good process and training that could open a weakness from social engineering, similar to SIM jacking at cell phone shops.
Does anyone here know if Apple, Microsoft, or any other company meets both 1 & 2?
Does anyone here know if Apple or Microsoft account can be recovered at retail locations with an ID? And if that process is social engineering resistant?
Edit: the thing to consider with self hosting is that there is no such thing really. You have to register your domain somewhere. What is that provider using to authenticate you? Not saying you shouldn't have your own domain, just that it's also a thing that can be lost or attacked. You also have to run your VPS or server somewhere. Do you own a datacenter? Do you have a backup generator and redundant internet at your house? Not saying you must but there's always trade-offs.