I don't have my home email on work devices. I also don't have my email on my gaming PC (I agree this must be rarer). I don't have all of my work emails on my personal devices either. So now when I log in I need to DM myself links over Slack, or forward emails around...
I have to admit I bought it mostly to annoy a few very specific friends, but then I kept using it. I would not recommend trying to host anything serious on such a TLD.
If you check the early comments on the thread I posted the full content for someone else who could not reach .zip domains.
You're right, I forgot to even cover that part because I was focused on how annoying they are to me as a user, not necessarily as a service provider. I also forgot to mention how they train people to click on links, how my inbox now consists of dozens of emails per day telling me to either click to login, or warning me that I logged in.
I have my own domains for email so I haven't had the issue of someone else entering my email but I keep hearing from friends getting that.
Yeah that would not surprise me, in general. I don't think that would be 404's goal, since they provide full-text RSS feeds I could share with a friend easily, but I could see that happening with other services.
As someone in the security industry, I find it amazing how much we've told people (in awareness training) to "not click things on the thing-clicking machine™" while simultaneously having processes like password resets that require doing it.
Even with passkeys or TOTP 2FA, we've decided email is the root, for better or for worse (for people with gmail, it's likely better than SMS would be on a crappy carrier, but it depends on so many factors, including how many hundred apps have Gmail read access via OAuth...)
To be fair to 404, they're trying to limit the amount of data they hold which IS good, but in the end they need to have the email address of subscribers.
What I'd recommend is if you're worried about this (or worried about it in certain instances), disable biometrics to unlock the device itself. Then, passkeys on it don't really matter anymore.
On iPhone, you can quickly do this by holding down the lock button and either volume button until the shutdown screen appears. Once it appears, your phone is now locked and it will only accept the PIN (you don't need to actually shut down).
Thankfully, it doesn't. It asks you to confirm by sliding some on-screen control, and then dials 911 / 112.
If it dialed immediately, I'd be in jail already, going by the amount of times I managed to trigger the "call 911?" screen by accident in the last year or so.
I beg to differ to those who write that such events are expected, just press a few buttons, disable, or something similar.
Imagine you are not in a a relatively "democratic" nation.
(0) You are asleep. You phone is on the nightstand. At 4:00 in the morning, you wake up with a rifle stuck in your face.
(1) You are walking down the street, middle of the day. Your phone is in you jacket inside pocket. Two burly individuals grab each of your hands, tie them and then toss you into a van that just pulled up.
(2) You are walking around, let wind on your face and feel it in your hair. Your cell phone is in your jilbab or burqa, you changed out of. A rock hits your head and you black out.
(3) you walk into the public WC/bathroom in the bar, but you do not take your phone in with you because it is just ... ick. You come back out and the phone is in the hands of a local law enforcement agent.
Each one of these have happened in real life. There are just a myriad of real scenarios where someone is not in reach of their cell phones.
You have already described prerequisites. It is unwise to use biometrics if you are a person of interest in a "not so democratic country". And to get a riffle to your face they should demolish a door which is commonly steel in a "not so democratic country". This is loud and gives plenty of time.
Nothing happens out of the blue. People don't get searched randomly except some rare places where an iPhone is the source of danger itself being a valuable possession.
If someone feels that such events could happen it is mandatory to do OPSEC. If not, bad for this someone. Anyway, a proper torture will reveal the password in a "not so democratic country". Which also happens in the real life.
On my android phone, if I hold the power button I get the option to "lockdown", which immediately locks the phone and disables biometrics for the next unlock, requiring the PIN/password.
I assume that would work for the situations you have in mind.
The event itself is often expected. Nothing happens out of the blue. The exact time of the event is unknown. So, extra precautions like disabling biometrics before leaving home is a normal risk mitigation practice.
On my android phone, if I hold the power button I get the option to "lockdown", which immediately locks the phone and disables biometrics for the next unlock, requiring the PIN/password.
I assume that would work for the situations you have in mind.
