One thought that occurs to me is that, insofar as you’re going to be a target anyways, you should put yourself in the same class as the largest possible number of people, where you’re more likely to have recourse once that class is compromised. E.g. make sure you’re getting all the latest security updates on all your devices even if these are still vulnerable to zero days or supply chain attacks, so you don’t end up as one of the poor fools that got hacked for using some particular outdated thing.
You can maybe try to avoid having any important information with orgs/software that you don’t expect to be running the leading edge not-yet-public compsec AIs over their code.
I’m interested in thinking about how equilibria are going to shift. E.g. I think people will care a lot less about blackmail if it becomes ubiquitous.
Putting yourself in “the same class as the largest possible number of people” probably means you’d be putting yourself into a group with a bunch of poor security practices, no? Consider the median technology user (and median worker, median voter, etc).
Re: institutional recourse, major security breaches already occur often these days—see Equifax breach—and payouts/settlements are often small. I think in the case of the Equifax breach specifically, something like 150M people were affected and the payout was just ~$400M, or around $3 per user.
Even at three orders of magnitude, or $3000 payout per person affected, the tradeoff appears suboptimal. Better to apply stringent security practices now imo, like Yubikeys etc.
One thought that occurs to me is that, insofar as you’re going to be a target anyways, you should put yourself in the same class as the largest possible number of people, where you’re more likely to have recourse once that class is compromised. E.g. make sure you’re getting all the latest security updates on all your devices even if these are still vulnerable to zero days or supply chain attacks, so you don’t end up as one of the poor fools that got hacked for using some particular outdated thing.
You can maybe try to avoid having any important information with orgs/software that you don’t expect to be running the leading edge not-yet-public compsec AIs over their code.
I’m interested in thinking about how equilibria are going to shift. E.g. I think people will care a lot less about blackmail if it becomes ubiquitous.
Putting yourself in “the same class as the largest possible number of people” probably means you’d be putting yourself into a group with a bunch of poor security practices, no? Consider the median technology user (and median worker, median voter, etc).
Re: institutional recourse, major security breaches already occur often these days—see Equifax breach—and payouts/settlements are often small. I think in the case of the Equifax breach specifically, something like 150M people were affected and the payout was just ~$400M, or around $3 per user.
Even at three orders of magnitude, or $3000 payout per person affected, the tradeoff appears suboptimal. Better to apply stringent security practices now imo, like Yubikeys etc.
Sounds about right. I think it was a pretty dumb thought a day later.