> I think, for practically everyone, it is far more likely that shared infrastructure (like LP or hosted bitwarden) would be centrally compromised.
I believe the opposite to be true. Any use of Shodan or any vulnerability scan of the public internet provides strong evidence that centralized, funded and focused services do security better than 99% of orgs and individuals.
You can’t run infrastructure and app security better than a specialist SaaS company. You don’t have the same time and money.
Yes, the blast radius is smaller for self-hosting, but that’s small comfort when you are still inside the blast radius.
Attackers will spend resources proportional to the expected reward. Alone I am a low value target, but using a standardized solution makes me part of a huge reward pool. As such my strategy is to require manual work by the attacker to compromise me.
Combining a few of the shelf components (dropbox + keepass in my case) should be easy enough to not screw up so badly it isn't worth putting your eggs in a different basket as everyone else.
I believe the opposite to be true. Any use of Shodan or any vulnerability scan of the public internet provides strong evidence that centralized, funded and focused services do security better than 99% of orgs and individuals.
You can’t run infrastructure and app security better than a specialist SaaS company. You don’t have the same time and money.
Yes, the blast radius is smaller for self-hosting, but that’s small comfort when you are still inside the blast radius.