Brent Simmons, at Inessential:
Reminder: it’s a zillion times easier to hack Twitter and take over accounts of Apple, Bill Gates, Jeff Bezos, Joe Biden, and others than it would be to hack their separate websites. Distributed systems are safer.
I don’t normally quote an entire post, but this is the whole thing. Any editing would ruin the context.
What is “distributed”? Yes, it’s harder to hack my site and Brent’s site, and a zillion other sites. This is true. But every successful posting ecosystem that has a mass of users is not distributed, as far as account access goes.
Twitter was the victim here, but it could have just as easily been Wordpress, Squarespace, Wix, Tumblr, Micro.blog, Gab, TikTok, Instagram/Facebook, Blot, Github, Ghost, Mastadon, or any of a hundred other non-distributed systems that people dump content into for followers.
Yes. Writing your own stuff on your own site can be non-distributed, unless you’re on something like Wordpress, Squarespace, Wix, or any other blogging platform that holds account information. Any of these could have fallen victim to the same inside job.
Bottom line is, you’re only as secure as the guy who holds the admin
password.