Comments18


Sorted by Click to highlight new comments since:

I upvoted the post because I thought these were worthwhile ideas to bring forward, and because I love the use of Elicit predictions. I also appreciate the attention paid to the idea that different groups/orgs will have different security needs.

However, I think some of the arguments in favor of "tech company platforms" are considerably stronger than the author does -- and that platform-switching has higher costs than the author may believe. 

I'll share the examples I have time to give:

I agree that the ease of use of the interface does matter on the margin, but way less than the central motivating factors. I. e. what is motivating people to be involved in the first place and how valuable/engaging the content is.

I think it's very easy to undervalue convenience. (Bryan Caplan gives examples of this, though his overarching point isn't really related to this post.) 

I've heard many people tell me that their Forum participation sharply increased or decreased because we added a convenient new feature or ran into a bug that affected their work in a relatively minor way. Loading times can have dramatic effects on how people use websites. And while I haven't seen statistics on this, I'd guess that communities often shed lots of members when they migrate between platforms; building a new app and interface into your existing routine/habits isn't always trivial.

Good content is almost certainly the most important thing, but that doesn't mean convenience isn't also important, or that we can decide it doesn't matter very much because it's not the central motivating factor in how people participate online.

To convince me that this is a severe problem, I would need to become convinced that the makeup of the EA Community changes drastically in the next years, and at the same time not enough financial resources become available to pay for professional sysadmins or at least smaller IT companies who offer managed hosting of open-source software solutions at reasonable prices.

EA might have a lot of technical people, but that doesn't necessarily translate to having lots of people who are willing to volunteer as sysadmins, will do the job reliably, and will transfer necessary information to a new person if they have to step down. (Google may be more vulnerable to breaches, but it seems much less likely than a small private server to lose data because someone makes a technical error or loses a key password -- though I don't have much confidence in this assertion, since I'm not a very technical person.)

As you said, we don't just have to use volunteers -- many EA orgs are well-funded, enough to pay for this kind of service themselves. But others already have to scrimp and save to run their core programs.

And it's really nice that our current systems can be run by nontechnical people -- it's one less barrier to starting a new group or project, even if you could track down a volunteer sysadmin given time.

As you say in your post, different organizations will have different requirements in this space. Many orgs probably should be taking secure communication more seriously. But maintenance time and funding are going to be real limiting factors for many orgs (especially smaller ones), and I think that's a serious consideration.

To convince me that I am overvaluing this, I would need to see that the increased community growth through using more widespread software services with marginally better user interface/experience largely outweighs the expected long term harm to the movement through adversaries gaining access to our internal information.

This seems like another way of saying that you have a strong prior in favor of valuing extra marginal security more than the convenience we'd lose in order to achieve that. That's perfectly valid -- but I don't think anyone's likely to soon be in a position (capability + willingness to spend time) to get good numbers on the expected difference in community growth in two hypothetical worlds. So you'll have a hard time finding arguments that are capable of meeting a standard that would convince you.

In cases like this, I like to ask myself whether there are more modest/achievable types of evidence that could shift my position. One useful resource for gathering such evidence is the EA Polls Facebook group. You could consider asking questions like:

  • Would you switch to using (secure platform) for (EA purpose) if we decided to stop using (current platform)?
  • How do you think your participation in EA community discussion would change if all the (current platform) EA groups were migrated to (secure platform)?
  • How much would you pay per year to eliminate any chance of the data you've provided to EA orgs being revealed in a data breach?

Questions like these can help you build better estimates of "increased community growth", without forcing you to put an entire model together all at once.

+1 on convenience is also important

I think there is a good chance that many more people would participate in NEAD discussions if NEAD had started with Slack rather than Signal first and then Zulip. Even with Mattermost (arguably more user-friendly & intuitive than Signal and Zulip), there might be differences. Mattermost still uses markdown formatting, and this does not seem intuitive for non-technical people (I found it confusing at first and now I still find it quite inconvenient compared to extra buttons or keyboard shortcuts like "Ctrl + B" for "bold"). 

Maybe we could survey everyone who has a profile on Zulip now (and ideally also those who were invited but declined) and ask them if the platform choice had made a difference for their engagement? (though that would only yield data for Zulip, not for Mattermost)

One useful resource for gathering such evidence is the EA Polls Facebook group.

