Does Lightcone contract with any external security experts or penetration testers?Are the any plans to implement two factor authentication for LW/AF?
Does Lightcone contract with any external security experts or penetration testers?
Are the any plans to implement two factor authentication for LW/AF?
No to both. I believe our software architecture is pretty good from a security perspective, but it’s never had an outside audit and I expect a thorough search by an expert would turn up something. Private messages sent through LW/AF are probably more secure than an average phpBB, but I wouldn’t recommend using them for serious secrets; the PM system is there to make pseudonymous authors contactable, not to be a serious competitor to email.
Are there any planned responses if automated trolling/astroturfing attacks become much more common/advanced, as seems plausible with the rise of strong language models?
Every user goes into a moderation queue when they make their first post or comment, or votes more than a certain number of times. The current configuration is that when a user is in the moderation queue, their posts are hidden and their comments are visible, but we can also hide comments from unreviewed users on short notice if we need to.
We generally don’t approve users if their writing isn’t better than GPT-3, even if they turn out to be human. If we got so much language-model spam such that we could no longer reasonably process the moderation queue, this would effectively mean that only established accounts could post/comment, until we came up with some other solution for sorting through the submissions. We also use ReCaptcha and Akismet, which filter out the stuff that’s obvious-enough spam that it isn’t worth putting in the moderation queue.
LessWrong has a significant advantage over most of the rest of the web, in that our commenting standards are high enough that there’s no overlap between the comments that spambots are able to generate, and the comments that users we want around generate.
Are there plans for secondary hosting providers, in case Amazon/the US become hostile?
We haven’t arranged with any specific hosting providers, but back when Parler got kicked off AWS, we looked into this and concluded that Parler only had trouble because they had made some remarkably poor technical choices, and we would without much difficulty be able to migrate to any one of hundreds of commodity hosting services, in less time than the amount of notice Parler got.
Is there some way we can download and backup all public conversations hosted on LW/AF?
These are already being collected by GreaterWrong, by archive.org, and by anyone subscribing to the main RSS feeds. If you want your own private mirror of LessWrong/AF, the GreaterWrong software may be what you’re looking for.
Relatedly, how are backups handled for LW/AF?
The database is snapshotted nightly and stored in Amazon’s infrastructure.
Ah, didn’t see this before I wrote my comment. This all seems correct to me, my comment has a bit of additional flavor but basically says the same thing.