Sorry, but a lot of your concerns you outline, I just don’t agree with.

There needs to be ONE site, Lemmy.com, that people goto.

No… Reddit’s singular biggest issue is the fact that everyone is beholden to Reddit’s whim. Leaving any of this to any singular company/persons whims is a big problem. Moderator banned you from a subreddit cause they powertrip? What’s your recourse? You have none.

This entire thing about having .whateveryouwant is VERY off putting.

And yet emails are not a problem. Why specifically is this off putting? You’ve never emailed anyone outside of gmail.com? or outlook.com?

Most internet users have been trained to be extremely wary of odd or unusual things, so having anything besides .com/.net/.org will turn away a huge portion of users.

Statistically this is very wrong. Quite the opposite in fact. Users are terrible at identifying ANYTHING malicious as actually being “Wrong”.

I initially setup an account on Lemmy.world, then realized that I couldn’t migrate it to another server and that when I deleted that account on that server all my comments were deleted.

Just like setting up an email on Gmail doesn’t mean you can just migrate to Outlook… and yes I would hope that deleting your account would delete all your comments. That’s a GOOD thing.

BECAUSE I understand it more now, I’m left feeling VERY uncomfortable about my data security.

What security are you talking about? There’s nothing “secure” here. You’re posting things to a public forum for all intents and purposes. What security are you expecting?

There’s no 2fa at all

Slated for release with v0.18 which will probably drop within the next few weeks or so… But if your only concern for account security is 2fa… then you probably don’t realize that long unique passwords are perfectly fine. I only really see this being an issue if you’re a moderator or admin of an instance though. As both of those things… I actually don’t currently see a problem. 2fa will be a welcomed addition though.

hacking and user-account hacking is just going to run rampant

Just like on every other service on the internet? It seems that most places do fine without this worry.

and I’m left wondering ‘Where is my username and password actually stored?’

On the instance you signed up for your account on. In your case that would appear to be lemmy.ca. That’s the only instance that even really knows who you are. The rest of the instances just believe the origin instance of the data.

The answer, sadly, is wherever the dude who’s running the instance/server is.

Yup. But that’s the case with ANY online service. Where’s your facebook data? How about the massive amounts of data that google collect on you? Where’s every bit of that? The hope and prayer is that it’s safe in some datacenter that has armed guards and all that. The reality is that data leaks happen. Engineers go home with harddrives full of backups that have all your data on it. Hell your doctors office probably has this issue… https://www.classaction.org/pediatric-data-breach-connexin. I don’t see you complaining about that. This service is not super sensitive… and if you believe it is… host your own instance.

With a large corporation, they have the staff and resources to secure and maintain the servers physically and digitally, and keep staff up-to-date on current infosec threats and get out in front of them.

And yet everyday you hear about some other company that got completely shafted… and more user information leaked out there like it belongs in the wild. But I once again have to ask… Aside from password (which is hopefully long and unique)… What content do you have on lemmy that actually matters? You realize that everything you post on a platform like this or Reddit is public… There’s nothing you should ever assume to be “secure” or private on a platform like this, including Reddit. You bring this up so many times… What are you uploading that’s sensitive that you think needs to be secure?

Finding and subbing to communities is painfully difficult. It should be one-click, but somewhere I need to goto an external list, find what I want, and then copy/paste the URL into the search… and then 50% of the time, it doesn’t work. This is an understandable growing pain and can likely be fixed by UI/UX upgrades, but for now it’s a definite turn-off.

Finally a legit concern. Yes, finding communities is actually a bit annoying. There’s work being done to fix it. Remember this is version 0.17.4 that we’re on right now. And the mass influx of people trying the platform out is putting a ton of stress on lots of undersized server instances. Things will happen… But same story with reddit… Reddit just had 3-4 hours of downtime because some subreddits went private. They’re not perfect either… what’s their excuse? It can’t be because it’s new and small…

There simply is no content. I’m not a creator, I want content aggregated for me

What? There’s TONS of content already. You need to join more communities I think. Reddit was never there to generate content either though. It’s an aggregator, not typically a source.