I strongly doubt that a poll hosted on Facebook will provide unbiased evidence on those questions.

Thanks Aaron for sharing your forum experience, that's useful, and also for your other thoughts!

Quick meta note: Would it make sense to put different arguments in separate comments? That would allow others to upvote your arguments specifically, instead of only upvoting the entire comment while they might only agree with 1-2 out of three points you made. 

It might make sense! I'll try to keep that in mind.

Pros: Easier to discuss and vote for separate points

Cons: Lots of separate replies and replies-to-replies means lots of notification and a variety of different threads to track; there's a risk  that I'm too lazy to split up comments like this

Thank you Aaron for the thoughtful reply.

I find your suggestions on better questions to get more achievable types of evidence very useful. @Manuel_Allgaier and me will ask them or similar ones on the EA Berlin Slack, a German EA Telegram channel and in the FB group you mentioned.

 [...] a strong prior in favor of valuing extra marginal security more than the convenience we'd lose in order to achieve that.

Yes, that is a good way to rephrase my position.

Google may be more vulnerable to breaches, but it seems much less likely than a small private server to lose data because someone makes a technical error or loses a key password.

This is probably a central crux for some. If you came to believe that the risk of data loss through admin error on a self-hosted system were lower than the breach-risk at Google, would that change your view on the convenience-security trade-off?

If you came to believe that the risk of data loss through admin error on a self-hosted system were lower than the breach-risk at Google, would that change your view on the convenience-security trade-off?

I don't think it's about total likelihood of an event, but expected impact of said event. And because I have very weak priors about the likelihood of either event, getting any new information would probably change my view about the trade-off in some way. 

But changing my view on the trade-off looks more like "I now think EA funders should be open to spending $X per year on this rather than $Y" or "I now think groups with risk profile X should now be willing to switch even if their activity drops 10%", rather than coming to believe something more sweeping and conclusive about the entire topic.

I think the use of Facebook vs Google/Slack is somewhat different and there's probably a whole separate case to be made for whether we should be on Facebook or not for non-privacy related reasons. (Since Facebook isn't trying to be secure/private platform), but we still use it anyways.

I started brainstorming and wrote a shortform about it here in case anyone is interested :)

Kudos for offering testable predictions. Unfortunately, the links do not appear to be working. Also, I think the admins can embed the Elicit links so that users can predict without leaving the EA Forum, though I'm not sure. Maybe an admin could clarify.

Thanks, I'll try and embed them here:
 

1%
2%
3%
4%
5%
6%
7%
8%
9%
10%
11%
12%
13%
14%
15%
16%
17%
18%
19%
20%
21%
22%
23%
24%
25%
26%
27%
28%
29%
30%
31%
32%
33%
34%
35%
36%
37%
38%
39%
40%
41%
42%
43%
44%
45%
46%
47%
48%
49%
50%
51%
52%
53%
54%
55%
56%
57%
58%
59%
60%
61%
62%
63%
64%
65%
66%
67%
68%
69%
70%
71%
72%
73%
74%
75%
76%
77%
78%
79%
80%
81%
82%
83%
84%
85%
86%
87%
88%
89%
90%
91%
92%
93%
94%
95%
96%
97%
98%
99%
1%
Can't find Question Title on Elicit
99%

(Here i mean data leaks that happen on a company level, meaning the service provider leaks full message histories. This excludes leaks through missteps by individuals such as accidentally setting wrong channel permissions, or leaked screenshots)

1%
2%
3%
4%
5%
6%
7%
8%
9%
10%
11%
12%
13%
14%
15%
16%
17%
18%
19%
20%
21%
22%
23%
24%
25%
26%
27%
28%
29%
30%
31%
32%
33%
34%
35%
36%
37%
38%
39%
40%
41%
42%
43%
44%
45%
46%
47%
48%
49%
50%
51%
52%
53%
54%
55%
56%
57%
58%
59%
60%
61%
62%
63%
64%
65%
66%
67%
68%
69%
70%
71%
72%
73%
74%
75%
76%
77%
78%
79%
80%
81%
82%
83%
84%
85%
86%
87%
88%
89%
90%
91%
92%
93%
94%
95%
96%
97%
98%
99%
1%
Can't find Question Title on Elicit
99%

 

1%
2%
3%
4%
5%
6%
7%
8%
9%
10%
11%
12%
13%
14%
15%
16%
17%
18%
19%
20%
21%
22%
23%
24%
25%
26%
27%
28%
29%
30%
31%
32%
33%
34%
35%
36%
37%
38%
39%
40%
41%
42%
43%
44%
45%
46%
47%
48%
49%
50%
51%
52%
53%
54%
55%
56%
57%
58%
59%
60%
61%
62%
63%
64%
65%
66%
67%
68%
69%
70%
71%
72%
73%
74%
75%
76%
77%
78%
79%
80%
81%
82%
83%
84%
85%
86%
87%
88%
89%
90%
91%
92%
93%
94%
95%
96%
97%
98%
99%
1%
Can't find Question Title on Elicit
99%

(for example withdrawal of operating license, denial of work visas, etc. in any country)
 

1%
2%
3%
4%
5%
6%
7%
8%
9%
10%
11%
12%
13%
14%
15%
16%
17%
18%
19%
20%
21%
22%
23%
24%
25%
26%
27%
28%
29%
30%
31%
32%
33%
34%
35%
36%
37%
38%
39%
40%
41%
42%
43%
44%
45%
46%
47%
48%
49%
50%
51%
52%
53%
54%
55%
56%
57%
58%
59%
60%
61%
62%
63%
64%
65%
66%
67%
68%
69%
70%
71%
72%
73%
74%
75%
76%
77%
78%
79%
80%
81%
82%
83%
84%
85%
86%
87%
88%
89%
90%
91%
92%
93%
94%
95%
96%
97%
98%
99%
1%
Can't find Question Title on Elicit
99%


Ok, this seems to be a good workaround: For posts with footnotes, use the markdown editor. Then after posting, switch to the regular editor in your profile settings, and post your elicit prediction links in a comment.

edit: updated with clarifications and a fourth question as meerpirat suggested

Cool! I also think it's great you set up those prediction. For me, the data leakage & government repression predictions don't closely track the issues you're arguing for.

data leak: someone who shouldn't have the data, has them. This is generally non-reversible.

I was once accidentally added to an internal Slack workspace and I was confused about it and read a bunch of stuff I wasn't supposed to read. Also, people unilaterally leaking screenshots from Slack seems to happen regularly. According to your definition, shouldn't this be data leakage? That seems very likely to happen in the next 20 years.

Government repression of NGOs seems to be pretty common in some countries, at least it seems so when reading news from Human Rights groups, e.g. in Turkey, China and Russia. If I'd predict here, I'd focus on countries in this class and little on UK, US or central Europe. 

Thank you, you're right I added the predictions at the last minute, and should have spent a few more minutes making sure that they are operationalized well.

I added a clarification about the kind of leaks I meant, as you noted if any individual sharing a screenshot counts, it would not be a useful prediction.

Same for government repression – I added another question for US,UK and EU.

 

At the moment, footnotes are only available in Markdown, and embedded predictions only available in the EA Forum Docs editor (WYSIWYG).

[comment deleted]0
0
0

Do all EA orgs need to use the same tools? 

If not, can those with added security needs (e.g. those active in countries with government repression) just use different tools such as Mattermost, Matrix, Nextcloud etc. now, while the rest of the community keeps using whatever works best for them for now (Slack, Google Drive, Facebook etc.)?

Do all EA orgs need to use the same tools? 

No, and I hope I didn't imply that there is a one-size-fits-all solution that everybody needs to switch to.

can those with added security needs (e.g. those active in countries with government repression) just use different tools

Yes, that is of course possible, and I would expect that to happen automatically. Just note that this means in some cases that we will exclude those people with added security needs from community spaces.

Things that would make me less worried about "using whatever works best":

  • switching later is actually easier than I currently think
  • information becoming available to future adversarial actors is actually not as bad because:
    • either people are really good at not posting compromising stuff
    • or there is almost no content that will become problematic in the next years

How costly is switching platforms really?

Mattermost is very similar to Slack (just less features and a bit less intuitive, and it also offers Slack import. Could we use Slack for the next 5-10 years and whenever we reach a point at which the risk of data leakage & restrictions seem higher and/or Mattermost has become almost as intuitive and functional as Slack, could we switch to Mattermost then?

(this does not apply to other platforms such as Google Drive vs. Nextcloud. There I would expect the costs of switching much higher)

Curated and popular this week
Relevant opportunities